tripleo

haproxy for swift doesn't provide httplog as well as X-Forwarded-Proto

Bug #1764731 reported by Sergii Golovatiuk
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
Sergii Golovatiuk
tripleo rocky-1

Bug Description

Digging into swift issues I found that current configuration doesn't provide any haproxy logs for swift backend as well as doesn't set X-Forwarded-Proto which may cause problems such as https://paste.fedoraproject.org/paste/H8sHGqZ5UZ0Tq0GJ0aRChQ

Steps to reproduce
==================
Deploy overcloud.
Check haproxy configuration by running

docker exec -it `docker ps --filter name=haproxy --format "{{.ID}}"` cat /etc/haproxy/haproxy.cfg

Check swift backend

Expected results
================
listen swift_proxy_server
  bind 10.0.0.5:13808 transparent ssl crt /etc/pki/tls/private/overcloud_endpoint.pem
  bind 172.16.1.4:8080 transparent
  http-request set-header X-Forwarded-Proto https if { ssl_fc }
  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
  option httpchk GET /healthcheck
  option httplog
  timeout client 2m
  timeout server 2m
  server overcloud-controller-0.storage.localdomain 172.16.1.10:8080 check fall 5 inter 2000 rise 2

Actual result
=============
listen swift_proxy_server
  bind 10.0.0.5:13808 transparent ssl crt /etc/pki/tls/private/overcloud_endpoint.pem
  bind 172.16.1.4:8080 transparent
  option httpchk GET /healthcheck
  timeout client 2m
  timeout server 2m
  server overcloud-controller-0.storage.localdomain 172.16.1.10:8080 check fall 5 inter 2000 rise 2

Environment
===========
1 ctrl + 1 compute Rocky
1 ctrl + 1 compute Queens

Sergii Golovatiuk (sgolovatiuk)
Changed in tripleo:
status: New → Confirmed
importance: Undecided → High
assignee: nobody → Sergii Golovatiuk (sgolovatiuk)
milestone: none → rocky-1
OpenStack Infra (hudson-openstack)
Changed in tripleo:
status: Confirmed → In Progress
Bogdan Dobrelya (bogdando)
no longer affects: tripleo/queens
tags: added: queens-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (master)

Reviewed: https://review.openstack.org/561898
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=c5131729e762535e8ec778432e84d82238168388
Submitter: Zuul
Branch: master

commit c5131729e762535e8ec778432e84d82238168388
Author: Sergii Golovatiuk <email address hidden>
Date: Tue Apr 17 12:25:59 2018 +0200

    Merge default_listen with swift_proxy_server_listen_options

    Currently haproxy for swift doesn't have default setting. This generates config
    such as

      listen swift_proxy_server
      bind 10.0.0.5:13808 transparent ssl crt /etc/pki/tls/private/overcloud_endpoint.pem
      bind 172.16.1.4:8080 transparent
      option httpchk GET /healthcheck
      timeout client 2m
      timeout server 2m
      server overcloud-controller-0.storage.localdomain 172.16.1.10:8080 check fall 5 inter 2000 rise 2

    without

      http-request set-header X-Forwarded-Proto https if { ssl_fc }
      http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
      option httplog

    This makes really hard to debug in case of issues.

    This patch merges default_listen_options with swift to have config which is
    more reliable for debugging

    Closes-Bug: #1764731
    Change-Id: I6716499b4a10f3ba39db33d6468c261c58ee373d

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-tripleo (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/562137

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on puppet-tripleo (stable/queens)

Change abandoned by Emilien Macchi (<email address hidden>) on branch: stable/queens
Review: https://review.openstack.org/562137
Reason: TO NOT RE-CHECK OR RE-APPROVE - CLEARING THE GATE NOW TO FIX A BLOCKER

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-tripleo 9.0.0

This issue was fixed in the openstack/puppet-tripleo 9.0.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (stable/queens)

Reviewed: https://review.openstack.org/562137
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=93e7e4ad79b4dfc04f8233a2e36e4f21172b10ce
Submitter: Zuul
Branch: stable/queens

commit 93e7e4ad79b4dfc04f8233a2e36e4f21172b10ce
Author: Sergii Golovatiuk <email address hidden>
Date: Tue Apr 17 12:25:59 2018 +0200

    Merge default_listen with swift_proxy_server_listen_options

    Currently haproxy for swift doesn't have default setting. This generates config
    such as

      listen swift_proxy_server
      bind 10.0.0.5:13808 transparent ssl crt /etc/pki/tls/private/overcloud_endpoint.pem
      bind 172.16.1.4:8080 transparent
      option httpchk GET /healthcheck
      timeout client 2m
      timeout server 2m
      server overcloud-controller-0.storage.localdomain 172.16.1.10:8080 check fall 5 inter 2000 rise 2

    without

      http-request set-header X-Forwarded-Proto https if { ssl_fc }
      http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
      option httplog

    This makes really hard to debug in case of issues.

    This patch merges default_listen_options with swift to have config which is
    more reliable for debugging

    Closes-Bug: #1764731
    Change-Id: I6716499b4a10f3ba39db33d6468c261c58ee373d
    (cherry picked from commit c5131729e762535e8ec778432e84d82238168388)

tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-tripleo 8.3.2

This issue was fixed in the openstack/puppet-tripleo 8.3.2 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-tripleo (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/570574

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (stable/pike)

Reviewed: https://review.openstack.org/570574
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=7d35e0772342685df7c35b6fcf0777f265b6281a
Submitter: Zuul
Branch: stable/pike

commit 7d35e0772342685df7c35b6fcf0777f265b6281a
Author: Sergii Golovatiuk <email address hidden>
Date: Tue Apr 17 12:25:59 2018 +0200

    Merge default_listen with swift_proxy_server_listen_options

    Currently haproxy for swift doesn't have default setting. This generates config
    such as

      listen swift_proxy_server
      bind 10.0.0.5:13808 transparent ssl crt /etc/pki/tls/private/overcloud_endpoint.pem
      bind 172.16.1.4:8080 transparent
      option httpchk GET /healthcheck
      timeout client 2m
      timeout server 2m
      server overcloud-controller-0.storage.localdomain 172.16.1.10:8080 check fall 5 inter 2000 rise 2

    without

      http-request set-header X-Forwarded-Proto https if { ssl_fc }
      http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
      option httplog

    This makes really hard to debug in case of issues.

    This patch merges default_listen_options with swift to have config which is
    more reliable for debugging

    Closes-Bug: #1764731
    Change-Id: I6716499b4a10f3ba39db33d6468c261c58ee373d
    (cherry picked from commit c5131729e762535e8ec778432e84d82238168388)
    (cherry picked from commit 93e7e4ad79b4dfc04f8233a2e36e4f21172b10ce)

tags: added: in-stable-pike
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-tripleo 7.4.14

This issue was fixed in the openstack/puppet-tripleo 7.4.14 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.