clients_keystone inside heat.conf points to internal keystone endpoint
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kolla-ansible |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Tested on pike (5.0.0) but with magnum from queens (6.0.0).
Steps to reproduce:
- Deploy a cloud using kolla-ansible with heat enabled.
- Create a kubernetes cluster using fedora-atomic-27 image:
openstack coe cluster template create k8s-fa27 \
openstack coe cluster create k8s-fa27 \
Expected results:
- Magnum successfully provisions the cluster.
Actual results:
- Magnum is not able to provision the cluster, it remains stuck at CREATE_IN_PROGRESS.
- Digging deeper, Heat also appears to be stuck at CREATE_IN_PROGRESS status.
- Digging even deeper, it turns out that `heat-container
Discussion:
This mechanism is commonly used by instances to signal various events back to heat. These instances are unlikely to have access to the internal API endpoints. There have been similar issues with OpenStack-
[1] https:/
[2] https:/
[3] https:/
[4] https:/
[5] https:/
[6] https:/
Reviewed: https:/ /review. openstack. org/566361 /git.openstack. org/cgit/ openstack/ kolla-ansible/ commit/ ?id=c20c69ee5ee e08190cfcbeea54 cc89909c7d1860
Committed: https:/
Submitter: Zuul
Branch: master
commit c20c69ee5eee081 90cfcbeea54cc89 909c7d1860
Author: Bharat Kunwar <email address hidden>
Date: Tue Apr 10 17:09:27 2018 +0100
kolla-ansible fix to correct magnum k8s deployment
Magnum was unable to fire up k8s cluster because heat-container- agent agent communication
inside kube-master was pointing to internal keystone endpoint instead of
public endpoint. This fix tells kolla ansible to set clients_keystone
auth_uri to public endpoint so that heat-container-
with heat is successfully authenticated by keystone.
Change-Id: Ida49528f886857 10b5e6b8f3c4d46 22506af5ae1
Closes-Bug: #1762754