Bug #1352444 “heat.conf ec2authtoken/auth_uri points to localhos...” : Bugs : Mirantis OpenStack

OpenStack Infra (hudson-openstack) on 2014-08-04

Changed in fuel:
assignee:	nobody → Igor Yozhikov (iyozhikov)
status:	New → In Progress

Nastya Urlapova (aurlapova) on 2014-08-04

Changed in fuel:
importance:	Undecided → Medium
milestone:	none → 5.1

Revision history for this message

Sergey Kraynev (skraynev) wrote on 2014-08-06:

#1

Priority was increased, because this bug based on request from support team.

Changed in fuel:
importance:	Medium → High

Nastya Urlapova (aurlapova) on 2014-08-07

Changed in mos:
importance:	Undecided → High
assignee:	nobody → Igor Yozhikov (iyozhikov)
milestone:	none → 5.1
no longer affects:	fuel

Revision history for this message

Sergey Kraynev (skraynev) wrote on 2014-08-07:

#2

Link on fix for this bug https://review.openstack.org/#/c/111354/

Dmitry Mescheryakov (dmitrymex) on 2014-08-08

Changed in mos:
status:	New → In Progress

Dmitry Mescheryakov (dmitrymex) on 2014-08-11

Changed in mos:
status:	In Progress → Fix Committed

Serg Melikyan (smelikyan) on 2014-08-29

tags:

added: heat

Yaroslav Lobankov (ylobankov) on 2015-05-19

tags:

added: on-verification

Yaroslav Lobankov (ylobankov) on 2015-05-19

Changed in mos:
status:	Fix Committed → Fix Released
tags:	removed: on-verification
Changed in mos:
status:	Fix Released → Fix Committed

Revision history for this message

Yaroslav Lobankov (ylobankov) wrote on 2015-05-19:

#4

Oops, accidentally verified the issue for MOS 6.1 while the issue has milestone 5.1.

Revision history for this message

Shannon Mitchell (shannon-mitchell) wrote on 2020-02-03:

#5

# With default stable/rocky settings

root@infra01-utility-container-52890918:~# openstack stack list
ERROR: Internal Error

# Instead of going out of eth1 and hitting keystone over the management network, its
# dropping out of the lxc eth0 interface and being routed to the public haproxy
# ip.

root@infra01-heat-api-container-90b2b9a2:/# tcpdump -n -l -i eth0 port 5000
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
21:55:29.050097 IP 10.0.3.175.49400 > 172.20.41.14.5000: Flags [S], seq 3076311433, win 64240, options [mss 1460,sackOK,TS val 233649765 ecr 0,nop,wscale 7], length 0
21:55:29.050307 IP 172.20.41.14.5000 > 10.0.3.175.49400: Flags [S.], seq 2434666710, ack 3076311434, win 62636, options [mss 8960,sackOK,TS val 2932159875 ecr 233649765,nop,wscale 7], length 0
21:55:29.050340 IP 10.0.3.175.49400 > 172.20.41.14.5000: Flags [.], ack 1, win 502, options [nop,nop,TS val 233649765 ecr 2932159875], length 0
21:55:29.059212 IP 10.0.3.175.49400 > 172.20.41.14.5000: Flags [P.], seq 1:213, ack 1, win 502, options [nop,nop,TS val 233649774 ecr 2932159875], length 212
21:55:29.061917 IP 172.20.41.14.5000 > 10.0.3.175.49400: Flags [P.], seq 1:1357, ack 213, win 488, options [nop,nop,TS val 2932159886 ecr 233649774], length 1356
21:55:29.061947 IP 10.0.3.175.49400 > 172.20.41.14.5000: Flags [.], ack 1357, win 492, options [nop,nop,TS val 233649777 ecr 2932159886], length 0
21:55:29.062294 IP 10.0.3.175.49400 > 172.20.41.14.5000: Flags [P.], seq 213:220, ack 1357, win 492, options [nop,nop,TS val 233649777 ecr 2932159886], length 7
21:55:29.062565 IP 172.20.41.14.5000 > 10.0.3.175.49400: Flags [F.], seq 1357, ack 220, win 488, options [nop,nop,TS val 2932159887 ecr 233649777], length 0
21:55:29.062623 IP 10.0.3.175.49400 > 172.20.41.14.5000: Flags [R.], seq 220, ack 1358, win 501, options [nop,nop,TS val 233649777 ecr 2932159887], length 0

# I'm assuming like other services, this communication should be happening over
# the management network via eth1 on the container. After some testing, it looks
# like the [clients-keystone]/auth_uri setting handles this. Chaning this back
# to the internal endpoint fixed the issues.

# cat /etc/openstack_deploy/user_heat_fix.yml
heat_heat_conf_overrides:
clients_keystone:
auth_uri: '{{ keystone_service_internaluri }}'

root@infra01:/opt/openstack-ansible/playbooks# openstack-ansible os-heat-install.yml --tags heat-config

root@infra01-utility-container-52890918:~# openstack stack list; echo $?

0

# With default stable/rocky settings

root@infra01-utility-container-52890918:~# openstack stack list
ERROR: Internal Error

# Instead of going out of eth1 and hitting keystone over the management network, its
# dropping out of the lxc eth0 interface and being routed to the public haproxy
# ip.

root@infra01-heat-api-container-90b2b9a2:/# tcpdump -n -l -i eth0 port 5000
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
21:55:29.050097 IP 10.0.3.175.49400 > 172.20.41.14.5000: Flags [S], seq 3076311433, win 64240, options [mss 1460,sackOK,TS val 233649765 ecr 0,nop,wscale 7], length 0
21:55:29.050307 IP 172.20.41.14.5000 > 10.0.3.175.49400: Flags [S.], seq 2434666710, ack 3076311434, win 62636, options [mss 8960,sackOK,TS val 2932159875 ecr 233649765,nop,wscale 7], length 0
21:55:29.050340 IP 10.0.3.175.49400 > 172.20.41.14.5000: Flags [.], ack 1, win 502, options [nop,nop,TS val 233649765 ecr 2932159875], length 0
21:55:29.059212 IP 10.0.3.175.49400 > 172.20.41.14.5000: Flags [P.], seq 1:213, ack 1, win 502, options [nop,nop,TS val 233649774 ecr 2932159875], length 212
21:55:29.061917 IP 172.20.41.14.5000 > 10.0.3.175.49400: Flags [P.], seq 1:1357, ack 213, win 488, options [nop,nop,TS val 2932159886 ecr 233649774], length 1356
21:55:29.061947 IP 10.0.3.175.49400 > 172.20.41.14.5000: Flags [.], ack 1357, win 492, options [nop,nop,TS val 233649777 ecr 2932159886], length 0
21:55:29.062294 IP 10.0.3.175.49400 > 172.20.41.14.5000: Flags [P.], seq 213:220, ack 1357, win 492, options [nop,nop,TS val 233649777 ecr 2932159886], length 7
21:55:29.062565 IP 172.20.41.14.5000 > 10.0.3.175.49400: Flags [F.], seq 1357, ack 220, win 488, options [nop,nop,TS val 2932159887 ecr 233649777], length 0
21:55:29.062623 IP 10.0.3.175.49400 > 172.20.41.14.5000: Flags [R.], seq 220, ack 1358, win 501, options [nop,nop,TS val 233649777 ecr 2932159887], length 0

# I'm assuming like other services, this communication should be happening over
# the management network via eth1 on the container. After some testing, it looks
# like the [clients-keystone]/auth_uri setting handles this.  Chaning this back 
# to the internal endpoint fixed the issues.

# cat /etc/openstack_deploy/user_heat_fix.yml
heat_heat_conf_overrides:
    clients_keystone:
        auth_uri: '{{ keystone_service_internaluri }}'

root@infra01:/opt/openstack-ansible/playbooks# openstack-ansible os-heat-install.yml --tags heat-config

root@infra01-utility-container-52890918:~# openstack stack list; echo $?

0

Revision history for this message

Shannon Mitchell (shannon-mitchell) wrote on 2020-02-03:

#6

Please ignore, posted in wrong bug.

Mirantis OpenStack

heat.conf ec2authtoken/auth_uri points to localhost

Bug Description

Other bug subscribers

Remote bug watches