freezer-api haproxy ssl config not being set
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kolla-ansible |
New
|
Undecided
|
Unassigned |
Bug Description
What happened:
When attempting to open the disaster recovery options in horizon I receive a SSL verification error.
"Error: SSL exception connecting to https:/
What I expected to happen:
I would be able to setup and schedule some backups. This was previously working with Wallaby, but this has broken following an update to Xena.
How to reproduce it:
This may be specific to our environment as we use freeIPA to supply certificates to our services and set the following vars:
```
etcd_enable_tls: no
kolla_enable_
kolla_enable_
kolla_admin_
openstack_cacert: /etc/pki/
kolla_enable_
kolla_verify_
kolla_tls_
kolla_tls_
rabbitmq_
```
OS:
NAME="CentOS Stream"
VERSION="8"
Kernel:
Linux controller01.
Docker version: 20.10.14
Kolla Ansible Version: 13.0.1 (stable/xena)
Here's what I think is happening. The freezer_services defined as:
```
---
freezer_services:
freezer-api:
container_name: freezer_api
group: freezer-api
enabled: true
image: "{{ freezer_
volumes: "{{ freezer_
dimensions: "{{ freezer_
haproxy:
freezer_api:
enabled: "{{ enable_freezer }}"
mode: "http"
external: false
port: "{{ freezer_api_port }}"
freezer_
enabled: "{{ enable_freezer }}"
mode: "http"
external: true
port: "{{ freezer_api_port }}"
freezer-
container_name: freezer_scheduler
group: freezer-scheduler
enabled: true
image: "{{ freezer_
volumes: "{{ freezer_
dimensions: "{{ freezer_
```
Are missing the tls_backend variable. If I look at another service (heat in this example) I can see that the tls_backend variable is set like so:
```
haproxy:
heat_api:
enabled: "{{ enable_heat }}"
mode: "http"
external: false
port: "{{ heat_api_port }}"
```
This translates to the haproxy service config as:
```
backend heat_api_back
mode http
server controller01 10.xxx.xxx.xxx:8004 check check-ssl inter 2000 rise 2 fall 5 ssl verify required ca-file ca-bundle.trust.crt
server controller02 10..xxx.
server controller03 10..xxx.
```
But the freezer-api is set as:
```
backend freezer_api_back
mode http
server controller01 10..xxx.
server controller02 10..xxx.
server controller03 10..xxx.
```
I also note that the freezer-scheduler config is missing the os_ca_cert variable. e.g.
```
os_cacert=
```