Some of the SSL files are missing when binding to multiple spaces
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Charm Helpers |
New
|
Undecided
|
Unassigned |
Bug Description
OpenStack control services have been deployed based on charms from 17.08 release in juju environment with the followign spaces:
tytus@maas:~$ juju spaces
Space Subnets
openstack-admin 10.24.111.0/24
openstack-internal 10.24.112.0/24
openstack-public 10.24.113.0/24
All of them were bound to the above spaces using the following statement in the bundle:
bindings:
admin: "openstack-admin"
internal: "openstack-
public: "openstack-public"
Later on SSL options were set which resulted in the following state;
<service>/<unit>* blocked idle 0/lxd/4 10.24.110.187 8776/tcp Services not running that should be: apache2
Debugging reveals the following:
root@juju-
* apache2 is not running
root@juju-
* Starting web server apache2 *
* The apache2 configtest failed.
Output of config test was:
AH00526: Syntax error on line 7 of /etc/apache2/
SSLCertificateFile: file '/etc/apache2/
Action 'configtest' failed.
The Apache error log may have more information.
root@juju-
Listen 8766
<VirtualHost 10.24.111.42:8766>
ServerName 10.24.111.13
SSLEngine on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:!RC4:
SSLCertific
# See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
SSLCertific
SSLCertific
ProxyPass / http://
ProxyPassRe
ProxyPreser
RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
<VirtualHost 10.24.112.42:8766>
ServerName 10.24.112.13
SSLEngine on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:!RC4:
SSLCertific
# See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
SSLCertific
SSLCertific
ProxyPass / http://
ProxyPassRe
ProxyPreser
RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
<VirtualHost 10.24.113.42:8766>
ServerName 10.24.113.13
SSLEngine on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:!RC4:
SSLCertific
# See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
SSLCertific
SSLCertific
ProxyPass / http://
ProxyPassRe
ProxyPreser
RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
Order allow,deny
Allow from all
</Location>
The following set of actions fixes the problem:
root@juju-
root@juju-
root@juju-
root@juju-
root@juju-
root@juju-
* Starting web server apache2 *
Services which are affected:
ceilometer
cinder
glance
neutron-api
nova-cloud-
No time to attach logs.