kolla_enable_tls_internal breaks etcd and kuryr
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kolla-ansible |
In Progress
|
Undecided
|
Unassigned |
Bug Description
When we set kolla_enable_
So etcd/kuryr begin to listen on a TLS enabled port on a private IP.
This makes assigning certificates to these services a bit tricky.
docker logs etcd shows
2021-05-28 22:36:34.468508 I | pkg/flags: recognized and used environment variable ETCD_ADVERTISE_
2021-05-28 22:36:34.468541 I | pkg/flags: recognized and used environment variable ETCD_DATA_
2021-05-28 22:36:34.468552 I | pkg/flags: recognized and used environment variable ETCD_INITIAL_
2021-05-28 22:36:34.468555 I | pkg/flags: recognized and used environment variable ETCD_INITIAL_
2021-05-28 22:36:34.468558 I | pkg/flags: recognized and used environment variable ETCD_INITIAL_
2021-05-28 22:36:34.468561 I | pkg/flags: recognized and used environment variable ETCD_INITIAL_
2021-05-28 22:36:34.468565 I | pkg/flags: recognized and used environment variable ETCD_LISTEN_
2021-05-28 22:36:34.468568 I | pkg/flags: recognized and used environment variable ETCD_LISTEN_
Here both http and https settings on port 2380 and https on 2379
But cinder.conf has
[coordination]
backend_url = etcd3+http://
In kuryr, kuryr.conf has
kuryr_uri = https:/
and kuryr.spec has https:/
When trying to start the cloud shell in Horizon, the container fails to load with an error
Docker internal error: 500 Server Error: Internal Server Error ("legacy plugin: Post https:/
Seems some plugin used in zun tries to contact kuryr with plain text. (Here I did not provide a kolla/certifica
Here 10.244.0.0 is my "cloud" network. All these problems go away if kolla_enable_
description: | updated |
Changed in kolla-ansible: | |
status: | New → In Progress |
CI triage in https:/ /review. opendev. org/c/openstack /kolla- ansible/ +/793674