DC: subcloud public endpoint unreachable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Andy |
Bug Description
Brief Description
-----------------
Subcloud public (OAM) auth URL is unreachable from system controller or other remote servers.
Impact: this blocks access to subcloud via remote CLI or remote API.
From Andy:
controller-
NAME AGE
controller-
The gnp seems to be the cause. 5000 is not in the allowed ingress list.
From Greg:
Is the default globalnetworkpolicy different for subclouds ? ... it must be.
There could be other OAM/public ports that are not in the gnp for subclouds as well.
Severity
--------
Major
Steps to Reproduce
------------------
# Run a CLI using subcloud oam auth url (keystone public auth url from openstack end point list on subcloud)
[sysadmin@
DEBUG (base:187) Making authentication request to https://[2620:10a:
DEBUG (connectionpool
Expected Behavior
------------------
subcloud oam auth URL should be reachable
Actual Behavior
----------------
Command hangs
Reproducibility
---------------
Reproducible
System Configuration
-------
DC
Branch/Pull Time/Commit
-------
Last Pass
---------
Unknown
Timestamp/Logs
--------------
[sysadmin@
Tue Jul 7 19:39:26 UTC 2020
DEBUG (base:187) Making authentication request to https://[2620:10a:
DEBUG (connectionpool
Test Activity
-------------
Normal use
Marking stx.5.0 gating. Users will want to rum remote CLI commands on subclouds.