OpenStack Designate Charm

designate API requires public API url to be in api_base_uri for public cloud consumers to query and manage zones outside of openstack-dashboard

Bug #1805707 reported by Drew Freiberger
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Designate Charm
Fix Released
Medium
James Page
OpenStack Designate Charm 19.04

Bug Description

This is related to the invalid designateclient bug:

https://bugs.launchpad.net/python-designateclient/+bug/1707183

When the charm configures api_base_uri, it sets it to the internal endpoint http(s)://fqdn-internal:9001 if use-internal-endpoints = true. We desire for service-to-service communication to happen on internal endpoints, rather than public (i.e. between nova/neutron and designate).

Designate is set up with a binding to a public-space for the public endpoint, and has os-public-hostname set to that fqdn, however, when customers connect with OS-INTERFACE=public and hit the bare service, the service provides an href to the internal API url. This seems a bug in the designate-api service, but maybe this is something that can be resolved within the charm?

The workaround is to set use-internal-endpoints = false if you want to use the designate API outside of horizon, but this potentially exposes internal API traffic on the public network.

This environment is xenial-queens and running with ssl-enabled services on 18.11 charms.

Revision history for this message
Drew Freiberger (afreiberger) wrote :

setting "enable-host-header=true" in the charm config has resolved this issue.

If Designate is running multi-node and has relation to hacluster and use-internal-endpoints=true, enable-host-header=true should be a default override to solve for public designate service access.

Revision history for this message
James Page (james-page) wrote :

I'm not entirely sure why that's not just turned on all of the time.

James Page (james-page)
Changed in charm-designate:
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → James Page (james-page)
milestone: none → 19.04
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-designate (master)

Reviewed: https://review.openstack.org/625530
Committed: https://git.openstack.org/cgit/openstack/charm-designate/commit/?id=f575e3e465ddbcb55a05c176496ad13da9f08ee0
Submitter: Zuul
Branch: master

commit f575e3e465ddbcb55a05c176496ad13da9f08ee0
Author: James Page <email address hidden>
Date: Mon Dec 17 09:57:17 2018 +0000

    Drop enable-host-header config option

    Enable this option as an opinionated default that works well
    with a charm based deployment.

    This ensures that the href to the designate API reflects the
    endpoint binding that the service was access over.

    Drop exposure as a configuration option.

    Change-Id: Ic4c29404335aff9a0f66f45ef41c3862035b4a4d
    Closes-Bug: 1805707

Changed in charm-designate:
status: In Progress → Fix Committed
David Ames (thedac)
Changed in charm-designate:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.