SERVICE_IP_VERSION=6 doesn't work in devstack

No reviews found in this bug, unassigning. Please add a comment with active reviews before assigning an individual, or tag the bug in the gerrit review, which will do that automatically

Fix proposed to branch: master
Review: https://review.openstack.org/505129

Fix proposed to branch: master
Review: https://review.openstack.org/505168

If I'm not doing something really stupid, we need proper support in urllib3 first ... https://github.com/shazow/urllib3/issues/1269

Fix proposed to branch: master
Review: https://review.openstack.org/505502

Reviewed: https://review.openstack.org/505129
Committed: https://git.openstack.org/cgit/openstack-dev/devstack/commit/?id=b2330c89196c65662fcf98a2295b7e41b1652b28
Submitter: Jenkins
Branch: master

commit b2330c89196c65662fcf98a2295b7e41b1652b28
Author: Jens Harbott <email address hidden>
Date: Tue Sep 19 09:10:21 2017 +0000

    Fix memcached_servers setting

    By default memcached is bound to 127.0.0.1 and we have no code in place
    to change that. So instead of using the $SERVICE_HOST variable, we
    hardcode it to localhost, just as we do for the cache settings, see [1].

    This also avoids a bug that occurs when $SERVICE_HOST contains an IPv6
    address, as in that case it would have to be prefixed by "inet6:" [2].

    [1] I95d798d122e2a95e27eb1d2c4e786c3cd844440b
    [2] https://bugs.launchpad.net/swift/+bug/1610064

    Change-Id: I46bed8a048f4b0d669dfc65b28ddeb36963553e0
    Partial-Bug: 1656329

Reviewed: https://review.openstack.org/505502
Committed: https://git.openstack.org/cgit/openstack-dev/devstack/commit/?id=146332e349416ac0b3c9653b0ae68d55dbb3f9de
Submitter: Jenkins
Branch: master

commit 146332e349416ac0b3c9653b0ae68d55dbb3f9de
Author: Jens Harbott <email address hidden>
Date: Wed Sep 20 06:18:08 2017 +0000

    Make etcd3 setup work with IPv6 addresses

    The client are told to connect to SERVICE_HOST instead of HOST_IP, so
    we need to start etcd3 with matching listening parameters.

    Change-Id: I96389090180d21d25d72df8f9e8905b850bcaee9
    Partial-Bug: 1656329

Ok, time for a small update I think. With the depending fixes in swift and tempest, [1] now passes all tests but one (excluding the expected grenade failure).

For the remaining failure, we are stuck a bit between a rock and a hard place. With the way we set up the certificates in [1], we trigger [2] which sadly hasn't been solved for python2.7 in a long time. We are fine when running with python3.5, though. The other option is leaving in place the non-RFC-compliant workaround for [2], but then we are triggering two new issues in cryptography and urllib3 [3][4]. These issues really should appear in IPv4 already, but sloppy parsing lets IPv4 addresses pass as valid DNS names, while the ':' in IPv6 addresses is triggering failures.

[1] https://review.openstack.org/505503
[2] https://bugs.python.org/issue23239
[3] https://github.com/pyca/cryptography/issues/3943
[4] https://github.com/shazow/urllib3/issues/1269

Reviewed: https://review.openstack.org/505168
Committed: https://git.openstack.org/cgit/openstack-dev/devstack/commit/?id=dc7b4294632172d0b743f98448942fe260a8a3ff
Submitter: Zuul
Branch: master

commit dc7b4294632172d0b743f98448942fe260a8a3ff
Author: Jens Harbott <email address hidden>
Date: Tue Sep 19 10:52:32 2017 +0000

    Fix running with SERVICE_IP_VERSION=6

    - There are some locations where we need the raw IPv6 address instead of the
      url-quoted version enclosed in brackets.
    - Make nova-api-metadata service listen on IPv6 when we need that.
    - Use SERVICE_HOST instead of HOST_IP for TLS_IP.

    Change-Id: Id074be38ee95754e88b7219de7d9beb06f796fad
    Partial-Bug: 1656329

Thing should work now except when using tls-proxy at the same time. It may be possible to fix the latter issue by using a hostname-based cert instead of ip-based, but I think that would be another story.