OpenStack Placement Charm

No valid host was found with legacy SSL options

Bug #1895508 reported by Márton Kiss
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Placement Charm
New
Undecided
Unassigned

Bug Description

The placement ssl is configured using the legacy options:

  placement:
    options:
      ssl_ca: *ssl_ca
      ssl_cert: *ssl_cert
      ssl_key: *ssl_key

The instance creation is failing with "No valid host found" error:
https://pastebin.ubuntu.com/p/BbFDMHR5Jz/

After further investigation, starting multiple instances (all failing with the same error), the related nova-scheduler logs are showing the root cause: https://pastebin.ubuntu.com/p/CRHv6vkz6w/

The nova-scheduler is trying to reach the placement api as a plain http instead of TLS, meanwhile the keystone configuration is properly showing the right endpoint urls:

$ openstack endpoint list | grep placement
| 1c56648552604472bdab5937b83b7ff6 | us-east | placement | placement | True | internal | https://placement-internal.us-east.XXX:8778 |
| 9a52fbd1dd5045248c6c3def313c5479 | us-east | placement | placement | True | admin | https://placement-internal.us-east.XXX:8778 |
| ad53e52999c9493fab54925022294e14 | us-east | placement | placement | True | public | https://placement.us-east.XXX:8778

The workaround was the system restart nova-scheduler on each nova cloud controller units. After the service restart the scheduler properly used the https:// endpoint. This can be a race-condition between nova-scheduler service restart and placement api ssl configuration.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.