kolla-ansible

Magnum and trustee keystone client should use publicURL

  1. Series stein
  2. Bug #1885420
Bug #1885420 reported by Bharat Kunwar
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
kolla-ansible
Fix Released
Medium
Radosław Piliszek
kolla-ansible 11.0.0 "victoria"
Stein
Fix Committed
Medium
Radosław Piliszek
Train
Fix Committed
Medium
Radosław Piliszek
Ussuri
Fix Committed
Medium
Radosław Piliszek
Victoria
Fix Released
Medium
Radosław Piliszek
kolla-ansible 11.0.0 "victoria"

Bug Description

In Kolla-Ansible, instances are assumed to only be able to reach control plane services via public interface. Therefore magnum and trustee keystone interfaces need to be public as these endpoints are injected into VMs inside /etc/sysconfig/heat-params as MAGNUM_URL (to talk to magnum) and AUTH_URL (to talk to keystone) which is used for cluster bootstrapping. If instances cannot talk to the control plane, bootstrap could fail.

OpenStack Infra (hudson-openstack)
Changed in kolla-ansible:
assignee: nobody → Bharat Kunwar (brtknr)
status: New → In Progress
Mark Goddard (mgoddard)
Changed in kolla-ansible:
importance: Undecided → Medium
OpenStack Infra (hudson-openstack)
Changed in kolla-ansible:
assignee: Bharat Kunwar (brtknr) → Radosław Piliszek (yoctozepto)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/738351
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=78bb5942649507f4340e562ce8fa2a766ca2bc4e
Submitter: Zuul
Branch: master

commit 78bb5942649507f4340e562ce8fa2a766ca2bc4e
Author: Bharat Kunwar <email address hidden>
Date: Sun Jun 28 12:13:07 2020 +0100

    Use public interface for Magnum client and trustee Keystone interface

    While all other clients should use internalURL, the Magnum client itself
    and Keystone interface for trustee credentials should be publicly
    accessible (upstream default when no config is specified) since
    instances need to be able to reach them.

    Closes-Bug: #1885420
    Change-Id: I74359cec7147a80db24eb4aa4156c35d31a026bf

Changed in kolla-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/ussuri)

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/738880

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/738882

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/738883

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/ussuri)

Reviewed: https://review.opendev.org/738880
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=6a0a4877e8bc87144ced35a18a76dca8423083a4
Submitter: Zuul
Branch: stable/ussuri

commit 6a0a4877e8bc87144ced35a18a76dca8423083a4
Author: Bharat Kunwar <email address hidden>
Date: Sun Jun 28 12:13:07 2020 +0100

    Use public interface for Magnum client and trustee Keystone interface

    While all other clients should use internalURL, the Magnum client itself
    and Keystone interface for trustee credentials should be publicly
    accessible (upstream default when no config is specified) since
    instances need to be able to reach them.

    Closes-Bug: #1885420
    Change-Id: I74359cec7147a80db24eb4aa4156c35d31a026bf
    (cherry picked from commit 78bb5942649507f4340e562ce8fa2a766ca2bc4e)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/stein)

Reviewed: https://review.opendev.org/738883
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=9b82c0f557cd77fc54f8d07eab849eb3d91118d8
Submitter: Zuul
Branch: stable/stein

commit 9b82c0f557cd77fc54f8d07eab849eb3d91118d8
Author: Bharat Kunwar <email address hidden>
Date: Sun Jun 28 12:13:07 2020 +0100

    Use public interface for Magnum client and trustee Keystone interface

    While all other clients should use internalURL, the Magnum client itself
    and Keystone interface for trustee credentials should be publicly
    accessible (upstream default when no config is specified) since
    instances need to be able to reach them.

    Closes-Bug: #1885420
    Change-Id: I74359cec7147a80db24eb4aa4156c35d31a026bf
    (cherry picked from commit 78bb5942649507f4340e562ce8fa2a766ca2bc4e)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/train)

Reviewed: https://review.opendev.org/738882
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=8418b5ae83c5016bc7b0879dee4e9c7c3b8092f7
Submitter: Zuul
Branch: stable/train

commit 8418b5ae83c5016bc7b0879dee4e9c7c3b8092f7
Author: Bharat Kunwar <email address hidden>
Date: Sun Jun 28 12:13:07 2020 +0100

    Use public interface for Magnum client and trustee Keystone interface

    While all other clients should use internalURL, the Magnum client itself
    and Keystone interface for trustee credentials should be publicly
    accessible (upstream default when no config is specified) since
    instances need to be able to reach them.

    Closes-Bug: #1885420
    Change-Id: I74359cec7147a80db24eb4aa4156c35d31a026bf
    (cherry picked from commit 78bb5942649507f4340e562ce8fa2a766ca2bc4e)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.