OpenStack-Ansible

haproxy play/keepalive role uses k.root name server for the ping check

Bug #1672453 reported by Bjoern
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
Undecided
Mohammed Naser

Bug Description

The proxy role uses k.root name server for the ping check and that usually not a desired because: it depends on components (like internet/routing etc) you don't have control over and may induce haproxy failovers where they are not necessary.

By default the role should use the internal default gateway.

Bjoern (bjoern-t)
Changed in openstack-ansible:
status: New → In Progress
assignee: nobody → Bjoern Teipel (bjoern-teipel)
summary: - proxy role uses k.root name server for the ping check
+ haproxy role uses k.root name server for the ping check
Revision history for this message
Jean-Philippe Evrard (jean-philippe-evrard) wrote : Re: haproxy role uses k.root name server for the ping check

FYI it's keepalived that uses the ping check.
It's been quite a few releases that we are using a var for that, so you can override this per deployment. There is a release note for it.

Also you can completely override with a different file IIRC.
That's probably what should be done, the default was just to "give an idea".

Changed in openstack-ansible:
status: In Progress → New
Revision history for this message
Bjoern (bjoern-t) wrote : Re: keepalive role uses k.root name server for the ping check

Yes I saw that, that we handle this inside tha haproxy play

summary: - haproxy role uses k.root name server for the ping check
+ keepalive role uses k.root name server for the ping check
Changed in openstack-ansible:
status: New → In Progress
summary: - keepalive role uses k.root name server for the ping check
+ haproxy play/keepalive role uses k.root name server for the ping check
Revision history for this message
Bjoern (bjoern-t) wrote :

Closing as we configure that internally now on each deployment

Changed in openstack-ansible:
status: In Progress → Invalid
OpenStack Infra (hudson-openstack)
Changed in openstack-ansible:
assignee: Bjoern Teipel (bjoern-teipel) → Mohammed Naser (mnaser)
status: Invalid → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible (master)

Reviewed: https://review.openstack.org/580379
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=153831dbbe9ada1f62a98adb6062ead6b89c4c5c
Submitter: Zuul
Branch: master

commit 153831dbbe9ada1f62a98adb6062ead6b89c4c5c
Author: Mohammed Naser <email address hidden>
Date: Thu Jul 5 06:28:53 2018 -0700

    Disable keepalived ping tests by default

    At the moment, the keepalived ping tests are something that is
    configured by default which is ideal because it's hardcoded with
    a public IP address that might result in a failing deployment
    if the environment does not for some reason reach it.

    We should leave the option to be there however not have all default
    deployments hitting this IP as it can introduce behaviour where
    if that IP fails, every single OpenStack Ansible deployment would
    fail afterwards.

    Closes-Bug: #1672453
    Change-Id: I5aec4664e67fb2b3e1c0a2fc9782a4ccaa78a39a

Changed in openstack-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible 18.0.0.0b3

This issue was fixed in the openstack/openstack-ansible 18.0.0.0b3 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.