You're right - it's a different bug (just the symptoms are the same which is misleading, especially if you're in rush), however, please take a look on my questions regarding bindings in #2.
It's hard to say what's the scope. In the environment from which I provided the output and logs for designate, other "hacluster" applications were deployed without the binding.
There's another environment where "hacluster" applications were deployed with the binding. It is based on an old charm release (probably 17.02), however, and os-*-network settings were used to workaround bug 1735421 there. The "openstack_https_frontend.conf" file from glance/0 unit looks as follows:
# cat /etc/apache2/sites-enabled/openstack_https_frontend.conf
Listen 9282
<VirtualHost 100.107.2.23:9282>
ServerName 100.86.0.3
SSLEngine on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
SSLCertificateFile /etc/apache2/ssl/glance/cert_100.86.0.3
# See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
SSLCertificateChainFile /etc/apache2/ssl/glance/cert_100.86.0.3
SSLCertificateKeyFile /etc/apache2/ssl/glance/key_100.86.0.3
ProxyPass / http://localhost:9272/
ProxyPassReverse / http://localhost:9272/
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
<VirtualHost 100.86.0.112:9282>
ServerName 100.86.0.3
SSLEngine on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
SSLCertificateFile /etc/apache2/ssl/glance/cert_100.86.0.3
# See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
SSLCertificateChainFile /etc/apache2/ssl/glance/cert_100.86.0.3
SSLCertificateKeyFile /etc/apache2/ssl/glance/key_100.86.0.3
ProxyPass / http://localhost:9272/
ProxyPassReverse / http://localhost:9272/
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
Order allow,deny
Allow from all
</Location>
James,
You're right - it's a different bug (just the symptoms are the same which is misleading, especially if you're in rush), however, please take a look on my questions regarding bindings in #2.
It's hard to say what's the scope. In the environment from which I provided the output and logs for designate, other "hacluster" applications were deployed without the binding.
There's another environment where "hacluster" applications were deployed with the binding. It is based on an old charm release (probably 17.02), however, and os-*-network settings were used to workaround bug 1735421 there. The "openstack_ https_frontend. conf" file from glance/0 unit looks as follows:
# cat /etc/apache2/ sites-enabled/ openstack_ https_frontend. conf !MD5:!aNULL: !eNULL: !EXP:!LOW: !MEDIUM ateFile /etc/apache2/ ssl/glance/ cert_100. 86.0.3 ateChainFile /etc/apache2/ ssl/glance/ cert_100. 86.0.3 ateKeyFile /etc/apache2/ ssl/glance/ key_100. 86.0.3 localhost: 9272/ verse / http:// localhost: 9272/ veHost on !MD5:!aNULL: !eNULL: !EXP:!LOW: !MEDIUM ateFile /etc/apache2/ ssl/glance/ cert_100. 86.0.3 ateChainFile /etc/apache2/ ssl/glance/ cert_100. 86.0.3 ateKeyFile /etc/apache2/ ssl/glance/ key_100. 86.0.3 localhost: 9272/ verse / http:// localhost: 9272/ veHost on
Listen 9282
<VirtualHost 100.107.2.23:9282>
ServerName 100.86.0.3
SSLEngine on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:!RC4:
SSLCertific
# See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
SSLCertific
SSLCertific
ProxyPass / http://
ProxyPassRe
ProxyPreser
RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
<VirtualHost 100.86.0.112:9282>
ServerName 100.86.0.3
SSLEngine on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:!RC4:
SSLCertific
# See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
SSLCertific
SSLCertific
ProxyPass / http://
ProxyPassRe
ProxyPreser
RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
Order allow,deny
Allow from all
</Location>