fab setup_all stuck on prov keystone with https enabled and cfgm as http
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R3.1 |
Invalid
|
High
|
Ignatious Johnson Christopher | |||
R3.2 |
Invalid
|
High
|
Ignatious Johnson Christopher | |||
Trunk |
Invalid
|
High
|
Ignatious Johnson Christopher |
Bug Description
host2 = 'root@10.87.141.20'
host3 = 'root@10.87.141.11'
host4 = 'root@10.87.141.12'
env.roledefs = {
'all': [host2, host3, host4],
'cfgm': [host2],
'openstack': [host2],
'control': [host2],
'compute': [host3, host4],
'collector': [host2],
'webui': [host2],
'database': [host2],
'build': [host_build],
env.keystone = {
# 'keystone_ip' : '99.1.1.11',
'auth_protocol' : 'https',
}
fab setup_all stuck
vnc_api client on compute connect to keystone without ssl, but keystone is prov with ssl, its not responding
2016-11-03 15:21:29:229749: [root@10.87.141.11] out: [localhost] local: echo ' address 10.87.141.11' >> /tmp/tmp85scRD/
2016-11-03 15:21:29:233339: [root@10.87.141.11] out: [localhost] local: echo ' gateway 10.87.159.254' >> /tmp/tmp85scRD/
2016-11-03 15:21:29:234904: [root@10.87.141.11] out: [localhost] local: grep ^"search" /etc/resolv.conf | awk '{$1="";print $0}'
2016-11-03 15:21:29:236364: [root@10.87.141.11] out: [localhost] local: echo ' dns-search englab.juniper.net juniper.net' >> /tmp/tmp85scRD/
2016-11-03 15:21:29:244037: [root@10.87.141.11] out: [localhost] local: grep "^nameserver\>" /etc/resolv.conf | awk '{print $2}'
2016-11-03 15:21:29:244274: [root@10.87.141.11] out: [localhost] local: echo -n ' dns-nameservers' >> /tmp/tmp85scRD/
2016-11-03 15:21:29:247901: [root@10.87.141.11] out: [localhost] local: echo -n ' 10.87.132.104' >> /tmp/tmp85scRD/
2016-11-03 15:21:29:251500: [root@10.87.141.11] out: [localhost] local: echo -n ' 172.21.200.60' >> /tmp/tmp85scRD/
2016-11-03 15:21:29:255023: [root@10.87.141.11] out: [localhost] local: echo -n ' 172.29.131.60' >> /tmp/tmp85scRD/
2016-11-03 15:21:29:256481: [root@10.87.141.11] out: [localhost] local: echo '' >> /tmp/tmp85scRD/
2016-11-03 15:21:29:260103: [root@10.87.141.11] out: [localhost] local: echo ' post-up ip link set vhost0 address c4:54:44:44:d6:15' >> /tmp/tmp85scRD/
2016-11-03 15:21:29:261532: [root@10.87.141.11] out: [localhost] local: sudo mv -f /tmp/tmp85scRD/
2016-11-03 15:21:29:265066: [root@10.87.141.11] out: [localhost] local: sudo mv /tmp/tmp85scRD/
2016-11-03 15:21:29:280775: [root@10.87.141.11] out: [localhost] local: sudo mv /tmp/tmp85scRD/
2016-11-03 15:21:29:288484: [root@10.87.141.11] out: [localhost] local: python /opt/contrail/
2016-11-03 15:21:29:296182: [root@10.87.141.11] out:
2016-11-03 15:24:20:531555: [root@10.87.141.11] out:
description: | updated |
tags: | added: provisioning |
tags: | added: blocker |
We deliver contrail- cloud/contrail- networking to customers.
Customers have to use https for for both keystone/config-api in contrail-cloud deployment.
In contrail-networking deployments they have option of provisioning config-api with https and using keystone which is provisioned by them with http.
The deployment of keystone with https and config-api with http is not recommended.