Fuel for OpenStack

Haproxy doesn't work properly with Keystone V3 and PKI

Bug #1372655 reported by Andrey Grebennikov on 2014-09-22

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Fuel for OpenStack	Fix Committed	High	Oleksiy Molchanov	Fuel for OpenStack 6.0-updates
5.1.x	Fix Committed	High	Oleksiy Molchanov	Fuel for OpenStack 5.1.1-updates
6.0.x	Fix Committed	High	Oleksiy Molchanov	Fuel for OpenStack 6.0-updates
6.1.x	Fix Committed	High	Oleksiy Molchanov	Fuel for OpenStack 6.1

Bug Description

Fuel 5.1, HA, Centos.
I switch to PKI tokens in Keystone.
Once you tried to get a token with v3, Haproxy returns error 502 (Bad gateway).

It should be improved either with putting tune.bufsize parameter into haproxy.conf (it should be more than 16000 which is default, smtng like "tune.bufsize 128000"), or decrease tune.maxwrite (they suggest to set it 1024).

Both these workarounds allow to avoid the problem.

See original description

Nastya Urlapova (aurlapova) on 2014-09-22

Changed in fuel:
milestone:	none → 6.0
importance:	Undecided → Medium
assignee:	nobody → Fuel Library Team (fuel-library)

Andrey Grebennikov (agrebennikov) on 2014-09-22

description:

updated

Vladimir Kuklin (vkuklin) on 2014-09-22

Changed in fuel:
status:	New → Confirmed

Vladimir Kuklin (vkuklin) on 2014-10-09

Changed in fuel:
milestone:	6.0 → next

Vladimir Kuklin (vkuklin) on 2014-12-18

Changed in fuel:
milestone:	next → 6.1
importance:	Medium → High
status:	Confirmed → Triaged

Revision history for this message

Bogdan Dobrelya (bogdando) wrote on 2014-12-18:

Is Keystone in Icehouse affected as well?

Revision history for this message

Andrey Grebennikov (agrebennikov) wrote on 2014-12-18:

I guess I mentioned it in the initial report - Fuel 5.1 and consequently Icehouse

Revision history for this message

Oleksiy Molchanov (omolchanov) wrote on 2014-12-23:

Andrey, do you mean tune.maxrewrite in the description?

Revision history for this message

Andrey Grebennikov (agrebennikov) wrote on 2014-12-23:

Exactly, sorry for my mistake.
Here http://www.haproxy.org/download/1.4/doc/configuration.txt is the chapter 3.2 which describes performance tuning.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-24: Fix proposed to fuel-library (master)

Fix proposed to branch: master
Review: https://review.openstack.org/143878

Changed in fuel:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-01-07: Fix merged to fuel-library (master)

Reviewed: https://review.openstack.org/143878
Committed: https://git.openstack.org/cgit/stackforge/fuel-library/commit/?id=49ee42154e98729d268985fe322aa4f00c0ac46d
Submitter: Jenkins
Branch: master

commit 49ee42154e98729d268985fe322aa4f00c0ac46d
Author: Oleksiy Molchanov <email address hidden>
Date: Wed Dec 24 18:59:57 2014 +0200

Allow haproxy to work with PKI

Allow haproxy to work with PKI
tokens in keystone v3

Change-Id: Ib827c08f90dfd50251965b624d698c46d7fb08e0
Closes-Bug: 1372655

Changed in fuel:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-01-13: Fix proposed to fuel-library (stable/6.0)

Fix proposed to branch: stable/6.0
Review: https://review.openstack.org/146827

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-01-13: Fix proposed to fuel-library (stable/5.1)

Fix proposed to branch: stable/5.1
Review: https://review.openstack.org/146832

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-17: Fix merged to fuel-library (stable/6.0)

Reviewed: https://review.openstack.org/146827
Committed: https://git.openstack.org/cgit/stackforge/fuel-library/commit/?id=dd7d066956c9cf77ca6cf942a47d62217b0b1fb7
Submitter: Jenkins
Branch: stable/6.0

commit dd7d066956c9cf77ca6cf942a47d62217b0b1fb7
Author: Oleksiy Molchanov <email address hidden>
Date: Wed Dec 24 18:59:57 2014 +0200

Allow haproxy to work with PKI

Allow haproxy to work with PKI
tokens in keystone v3

Change-Id: Ib827c08f90dfd50251965b624d698c46d7fb08e0
Closes-Bug: 1372655

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-04-03: Fix merged to fuel-library (stable/5.1)

#10

Reviewed: https://review.openstack.org/146832
Committed: https://git.openstack.org/cgit/stackforge/fuel-library/commit/?id=12bc325d1893386e9de9f51cac9e845f39bf6ebb
Submitter: Jenkins
Branch: stable/5.1

commit 12bc325d1893386e9de9f51cac9e845f39bf6ebb
Author: Oleksiy Molchanov <email address hidden>
Date: Wed Dec 24 18:59:57 2014 +0200

Allow haproxy to work with PKI

Allow haproxy to work with PKI
tokens in keystone v3

Change-Id: Ib827c08f90dfd50251965b624d698c46d7fb08e0
Closes-Bug: 1372655

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.