charms.openstack

Bug #1745389
Comment #4

Comment 4 for bug 1745389

Revision history for this message

Tytus Kurek (tkurek) wrote on 2018-01-25: Re: haproxy context doesn't consider bindings when using clustered designate application from the "master" branch

James,

You're right - it's a different bug (just the symptoms are the same which is misleading, especially if you're in rush), however, please take a look on my questions regarding bindings in #2.

It's hard to say what's the scope. In the environment from which I provided the output and logs for designate, other "hacluster" applications were deployed without the binding.

There's another environment where "hacluster" applications were deployed with the binding. It is based on an old charm release (probably 17.02), however, and os-*-network settings were used to workaround bug 1735421 there. The "openstack_https_frontend.conf" file from glance/0 unit looks as follows:

# cat /etc/apache2/sites-enabled/openstack_https_frontend.conf
Listen 9282
<VirtualHost 100.107.2.23:9282>
    ServerName 100.86.0.3
    SSLEngine on
    SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
    SSLCertificateFile /etc/apache2/ssl/glance/cert_100.86.0.3
    # See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
    SSLCertificateChainFile /etc/apache2/ssl/glance/cert_100.86.0.3
    SSLCertificateKeyFile /etc/apache2/ssl/glance/key_100.86.0.3
    ProxyPass / http://localhost:9272/
    ProxyPassReverse / http://localhost:9272/
    ProxyPreserveHost on
    RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
<VirtualHost 100.86.0.112:9282>
    ServerName 100.86.0.3
    SSLEngine on
    SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
    SSLCertificateFile /etc/apache2/ssl/glance/cert_100.86.0.3
    # See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
    SSLCertificateChainFile /etc/apache2/ssl/glance/cert_100.86.0.3
    SSLCertificateKeyFile /etc/apache2/ssl/glance/key_100.86.0.3
    ProxyPass / http://localhost:9272/
    ProxyPassReverse / http://localhost:9272/
    ProxyPreserveHost on
    RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>
<Location />
    Order allow,deny
    Allow from all
</Location>

James,

You're right - it's a different bug (just the symptoms are the same which is misleading, especially if you're in rush), however, please take a look on my questions regarding bindings in #2.

It's hard to say what's the scope. In the environment from which I provided the output and logs for designate, other "hacluster" applications were deployed without the binding.

# cat /etc/apache2/sites-enabled/openstack_https_frontend.conf 
Listen 9282
<VirtualHost 100.107.2.23:9282>
    ServerName 100.86.0.3
    SSLEngine on
    SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
    SSLCertificateFile /etc/apache2/ssl/glance/cert_100.86.0.3
    # See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
    SSLCertificateChainFile /etc/apache2/ssl/glance/cert_100.86.0.3
    SSLCertificateKeyFile /etc/apache2/ssl/glance/key_100.86.0.3
    ProxyPass / http://localhost:9272/
    ProxyPassReverse / http://localhost:9272/
    ProxyPreserveHost on
    RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
<VirtualHost 100.86.0.112:9282>
    ServerName 100.86.0.3
    SSLEngine on
    SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
    SSLCertificateFile /etc/apache2/ssl/glance/cert_100.86.0.3
    # See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
    SSLCertificateChainFile /etc/apache2/ssl/glance/cert_100.86.0.3
    SSLCertificateKeyFile /etc/apache2/ssl/glance/key_100.86.0.3
    ProxyPass / http://localhost:9272/
    ProxyPassReverse / http://localhost:9272/
    ProxyPreserveHost on
    RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>
<Location />
    Order allow,deny
    Allow from all
</Location>