os_magnum role uses internal VIP inside instances
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Magnum |
Fix Released
|
High
|
Kevin Lefevre | ||
OpenStack-Ansible |
Fix Released
|
Undecided
|
Kevin Lefevre |
Bug Description
While testing Magnum I found that some environment variables and scripts were using the internal VIP inside instances. Instances don't have access to the container management network. If the clusters need access to keystone/nova/heat then they should be using the public VIP. Kubernetes clusters eventually time out and fail, my Docker Swarm cluster completed, but it still was not functioning.
In this lab 172.29.236.51 is my internal VIP.
Docker Swarm:
[fedora@
Traceback (most recent call last):
File "/var/lib/
main()
File "/var/lib/
config = get_user_
File "/var/lib/
r = requests.post(url, headers=headers, data=creds)
File "/usr/lib/
return request('post', url, data=data, json=json, **kwargs)
File "/usr/lib/
return session.
File "/usr/lib/
resp = self.send(prep, **send_kwargs)
File "/usr/lib/
r = adapter.
File "/usr/lib/
raise ConnectionError(e, request=request)
requests.
[fedora@
MAGNUM_URL="http://
AUTH_URL="http://
Kubernetes:
[fedora@
MAGNUM_URL="http://
AUTH_URL="http://
[fedora@
auth-url=http://
Changed in openstack-ansible: | |
status: | New → Won't Fix |
Changed in magnum: | |
status: | New → Confirmed |
importance: | Undecided → High |
Changed in magnum: | |
assignee: | Kevin Lefevre (archifleks) → Spyros Trigazis (strigazi) |
Changed in magnum: | |
assignee: | Spyros Trigazis (strigazi) → Kevin Lefevre (archifleks) |
Changed in openstack-ansible: | |
status: | In Progress → Fix Released |
I see this in the template:
[barbican_client]
endpoint_type = internalURL
[cinder_client] service_ region }}
region_name = {{ cinder_
endpoint_type = internalURL
[glance_client]
endpoint_type = internalURL
[heat_client]
endpoint_type = internalURL
[keystone_ authtoken] service_ internalurl }} service_ internaluri_ insecure | bool }} service_ internaluri }} keystone_ auth_plugin }} service_ internaluri }}
auth_uri = {{ keystone_
auth_version = v3
insecure = {{ keystone_
memcached_servers = {{ memcached_servers }}
identity_uri = {{ keystone_
auth_type = {{ magnum_
auth_url = {{ keystone_
[magnum_client]
endpoint_type = internalURL
[neutron_client]
endpoint_type = internalURL
[nova_client]
endpoint_type = internalURL
Is this the problem we're talking about? config_ overrides.
This could probably be overriden by having something defined in magnum_
But I'd be happy to see if this should be done for everyone by default.