Designate DNS and SSLError 524297
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Opinion
|
Undecided
|
Unassigned |
Bug Description
High level description
Neutron can't delete a floating IP with a DNS entry in Designate when Designate endpoint is over HTTPS
Pre-conditions/
Controller node (my-controller.
Network node (my-controller.
Step-by-step reproduction steps
Usage of dashboard or CLI is not relevant, result is the same.
* Create a floating IP and with a DNS entry in OpenStack
* Try to delete it, get an error
Additional information
- Created a token with 'openstack token issue', used it to manually interrogate Designate API with curl, got a valid answer
- Downloaded certificate served by Designate (https:/
- The same certificate is used for multiple services such as Keystone (it is a SAN certificate) and Neutron can interrogate them successfully
- Tried to set [designate]
Expected output
Floating IP is deleted, DNS entry is removed
Actual output
Neutron fails to delete the IP, reports this error. Full log attached.
delete failed: No details.: keystoneauth1.
Version:
* OpenStack version - 2024.1 Caracal, RDO distribution
* Linux distro, kernel - AlmaLinux 9.4, Linux 5.14.0-
* Deployment mechanism - Puppet Openstack modules;
Attachments
Relevant neutron log at IP deletion attempt, sanitized from sensitive info
Looks like a setup issue to me, not sure how it could be fixed from neutron side, ideas?