keystone haproxy service configuration is broken when using federation
| Affects | Status | Importance | Assigned to | Milestone | ||
|---|---|---|---|---|---|---|
| kolla-ansible | Status tracked in Caracal | |||||
| Antelope |
Confirmed
|
Medium
|
Unassigned | |||
| Bobcat |
Confirmed
|
Medium
|
Unassigned | |||
| Caracal |
In Progress
|
Medium
|
Gaël THEROND | |||
| Yoga |
Confirmed
|
Medium
|
Unassigned | |||
| Zed |
Confirmed
|
Medium
|
Unassigned | |||
Bug Description
As of ZED and any branch that backported support for federation on kolla, the generated service.cfg file for keystone isn't correct.
Indeed, for the backend balancing mode, the template do generate an improper value:
```
backend keystone_
mode http
['balance source']
```
where it should produce:
```
backend keystone_
mode http
balance source
```
This is due to the way the service default main.yml substitution is made compared to other services:
On keystone:
```yaml
backend_http_extra: "{{ ['balance source'] if enable_
```
vs
On horizon
```yaml
backend_http_extra:
- "balance {{ 'roundrobin' if enable_memcached | bool or horizon_
```
As keystone need source when federation is enabled and roundrobin when disabled, we should rather use:
```yaml
backend_http_extra:
- balance "{{ 'source' if enable_
```
Of course we could leave the balance empty when keystone federation is disabled, but as the default balance algorithm for any backend is roundrobin no matter what (out of higher rank default directive set), that would probably beneficial for everyone to get the value explicited rather than letting operators have a long search about it.
ref: https:/
| Changed in kolla-ansible: | |
| assignee: | nobody → Gaël THEROND (gtherond) |
| OpenStack Infra (hudson-openstack) wrote Fix proposed to kolla-ansible (master) | #1 |
| Changed in kolla-ansible: | |
| status: | New → In Progress |
Fix proposed to branch: master
Review: https:/