Publicurl for a swift/v1 endpoint contains IP address instead of FQDN when swift is launched using ceph

Anatolii, what MOS release is this?

Hello Roman,

Sorry, I forgot to mention about the Fuel version.

[root@fuel remote]# fuel fuel-version
DEPRECATION WARNING: /etc/fuel/client/config.yaml exists and will be used
as the source for settings. This behavior is deprecated. Please specify the
path to your custom settings file in the FUELCLIENT_CUSTOM_SETTINGS
environment variable.
api: '1.0'
astute_sha: 6c5b73f93e24cc781c809db9159927655ced5012
auth_required: true
build_id: '301'
build_number: '301'
feature_groups:
- mirantis
fuel-agent_sha: 50e90af6e3d560e9085ff71d2950cfbcca91af67
fuel-library_sha: 5d50055aeca1dd0dc53b43825dc4c8f7780be9dd
fuel-nailgun-agent_sha: d7027952870a35db8dc52f185bb1158cdd3d1ebd
fuel-ostf_sha: 2cd967dccd66cfc3a0abd6af9f31e5b4d150a11c
fuelmain_sha: a65d453215edb0284a2e4761be7a156bb5627677
nailgun_sha: 4162b0c15adb425b37608c787944d1983f543aa8
openstack_version: 2015.1.0-7.0
production: docker
python-fuelclient_sha: 486bde57cda1badb68f915f66c61b544108606f3
release: '7.0'
release_versions:
  2015.1.0-7.0:
    VERSION:
      api: '1.0'
      astute_sha: 6c5b73f93e24cc781c809db9159927655ced5012
      build_id: '301'
      build_number: '301'
      feature_groups:
      - mirantis
      fuel-agent_sha: 50e90af6e3d560e9085ff71d2950cfbcca91af67
      fuel-library_sha: 5d50055aeca1dd0dc53b43825dc4c8f7780be9dd
      fuel-nailgun-agent_sha: d7027952870a35db8dc52f185bb1158cdd3d1ebd
      fuel-ostf_sha: 2cd967dccd66cfc3a0abd6af9f31e5b4d150a11c
      fuelmain_sha: a65d453215edb0284a2e4761be7a156bb5627677
      nailgun_sha: 4162b0c15adb425b37608c787944d1983f543aa8
      openstack_version: 2015.1.0-7.0
      production: docker
      python-fuelclient_sha: 486bde57cda1badb68f915f66c61b544108606f3
      release: '7.0'

On Mon, Feb 1, 2016 at 3:39 PM, Roman Podoliaka <
<email address hidden>> wrote:

> Anatolii, what MOS release is this?
>
> ** Tags added: area-ceph
>
> ** Changed in: mos
> Status: New => Incomplete
>
> ** Changed in: mos
> Assignee: (unassigned) => Anatolii Neliubin (aneliubin)
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1540133
>
> Title:
> Publicurl for a swift/v1 endpoint contains IP address instead of FQDN
> when swift is launched using ceph
>
> Status in Mirantis OpenStack:
> Incomplete
>
> Bug description:
> The publicurl keystone endpoint for swift/v1 contains an IP address
> instead of FQDN when swift is deployed using ceph.
> root@node-1:~# openstack catalog list
>
> +----------+----------------+-----------------------------------------------------------------------------------+
> | Name | Type | Endpoints
> |
>
> +----------+----------------+-----------------------------------------------------------------------------------+
> | nova | compute | RegionOne
> |
> | | | publicURL:
> https://public.fuel.local:8774/v2/0bdfbd845a8a4f3d8d9a259cf8d74e25 |
> | | | internalURL:
> https://public.fuel.local:8774/v2/0bdfbd845a8a4f3d8d9a259cf8d74e25 |
> | | | admin...

Here is fix: https://review.openstack.org/#/c/288473/

by observation of code changed, master needs a similar fix

Fix proposed to branch: master
Review: https://review.openstack.org/292289

Reviewed: https://review.openstack.org/292289
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=c8aeb0fbef38063def6c99b85844f433591dce4e
Submitter: Jenkins
Branch: master

commit c8aeb0fbef38063def6c99b85844f433591dce4e
Author: Denis Egorenko <email address hidden>
Date: Mon Mar 14 13:23:21 2016 +0300

    Set proper public address for swift endpoint for Ceph

    Currently we are not handling situation when we have Ceph with RadosGW
    enabled with enabled TLS/SSL. As a result we have wrong addresses
    for Swift endpoints in Keystone. This commit fixes that.

    Also this patch creates radosgw_keystone task for managing endpoint and
    removes unused parameters from ceph-osd and radosgw modulars.

    Change-Id: Id86d85a13fbec27265156a5b12fad0fd892c7cd9
    Closes-bug: #1540133

Fix proposed to branch: stable/8.0
Review: https://review.openstack.org/297751

Fixing this bug in 7.0 by patch https://review.openstack.org/288473/ causes a new bug. Full support for Swift's URL schema (including account identifier extracted from URL, not only from an auth token) has not supported in radosgw [0]

In 7.0.
root@node-1:~# openstack endpoint show object-store
+--------------+------------------------------------------------------+
| Field | Value |
+--------------+------------------------------------------------------+
| adminurl | http://192.168.0.2:8080/v1/AUTH_%(tenant_id)s |
| enabled | True |
| id | 9e64da77368f4b6fbe003d55069262f5 |
| internalurl | http://192.168.0.2:8080/v1/AUTH_%(tenant_id)s |
| publicurl | https://public.fuel.local:8080/v1/AUTH_%(tenant_id)s |
| region | RegionOne |
| service_id | 834f8134f2a04acbb74e420c68f3e7cf |
| service_name | swift |
| service_type | object-store |
+--------------+------------------------------------------------------+
root@node-1:~# swift stat
Account HEAD failed: https://public.fuel.local:8080/v1/AUTH_6d9eff42295a4ab8941b7e8313bb91d8 400 Bad Request
And "Error: Unable to retrieve container list." in Horizon dashboard.

[0] https://bugs.launchpad.net/mos/+bug/1520966/comments/3

Not sure that i got your problem. My patch doesn't change swift endpoint URLs - only public address with/without TLS.

So, it was swift/v1 before my patch: https://review.openstack.org/#/c/288473/5/deployment/puppet/ceph/manifests/keystone.pp

And it is swift/v1 with my patch: https://review.openstack.org/#/c/288473/5/deployment/puppet/osnailyfacter/modular/ceph/radosgw_keystone.pp

How you got your endpoint with v1/AUTH_%(tenant_id)s ?

From puppet.log:
2016-06-06 10:09:20 +0000 /Stage[main]/Swift::Keystone::Auth/Keystone::Resource::Service_identity[swift]/Keystone_service[swift] (info): Starting to evaluate the resource
2016-06-06 10:09:20 +0000 Puppet (debug): Executing '/usr/bin/openstack service create --format shell object-store --name swift --description Openstack Object-Store Service'
2016-06-06 10:09:20 +0000 Puppet::Type::Keystone_service::ProviderOpenstack (debug): OpenStack request: 'service create ["object-store", "--name", "swift", "--description", "Openstack Object-Store Service"]' returned: '{:description=>"Openstack Object-Store Service", :enabled=>"True", :id=>"834f8134f2a04acbb74e420c68f3e7cf", :name=>"swift", :type=>"object-store"}'
2016-06-06 10:09:20 +0000 /Stage[main]/Swift::Keystone::Auth/Keystone::Resource::Service_identity[swift]/Keystone_service[swift]/ensure (notice): created
2016-06-06 10:09:20 +0000 /Stage[main]/Swift::Keystone::Auth/Keystone::Resource::Service_identity[swift]/Keystone_service[swift] (debug): The container Keystone::Resource::Service_identity[swift] will propagate my refresh event
2016-06-06 10:09:20 +0000 /Stage[main]/Swift::Keystone::Auth/Keystone::Resource::Service_identity[swift]/Keystone_service[swift] (info): Evaluated in 0.56 seconds
2016-06-06 10:09:20 +0000 /Stage[main]/Swift::Keystone::Auth/Keystone::Resource::Service_identity[swift]/Keystone_endpoint[RegionOne/swift] (info): Starting to evaluate the resource
2016-06-06 10:09:20 +0000 Puppet (debug): Executing '/usr/bin/openstack endpoint create --format shell swift --region RegionOne --publicurl https://public.fuel.local:8080/v1/AUTH_%(tenant_id)s --internalurl http://192.168.0.2:8080/v1/AUTH_%(tenant_id)s --adminurl http://192.168.0.2:8080/v1/AUTH_%(tenant_id)s'
2016-06-06 10:09:21 +0000 Puppet::Type::Keystone_endpoint::ProviderOpenstack (debug): OpenStack request: 'endpoint create ["swift", "--region", "RegionOne", "--publicurl", "https://public.fuel.local:8080/v1/AUTH_%(tenant_id)s", "--internalurl", "http://192.168.0.2:8080/v1/AUTH_%(tenant_id)s", "--adminurl", "http://192.168.0.2:8080/v1/AUTH_%(tenant_id)s"]' returned: '{:adminurl=>"http://192.168.0.2:8080/v1/AUTH_%(tenant_id)s", :id=>"9e64da77368f4b6fbe003d55069262f5", :internalurl=>"http://192.168.0.2:8080/v1/AUTH_%(tenant_id)s", :publicurl=>"https://public.fuel.local:8080/v1/AUTH_%(tenant_id)s", :region=>"RegionOne", :service_id=>"834f8134f2a04acbb74e420c68f3e7cf", :service_name=>"swift", :service_type=>"object-store"}'
2016-06-06 10:09:21 +0000 /Stage[main]/Swift::Keystone::Auth/Keystone::Resource::Service_identity[swift]/Keystone_endpoint[RegionOne/swift]/ensure (notice): created
2016-06-06 10:09:21 +0000 /Stage[main]/Swift::Keystone::Auth/Keystone::Resource::Service_identity[swift]/Keystone_endpoint[RegionOne/swift] (debug): The container Keystone::Resource::Service_identity[swift] will propagate my refresh event
2016-06-06 10:09:21 +0000 /Stage[main]/Swift::Keystone::Auth/Keystone::Resource::Service_identity[swift]/Keystone_endpoint[RegionOne/swift] (info): Evaluated in 0.64 seconds

Your patch is looking good. But maybe it changes behaviour which described in another bug [0]

[0] https://bugs.launchpad.net/fuel/+bug/1541485/comments/3

As i understand from logs, you don't have RadosGW and using native swift. My patch is only for RadosGW+Ceph.

You have Swift::Keystone task - my patch is adding radosgw/keystone.pp task.

No, I have the same env. The settings are:
MOS 7.0
Storage Backends
Ceph RBD for volumes (Cinder)
Ceph RadosGW for objects (Swift API)
Ceph RBD for ephemeral volumes (Nova)
Ceph RBD for images (Glance)

TLS for OpenStack public endpoints enabled.

Maybe it better to merge your patch and fail a new bug for this issue.

Then it is really strange to see task Swift::Keystone on your env.

Probably you should fail another bug.

Sorry, I forgot to run `fuel rel --sync-deployment-tasks --dir /etc/puppet/` after applying the patch.
Now it works well for 8.0. But for 7.0 doesn't, please look at my comment in patch review.

Vitaly, for 7.0 fix is already on review https://review.openstack.org/288473

Reviewed: https://review.openstack.org/288473
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=cea1856489d4ab41d0c0d3411a15be7fa60d68a3
Submitter: Jenkins
Branch: stable/7.0

commit cea1856489d4ab41d0c0d3411a15be7fa60d68a3
Author: Denis Egorenko <email address hidden>
Date: Fri Mar 4 17:17:20 2016 +0300

    Set proper public address for swift endpoint for Ceph

    Currently we are not handling situation when we have Ceph with RadosGW
    enabled with enabled TLS/SSL. As a result we have wrong addresses
    for Swift endpoints in Keystone. This commit fixes that.

    Also this patch creates radosgw_keystone task for managing endpoint and
    removes unused parameters from ceph-osd and radosgw modulars.

    Change-Id: Id86d85a13fbec27265156a5b12fad0fd892c7cd9
    Closes-bug: #1540133

Reviewed: https://review.openstack.org/297751
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=7c72b904b7901fda0515094221f7903469a7ef70
Submitter: Jenkins
Branch: stable/8.0

commit 7c72b904b7901fda0515094221f7903469a7ef70
Author: Denis Egorenko <email address hidden>
Date: Mon Mar 14 13:23:21 2016 +0300

    Set proper public address for swift endpoint for Ceph

    Currently we are not handling situation when we have Ceph with RadosGW
    enabled with enabled TLS/SSL. As a result we have wrong addresses
    for Swift endpoints in Keystone. This commit fixes that.

    Also this patch creates radosgw_keystone task for managing endpoint and
    removes unused parameters from ceph-osd and radosgw modulars.

    Change-Id: Id86d85a13fbec27265156a5b12fad0fd892c7cd9
    Closes-bug: #1540133

Verified on MOS 7.0 + MU6 updates.

Actual results:
root@node-1:~# openstack catalog list
+----------+----------------+-----------------------------------------------------+
| Name | Type | Endpoints
+----------+----------------+-----------------------------------------------------+
...
| swift | object-store | RegionOne | | | publicURL: https://public.fuel.local:8080/swift/v1
| | | internalURL: https://public.fuel.local:8080/swift/v1
| | | adminURL: https://public.fuel.local:8080/swift/v1
...

root@node-1:~# openstack endpoint show object-store
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| adminurl | http://10.109.1.2:8080/swift/v1 |
| enabled | True |
| id | 6324113bf1cf4c7689f100443fd6115b |
| internalurl | http://10.109.1.2:8080/swift/v1 |
| publicurl | https://public.fuel.local:8080/swift/v1 |
| region | RegionOne |
| service_id | d4145b7b64c94ceca46563b7a97625c2 |
| service_name | swift |
| service_type | object-store |
+--------------+-----------------------------------------+

Verified on MOS 8.0 + MU4 updates.

Actual results:
root@node-8:~# openstack catalog list
+----------+----------------+----------------------------------------------------------------------------+
| Name | Type | Endpoints |
+----------+----------------+----------------------------------------------------------------------------+
...
| swift | object-store | RegionOne |
| | | publicURL: https://public.fuel.local:8080/swift/v1 |
| | | internalURL: http://10.109.11.3:8080/swift/v1 |
| | | adminURL: http://10.109.11.3:8080/swift/v1
...

root@node-8:~# openstack endpoint show object-store
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| adminurl | http://10.109.11.3:8080/swift/v1 |
| enabled | True |
| id | 474beda95985405ba38527a153720d64 |
| internalurl | http://10.109.11.3:8080/swift/v1 |
| publicurl | https://public.fuel.local:8080/swift/v1 |
| region | RegionOne |
| service_id | 6498adde96a3449baf5b8746949a5435 |
| service_name | swift |
| service_type | object-store |
+--------------+-----------------------------------------+