OpenStack Manila Charm

Manila endpoints not https

Bug #1899222 reported by Vern Hart
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Manila Charm
Expired
Undecided
Unassigned

Bug Description

With ssl_cert, ssl_key, and ssl_ca set, we're not getting https endpoints in keystone.

Checking apache config, I don't see the openstack_https_frontend.conf in /etc/apache2/sites-available like other openstack services.

I added manila_charm.configure_tls() to render_stuff() in reactive/manila.handlers.py to write the tls configuration and after a config change, we now have openstack_https_frontend.conf in apache.

However, we still have http for manila in keystone's endpoint list.

$ openstack endpoint list | grep manila
| 05b623c8b6b84c4a89249900418b2211 | RegionOne | manilav2 | sharev2 | True | public | http://manila.foo.com:8786/v2/%(tenant_id)s |
| 22794078fe804a9faf3fc91af8eb9474 | RegionOne | manila | share | True | public | http://manila.foo.com:8786/v1/%(tenant_id)s |
| 5542abf5dcd74d0383526a8b30e0c46f | RegionOne | manila | share | True | internal | http://manila-i.foo.com:8786/v1/%(tenant_id)s |
| 684c8dfab32540bfa0163343a1717643 | RegionOne | manila | share | True | admin | http://manila-i.foo.com:8786/v1/%(tenant_id)s |
| a1a168df51864d4faac9bf88ceb21021 | RegionOne | manilav2 | sharev2 | True | admin | http://manila-i.foo.com:8786/v2/%(tenant_id)s |
| e65773c11bb84b5bbb312bff9a680ca5 | RegionOne | manilav2 | sharev2 | True | internal | http://manila-i.foo.com:8786/v2/%(tenant_id)s |

I tried changing os-admin-hostname to something else but the endpoint didn't update.

I ended up manually changing the endpoints with openstack cli and the charm has not reverted my manual chang.

Revision history for this message
Billy Olsen (billy-olsen) wrote :

I believe this is fixed in the -next branch of the charm when the sync included this change here https://github.com/openstack/charms.openstack/commit/69eb753b02adb5d5a589fdded49094df38e086d3

Revision history for this message
Vern Hart (vern) wrote :

Awesome. Will test.

Revision history for this message
Vern Hart (vern) wrote :

Doesn't appear to have solved it. Or else I'm not testing this correctly.

Upgraded to the -next charm (revision 92) and tested changing os-admin-hostname:

ubuntu@iadaz01sinf01:~/preprod$ openstack endpoint list | grep manila
| 05b623c8b6b84c4a89249900418b2211 | RegionOne | manilav2 | sharev2 | True | public | https://manila.foo.com:8786/v2/%(tenant_id)s |
| 22794078fe804a9faf3fc91af8eb9474 | RegionOne | manila | share | True | public | https://manila.foo.com:8786/v1/%(tenant_id)s |
| 5542abf5dcd74d0383526a8b30e0c46f | RegionOne | manila | share | True | internal | https://manila-i.foo.com:8786/v1/%(tenant_id)s |
| 684c8dfab32540bfa0163343a1717643 | RegionOne | manila | share | True | admin | https://manila-i.foo.com:8786/v1/%(tenant_id)s |
| a1a168df51864d4faac9bf88ceb21021 | RegionOne | manilav2 | sharev2 | True | admin | https://manila-i.foo.com:8786/v2/%(tenant_id)s |
| e65773c11bb84b5bbb312bff9a680ca5 | RegionOne | manilav2 | sharev2 | True | internal | https://manila-i.foo.com:8786/v2/%(tenant_id)s |
 ubuntu@iadaz01sinf01:~/preprod$ juju config manila os-admin-hostname
manila-i.foo.com
ubuntu@iadaz01sinf01:~/preprod$ juju config manila os-admin-hostname=manila.foo.com
ubuntu@iadaz01sinf01:~/preprod$ juju wait -w 2>/dev/null
ubuntu@iadaz01sinf01:~/preprod$ openstack endpoint list | grep manila
| 05b623c8b6b84c4a89249900418b2211 | RegionOne | manilav2 | sharev2 | True | public | https://manila.foo.com:8786/v2/%(tenant_id)s |
| 22794078fe804a9faf3fc91af8eb9474 | RegionOne | manila | share | True | public | https://manila.foo.com:8786/v1/%(tenant_id)s |
| 5542abf5dcd74d0383526a8b30e0c46f | RegionOne | manila | share | True | internal | https://manila-i.foo.com:8786/v1/%(tenant_id)s |
| 684c8dfab32540bfa0163343a1717643 | RegionOne | manila | share | True | admin | https://manila-i.foo.com:8786/v1/%(tenant_id)s |
| a1a168df51864d4faac9bf88ceb21021 | RegionOne | manilav2 | sharev2 | True | admin | https://manila-i.foo.com:8786/v2/%(tenant_id)s |
| e65773c11bb84b5bbb312bff9a680ca5 | RegionOne | manilav2 | sharev2 | True | internal | https://manila-i.foo.com:8786/v2/%(tenant_id)s |

I even tried manually changing one of the endpoints to http and ran the config-changed hook but nothing changed.

Revision history for this message
Felipe Reyes (freyes) wrote :

Hi Vern,

The endpoints listed in comment #3 are https://manila... versus the ones in the bug description that are not. Was curl showing that the services weren't correctly configured to use https?

Best,

Changed in charm-manila:
status: New → Incomplete
Revision history for this message
Vern Hart (vern) wrote :

Hi freyes,

You are correct. It would seem I was complaining that changing os_admin_hostname had no effect in the last comment.

I don't recall that continuing to be a problem with this deployment.

It seems safe to close this Fix Released.

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for OpenStack Manila Charm because there has been no activity for 60 days.]

Changed in charm-manila:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.