os-*-hostname change renders cloud unusable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Keystone Charm |
Fix Released
|
Low
|
Chris MacNaughton |
Bug Description
We've tried changing the URL of a whole cloud and immediately after the change we lost the ability to login to horizon (giving authentication error) or using the CLI.
The way we made the change was the following:
* export the bundle
* replace fdqns (s/*.old-
* replace ssl_cert option in any charm that uses it
* (if the cert is signed by a new CA) update the ssl_ca option on any charm that uses it (NOTE: openstack-
* deploy the new bundle
The cloud is running xenial-queens and keystone charm is built from commit b7b4e43 (revision 314).
Unfortunately, this was done quite some time ago and we don't have all the logs available.
However, I did find a set of bugs that might be related:
LP 1826382
LP 1867305
LP 1663696
description: | updated |
Changed in charm-keystone: | |
assignee: | nobody → Chris MacNaughton (chris.macnaughton) |
no longer affects: | charm-nova-cloud-controller |
Changed in charm-keystone: | |
status: | New → Triaged |
importance: | Undecided → Low |
Changed in charm-keystone: | |
status: | In Progress → Fix Released |
no longer affects: | charm-keystone/ussuri |
To clarify further on the impact previously observed, after the FQDN was changed, the customer couldn't access the cloud from outside any more. Log in via Horizon was not working with "An error occurred authenticating. Please try again later.", they couldn't authenticate with a local or ldap account. Swift was still pointing to the previous url.
Would be great if someone from product can replicate a FQDN change in a lab and provide documentation on how best to do it in a production environment.