2015-06-09 18:12:01 |
Vinod Nair |
bug |
|
|
added bug |
2015-06-09 18:12:17 |
Vinod Nair |
nominated for series |
|
juniperopenstack/r2.20 |
|
2015-06-09 18:12:17 |
Vinod Nair |
bug task added |
|
juniperopenstack/r2.20 |
|
2015-06-09 18:12:17 |
Vinod Nair |
nominated for series |
|
juniperopenstack/trunk |
|
2015-06-09 18:12:17 |
Vinod Nair |
bug task added |
|
juniperopenstack/trunk |
|
2015-06-09 18:12:24 |
Vinod Nair |
juniperopenstack/r2.20: importance |
Undecided |
High |
|
2015-06-09 18:12:26 |
Vinod Nair |
juniperopenstack/trunk: importance |
Undecided |
High |
|
2015-06-09 18:12:39 |
Vinod Nair |
juniperopenstack/r2.20: assignee |
|
Divakar Dharanalakota (ddivakar) |
|
2015-06-09 18:12:45 |
Vinod Nair |
juniperopenstack/r2.20: milestone |
|
r2.20-fcs |
|
2015-06-09 18:12:48 |
Vinod Nair |
juniperopenstack/trunk: milestone |
|
r2.30-fcs |
|
2015-06-09 18:15:20 |
Vinod Nair |
description |
SSL termination is not working with lbaas. The ha proxy config has the vip bindings to port 443 , but the ssl cert config is missing in the haproxy.conf
cat /var/lib/contrail/loadbalancer/ebf5f87a-b2a3-4b6c-946b-89e1f4df9fc0/etc/haproxy/haproxy.cfg
global
daemon
user nobody
group nogroup
stats socket /var/lib/contrail/loadbalancer/ebf5f87a-b2a3-4b6c-946b-89e1f4df9fc0/etc/haproxy/haproxy.cfg.sock mode 0666 level user
defaults
log global
retries 3
option redispatch
timeout connect 5000
timeout client 50000
timeout server 50000
listen contrail-config-stats :5937
mode http
stats enable
stats uri /
stats auth haproxy:contrail123
frontend c5866fb4-00a4-4d35-bed6-3ac2bdd13334
bind 11.1.0.4:443
mode http
default_backend ebf5f87a-b2a3-4b6c-946b-89e1f4df9fc0
backend ebf5f87a-b2a3-4b6c-946b-89e1f4df9fc0
mode http
balance roundrobin
server 136b3567-4aa3-4cfc-9e57-c8069fa61260 12.1.0.12:8080 weight 1
server 1ae4d088-e901-43fe-b18a-a3127eca303c 12.1.0.11:8080 weight 1
server 230060be-0353-45a6-9f50-07c7bc60a66a 12.1.0.1:8080 weight 1
server 2342bb68-0d28-4ebc-85fd-1a270f5a25b1 12.1.0.7:8080 weight 1
server 2957fd89-c08c-4130-b36d-1133bc80e9c8 12.1.0.16:8080 weight 1
server 68c49fdc-ddcc-498e-8b71-890866c1a07f 12.1.0.13:8080 weight 1
server 8f61b36a-c3f6-44d4-a672-fa3464b80d98 12.1.0.10:8080 weight 1
server a9c5034c-bc2f-4e74-ae26-fbd78277baff 12.1.0.3:8080 weight 1
server aafe9927-0451-436f-881c-9541635591e5 12.1.0.2:8080 weight 1
server ab505160-0baa-4341-8719-ad923be7e9bb 12.1.0.9:8080 weight 1
Version 2.20 Build 41 Juno 14.04
tried with below two options in agent,.conf
haproxy_ssl_cert_path=/store/RSA4096.pem
root@cs-scale-8:~# cat /etc/contrail/contrail-vrouter-agent.conf | grep haproxy_ssl_cert_path
haproxy_ssl_cert_path=/store/RSA4096.pem
haproxy_ssl_cert_path=/store/RSA4096.pem
root@cs-scale-8:~# cat /etc/contrail/contrail-vrouter-agent.conf | grep haproxy_ssl_cert_path
haproxy_ssl_cert_path=/store/ |
SSL termination is not working with lbaas. The ha proxy config has the vip bindings to port 443 , but the ssl cert config is missing in the haproxy.conf
cat /var/lib/contrail/loadbalancer/ebf5f87a-b2a3-4b6c-946b-89e1f4df9fc0/etc/haproxy/haproxy.cfg
global
daemon
user nobody
group nogroup
stats socket /var/lib/contrail/loadbalancer/ebf5f87a-b2a3-4b6c-946b-89e1f4df9fc0/etc/haproxy/haproxy.cfg.sock mode 0666 level user
defaults
log global
retries 3
option redispatch
timeout connect 5000
timeout client 50000
timeout server 50000
listen contrail-config-stats :5937
mode http
stats enable
stats uri /
stats auth haproxy:contrail123
frontend c5866fb4-00a4-4d35-bed6-3ac2bdd13334
bind 11.1.0.4:443
mode http
default_backend ebf5f87a-b2a3-4b6c-946b-89e1f4df9fc0
backend ebf5f87a-b2a3-4b6c-946b-89e1f4df9fc0
mode http
balance roundrobin
server 136b3567-4aa3-4cfc-9e57-c8069fa61260 12.1.0.12:8080 weight 1
server 1ae4d088-e901-43fe-b18a-a3127eca303c 12.1.0.11:8080 weight 1
server 230060be-0353-45a6-9f50-07c7bc60a66a 12.1.0.1:8080 weight 1
server 2342bb68-0d28-4ebc-85fd-1a270f5a25b1 12.1.0.7:8080 weight 1
server 2957fd89-c08c-4130-b36d-1133bc80e9c8 12.1.0.16:8080 weight 1
server 68c49fdc-ddcc-498e-8b71-890866c1a07f 12.1.0.13:8080 weight 1
server 8f61b36a-c3f6-44d4-a672-fa3464b80d98 12.1.0.10:8080 weight 1
server a9c5034c-bc2f-4e74-ae26-fbd78277baff 12.1.0.3:8080 weight 1
server aafe9927-0451-436f-881c-9541635591e5 12.1.0.2:8080 weight 1
server ab505160-0baa-4341-8719-ad923be7e9bb 12.1.0.9:8080 weight 1
Version 2.20 Build 41 Juno 14.04
tried with below two options in agent,.conf
haproxy_ssl_cert_path=/store/RSA4096.pem
root@cs-scale-8:~# cat /etc/contrail/contrail-vrouter-agent.conf | grep haproxy_ssl_cert_path
haproxy_ssl_cert_path=/store/RSA4096.pem
haproxy_ssl_cert_path=/store/RSA4096.pem
root@cs-scale-8:~# cat /etc/contrail/contrail-vrouter-agent.conf | grep haproxy_ssl_cert_path
haproxy_ssl_cert_path=/store/ |
|
2015-06-09 18:16:06 |
Vinod Nair |
description |
SSL termination is not working with lbaas. The ha proxy config has the vip bindings to port 443 , but the ssl cert config is missing in the haproxy.conf
cat /var/lib/contrail/loadbalancer/ebf5f87a-b2a3-4b6c-946b-89e1f4df9fc0/etc/haproxy/haproxy.cfg
global
daemon
user nobody
group nogroup
stats socket /var/lib/contrail/loadbalancer/ebf5f87a-b2a3-4b6c-946b-89e1f4df9fc0/etc/haproxy/haproxy.cfg.sock mode 0666 level user
defaults
log global
retries 3
option redispatch
timeout connect 5000
timeout client 50000
timeout server 50000
listen contrail-config-stats :5937
mode http
stats enable
stats uri /
stats auth haproxy:contrail123
frontend c5866fb4-00a4-4d35-bed6-3ac2bdd13334
bind 11.1.0.4:443
mode http
default_backend ebf5f87a-b2a3-4b6c-946b-89e1f4df9fc0
backend ebf5f87a-b2a3-4b6c-946b-89e1f4df9fc0
mode http
balance roundrobin
server 136b3567-4aa3-4cfc-9e57-c8069fa61260 12.1.0.12:8080 weight 1
server 1ae4d088-e901-43fe-b18a-a3127eca303c 12.1.0.11:8080 weight 1
server 230060be-0353-45a6-9f50-07c7bc60a66a 12.1.0.1:8080 weight 1
server 2342bb68-0d28-4ebc-85fd-1a270f5a25b1 12.1.0.7:8080 weight 1
server 2957fd89-c08c-4130-b36d-1133bc80e9c8 12.1.0.16:8080 weight 1
server 68c49fdc-ddcc-498e-8b71-890866c1a07f 12.1.0.13:8080 weight 1
server 8f61b36a-c3f6-44d4-a672-fa3464b80d98 12.1.0.10:8080 weight 1
server a9c5034c-bc2f-4e74-ae26-fbd78277baff 12.1.0.3:8080 weight 1
server aafe9927-0451-436f-881c-9541635591e5 12.1.0.2:8080 weight 1
server ab505160-0baa-4341-8719-ad923be7e9bb 12.1.0.9:8080 weight 1
Version 2.20 Build 41 Juno 14.04
tried with below two options in agent,.conf
haproxy_ssl_cert_path=/store/RSA4096.pem
root@cs-scale-8:~# cat /etc/contrail/contrail-vrouter-agent.conf | grep haproxy_ssl_cert_path
haproxy_ssl_cert_path=/store/RSA4096.pem
haproxy_ssl_cert_path=/store/RSA4096.pem
root@cs-scale-8:~# cat /etc/contrail/contrail-vrouter-agent.conf | grep haproxy_ssl_cert_path
haproxy_ssl_cert_path=/store/ |
SSL termination is not working with lbaas. The ha proxy config has the vip bindings to port 443 , but the ssl cert config is missing in the haproxy.conf
cat /var/lib/contrail/loadbalancer/ebf5f87a-b2a3-4b6c-946b-89e1f4df9fc0/etc/haproxy/haproxy.cfg
global
daemon
user nobody
group nogroup
stats socket /var/lib/contrail/loadbalancer/ebf5f87a-b2a3-4b6c-946b-89e1f4df9fc0/etc/haproxy/haproxy.cfg.sock mode 0666 level user
defaults
log global
retries 3
option redispatch
timeout connect 5000
timeout client 50000
timeout server 50000
listen contrail-config-stats :5937
mode http
stats enable
stats uri /
stats auth haproxy:contrail123
frontend c5866fb4-00a4-4d35-bed6-3ac2bdd13334
bind 11.1.0.4:443
mode http
default_backend ebf5f87a-b2a3-4b6c-946b-89e1f4df9fc0
backend ebf5f87a-b2a3-4b6c-946b-89e1f4df9fc0
mode http
balance roundrobin
server 136b3567-4aa3-4cfc-9e57-c8069fa61260 12.1.0.12:8080 weight 1
server 1ae4d088-e901-43fe-b18a-a3127eca303c 12.1.0.11:8080 weight 1
server 230060be-0353-45a6-9f50-07c7bc60a66a 12.1.0.1:8080 weight 1
server 2342bb68-0d28-4ebc-85fd-1a270f5a25b1 12.1.0.7:8080 weight 1
server 2957fd89-c08c-4130-b36d-1133bc80e9c8 12.1.0.16:8080 weight 1
server 68c49fdc-ddcc-498e-8b71-890866c1a07f 12.1.0.13:8080 weight 1
server 8f61b36a-c3f6-44d4-a672-fa3464b80d98 12.1.0.10:8080 weight 1
server a9c5034c-bc2f-4e74-ae26-fbd78277baff 12.1.0.3:8080 weight 1
server aafe9927-0451-436f-881c-9541635591e5 12.1.0.2:8080 weight 1
server ab505160-0baa-4341-8719-ad923be7e9bb 12.1.0.9:8080 weight 1
Version 2.20 Build 41 Juno 14.04
tried with below two options in agent,.conf
haproxy_ssl_cert_path=/store/RSA4096.pem
root@cs-scale-8:~# cat /etc/contrail/contrail-vrouter-agent.conf | grep haproxy_ssl_cert_path
haproxy_ssl_cert_path=/store/RSA4096.pem
haproxy_ssl_cert_path=/store/RSA4096.pem
root@cs-scale-8:~# cat /etc/contrail/contrail-vrouter-agent.conf | grep haproxy_ssl_cert_path
haproxy_ssl_cert_path=/store/
VIP-CONFIG
============
neutron --os-tenant-name=PROJ1 lb-vip-create --name FESSL-VIP --protocol-port 443 --protocol HTTP --subnet-id VIP1-SUBNET1 POOL2 |
|
2015-06-11 01:01:10 |
OpenContrail Admin |
information type |
Proprietary |
Public |
|
2015-06-11 04:40:43 |
Divakar Dharanalakota |
juniperopenstack/r2.20: status |
New |
Invalid |
|
2015-06-11 04:40:47 |
Divakar Dharanalakota |
juniperopenstack/trunk: status |
New |
Invalid |
|