kolla-ansible

unable to connect to zun console when kolla_enable_tls_external is true

Bug #1957117 reported by Buddhika Sanjeewa
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla-ansible
Fix Released
Undecided
Unassigned

Bug Description

When kolla_enable_tls_external is set to true, access to console of any zun container fails.
This happens with horizon or openstack cli.

This is due to the base_url of the websocket_proxy section in zun.conf is set to ws://<external_fqdn>:port
HAProxy sets the service as ssl, so setting the protocol to wss (when tls_external is enabled) will solve the problem

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/824259

Changed in kolla-ansible:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/824259
Committed: https://opendev.org/openstack/kolla-ansible/commit/d8c73aa2064767f3cfe6090daf3503f369ec1bd1
Submitter: "Zuul (22348)"
Branch: master

commit d8c73aa2064767f3cfe6090daf3503f369ec1bd1
Author: Buddhika Sanjeewa <email address hidden>
Date: Tue Jan 11 22:21:00 2022 +0000

    Access to zun container fails when tls_external enabled.

    Access to console of any zun container fails when
    kolla_enable_tls_external is true.
    This is due to the protocol of the base_url of the websocket_proxy
    section in zun.conf is hardcoded to 'ws'.
    [base_url = ws://<external_fqdn>:<port>]

    This fix adds a new variable zun_wsproxy_protocol
    and sets it's value to 'wss' when kolla_enable_tls_external is true
    or to 'ws' otherwise

    Then the base url's protocol of the websocket_proxy section
    in zun.conf is set by zun_wsproxy_protocol
    [base_url = "{{ zun_wsproxy_protocol }}://<external_fqdn>:<port>"]

    Closes-Bug: 1957117
    Change-Id: Ibd9ca6e40ee8c265775b0657d318aa3f82e4cccb

Changed in kolla-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/xena)

Fix proposed to branch: stable/xena
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/824536

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/824612

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/victoria)

Fix proposed to branch: stable/victoria
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/824613

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/ussuri)

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/824614

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/824615

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/ussuri)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/824614
Committed: https://opendev.org/openstack/kolla-ansible/commit/5d087dc7c85d7acb066547ddd8381e3ccb72fcec
Submitter: "Zuul (22348)"
Branch: stable/ussuri

commit 5d087dc7c85d7acb066547ddd8381e3ccb72fcec
Author: Buddhika Sanjeewa <email address hidden>
Date: Tue Jan 11 22:21:00 2022 +0000

    Access to zun container fails when tls_external enabled.

    Access to console of any zun container fails when
    kolla_enable_tls_external is true.
    This is due to the protocol of the base_url of the websocket_proxy
    section in zun.conf is hardcoded to 'ws'.
    [base_url = ws://<external_fqdn>:<port>]

    This fix adds a new variable zun_wsproxy_protocol
    and sets it's value to 'wss' when kolla_enable_tls_external is true
    or to 'ws' otherwise

    Then the base url's protocol of the websocket_proxy section
    in zun.conf is set by zun_wsproxy_protocol
    [base_url = "{{ zun_wsproxy_protocol }}://<external_fqdn>:<port>"]

    Closes-Bug: 1957117
    Change-Id: Ibd9ca6e40ee8c265775b0657d318aa3f82e4cccb
    (cherry picked from commit d8c73aa2064767f3cfe6090daf3503f369ec1bd1)

tags: added: in-stable-ussuri
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/train)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/824615
Committed: https://opendev.org/openstack/kolla-ansible/commit/e98a8646b00a612172876823aeeffe28334074bc
Submitter: "Zuul (22348)"
Branch: stable/train

commit e98a8646b00a612172876823aeeffe28334074bc
Author: Buddhika Sanjeewa <email address hidden>
Date: Tue Jan 11 22:21:00 2022 +0000

    Access to zun container fails when tls_external enabled.

    Access to console of any zun container fails when
    kolla_enable_tls_external is true.
    This is due to the protocol of the base_url of the websocket_proxy
    section in zun.conf is hardcoded to 'ws'.
    [base_url = ws://<external_fqdn>:<port>]

    This fix adds a new variable zun_wsproxy_protocol
    and sets it's value to 'wss' when kolla_enable_tls_external is true
    or to 'ws' otherwise

    Then the base url's protocol of the websocket_proxy section
    in zun.conf is set by zun_wsproxy_protocol
    [base_url = "{{ zun_wsproxy_protocol }}://<external_fqdn>:<port>"]

    Closes-Bug: 1957117
    Change-Id: Ibd9ca6e40ee8c265775b0657d318aa3f82e4cccb
    (cherry picked from commit d8c73aa2064767f3cfe6090daf3503f369ec1bd1)

tags: added: in-stable-train
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/victoria)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/824613
Committed: https://opendev.org/openstack/kolla-ansible/commit/1dd2e4f3d27df243d14d95c0dcb82524740237ef
Submitter: "Zuul (22348)"
Branch: stable/victoria

commit 1dd2e4f3d27df243d14d95c0dcb82524740237ef
Author: Buddhika Sanjeewa <email address hidden>
Date: Tue Jan 11 22:21:00 2022 +0000

    Access to zun container fails when tls_external enabled.

    Access to console of any zun container fails when
    kolla_enable_tls_external is true.
    This is due to the protocol of the base_url of the websocket_proxy
    section in zun.conf is hardcoded to 'ws'.
    [base_url = ws://<external_fqdn>:<port>]

    This fix adds a new variable zun_wsproxy_protocol
    and sets it's value to 'wss' when kolla_enable_tls_external is true
    or to 'ws' otherwise

    Then the base url's protocol of the websocket_proxy section
    in zun.conf is set by zun_wsproxy_protocol
    [base_url = "{{ zun_wsproxy_protocol }}://<external_fqdn>:<port>"]

    Closes-Bug: 1957117
    Change-Id: Ibd9ca6e40ee8c265775b0657d318aa3f82e4cccb
    (cherry picked from commit d8c73aa2064767f3cfe6090daf3503f369ec1bd1)

tags: added: in-stable-victoria
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/824612
Committed: https://opendev.org/openstack/kolla-ansible/commit/52afd1bdc399b5704b5bbdf8e6cc141f1b5eba25
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit 52afd1bdc399b5704b5bbdf8e6cc141f1b5eba25
Author: Buddhika Sanjeewa <email address hidden>
Date: Tue Jan 11 22:21:00 2022 +0000

    Access to zun container fails when tls_external enabled.

    Access to console of any zun container fails when
    kolla_enable_tls_external is true.
    This is due to the protocol of the base_url of the websocket_proxy
    section in zun.conf is hardcoded to 'ws'.
    [base_url = ws://<external_fqdn>:<port>]

    This fix adds a new variable zun_wsproxy_protocol
    and sets it's value to 'wss' when kolla_enable_tls_external is true
    or to 'ws' otherwise

    Then the base url's protocol of the websocket_proxy section
    in zun.conf is set by zun_wsproxy_protocol
    [base_url = "{{ zun_wsproxy_protocol }}://<external_fqdn>:<port>"]

    Closes-Bug: 1957117
    Change-Id: Ibd9ca6e40ee8c265775b0657d318aa3f82e4cccb
    (cherry picked from commit d8c73aa2064767f3cfe6090daf3503f369ec1bd1)

tags: added: in-stable-wallaby
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/xena)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/824536
Committed: https://opendev.org/openstack/kolla-ansible/commit/f36a00a974ffd88a9cebcca3aa3671faaa54b7fa
Submitter: "Zuul (22348)"
Branch: stable/xena

commit f36a00a974ffd88a9cebcca3aa3671faaa54b7fa
Author: Buddhika Sanjeewa <email address hidden>
Date: Tue Jan 11 22:21:00 2022 +0000

    Access to zun container fails when tls_external enabled.

    Access to console of any zun container fails when
    kolla_enable_tls_external is true.
    This is due to the protocol of the base_url of the websocket_proxy
    section in zun.conf is hardcoded to 'ws'.
    [base_url = ws://<external_fqdn>:<port>]

    This fix adds a new variable zun_wsproxy_protocol
    and sets it's value to 'wss' when kolla_enable_tls_external is true
    or to 'ws' otherwise

    Then the base url's protocol of the websocket_proxy section
    in zun.conf is set by zun_wsproxy_protocol
    [base_url = "{{ zun_wsproxy_protocol }}://<external_fqdn>:<port>"]

    Closes-Bug: 1957117
    Change-Id: Ibd9ca6e40ee8c265775b0657d318aa3f82e4cccb
    (cherry picked from commit d8c73aa2064767f3cfe6090daf3503f369ec1bd1)

tags: added: in-stable-xena
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 11.3.0

This issue was fixed in the openstack/kolla-ansible 11.3.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 14.0.0.0rc1

This issue was fixed in the openstack/kolla-ansible 14.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 12.4.0

This issue was fixed in the openstack/kolla-ansible 12.4.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 13.1.0

This issue was fixed in the openstack/kolla-ansible 13.1.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible train-eol

This issue was fixed in the openstack/kolla-ansible train-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible ussuri-eol

This issue was fixed in the openstack/kolla-ansible ussuri-eol release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.