ironic using public endpoint to configure ipxe template during deployment

Bug #1613331 reported by James Slagle
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ironic
Fix Released
High
James Slagle
tripleo
Critical
James Slagle

Bug Description

ironic is using the public endpoint to configure ipxe template during deployment. it should instead be using the internal endpoint.

this issue was discovered in tripleo-ci where we configure the public endpoint for the baremetal service with ssl. IPA then fails to deploy the instance because the the IPA image we build does not implicitly trust the CA of the configured server certificate used by ironic api/conductor.

I believe I tracked the issue to this commit:
https://review.openstack.org/#/c/236982/

Particularly, the code in ironic/common/keystone.py, get_service_url passes interface_type=endpoint_type to session.get_endpoint. interface_type should actually be interface, see:
http://git.openstack.org/cgit/openstack/keystoneauth/tree/keystoneauth1/identity/base.py#n159

the code silently does the wrong thing since it accepts a **kwargs, and ends up defaulting to the public endpoint.

Revision history for this message
James Slagle (james-slagle) wrote :
Changed in ironic:
assignee: nobody → James Slagle (james-slagle)
Changed in tripleo:
assignee: nobody → James Slagle (james-slagle)
importance: Undecided → Critical
status: New → In Progress
Changed in ironic:
status: New → In Progress
Dmitry Tantsur (divius)
Changed in ironic:
importance: Undecided → High
Changed in tripleo:
milestone: none → newton-3
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ironic (master)

Reviewed: https://review.openstack.org/355537
Committed: https://git.openstack.org/cgit/openstack/ironic/commit/?id=96bca2db24811ad26f491f145c99ebfa4867479e
Submitter: Jenkins
Branch: master

commit 96bca2db24811ad26f491f145c99ebfa4867479e
Author: James Slagle <email address hidden>
Date: Mon Aug 15 11:43:20 2016 -0400

    Fix key word argument interface_type -> interface

    When calling session.get_endpoint, the key word argument to specify the
    interface type (public, admin, internal), is "interface", not
    "interface_type". This was causing the public endpoint to be returned
    instead of the internal endpoint.

    Change-Id: I77f697e74769cd622fb30f6b065e8645ba5cc39f
    Closes-Bug: #1613331

Changed in ironic:
status: In Progress → Fix Released
Revision history for this message
Brent Eagles (beagles) wrote :

Was the ironic patch the only one required to fix this bug?

Changed in tripleo:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers