overcloud heat metadata endpoints are incorrectly set to localhost

Bug #1641873 reported by Steven Hardy on 2016-11-15
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
puppet-heat
Undecided
Steven Hardy

Bug Description

# URL of the Heat metadata server. NOTE: Setting this is only needed if you
# require instances to use a different endpoint than in the keystone catalog
# (string value)
#heat_metadata_server_url = <None>
heat_metadata_server_url = http://127.0.0.1:8000

# URL of the Heat waitcondition server. (string value)
#heat_waitcondition_server_url = <None>
heat_waitcondition_server_url = http://127.0.0.1:8000/v1/waitcondition

# URL of the Heat CloudWatch server. (string value)
#heat_watch_server_url =
heat_watch_server_url =http://127.0.0.1:8003

This is wrong - they should either be unset (heat will use the heat endpoints from the keystone catalog, which is generally what you want), or set explicitly to point to the heat server, e.g the public endpoint for heat if it's for some reason not the same as the keystone endpoint due to proxying or something.

Steven Hardy (shardy) on 2016-11-15
Changed in heat:
status: New → Triaged
milestone: none → ocata-2
assignee: nobody → Steven Hardy (shardy)
importance: Undecided → High
Steven Hardy (shardy) wrote :

Looks like this is a bug in puppet-heat, which has some bad hardcoded defaults:

# [*heat_metadata_server_url*]
# (optional) URL of the Heat metadata server
# Defaults to 'http://127.0.0.1:8000'
#
# [*heat_waitcondition_server_url*]
# (optional) URL of the Heat waitcondition server
# Defaults to 'http://127.0.0.1:8000/v1/waitcondition'
#
# [*heat_watch_server_url*]
# (optional) URL of the Heat cloudwatch server
# Defaults to 'http://127.0.0.1:8003'

Changed in puppet-heat:
assignee: nobody → Steven Hardy (shardy)

Fix proposed to branch: master
Review: https://review.openstack.org/397644

Changed in puppet-heat:
status: New → In Progress
Steven Hardy (shardy) on 2016-11-15
no longer affects: heat
Steven Hardy (shardy) on 2016-11-15
tags: added: newton-backport-potential

Reviewed: https://review.openstack.org/397644
Committed: https://git.openstack.org/cgit/openstack/puppet-heat/commit/?id=6e8ef404833b9baf11f98db5b40ea222c60e041e
Submitter: Jenkins
Branch: master

commit 6e8ef404833b9baf11f98db5b40ea222c60e041e
Author: Steven Hardy <email address hidden>
Date: Tue Nov 15 22:23:37 2016 +0000

    Don't default metadata server URLs to localhost

    These settings are all legacy, as for some time heat has instead supported
    deriving the URLs internally using the endpoints from the keystone catalog.

    Defaulting these to localhost seems like a bad default, as in
    most cases heat will caclulate a more reasonable default (e.g something
    derived from the actual heat public endpoint in keystone), and it's somewhat
    surprising when you don't pass a value and get localhost instead of the heat
    defaults.

    They can still be used to override the keystone endpoint, which is sometimes
    useful, but in most cases these should no longer be set IMO.

    Note the relevant heat commits which make these settings optional are
    Id402664e38e3da071ad634233b3a1f8e13af152d and
    If8a2d3f37d87c26228e709c20f61969b397f2da0 (present in all Heat releases
    since Mitaka)

    Closes-Bug: #1641873
    Change-Id: I90ccdd881a41d803e28064f44b821ab48a6fa8ea

Changed in puppet-heat:
status: In Progress → Fix Released

This issue was fixed in the openstack/puppet-heat 10.0.0 release.

Reviewed: https://review.openstack.org/402401
Committed: https://git.openstack.org/cgit/openstack/puppet-heat/commit/?id=981babbd05ade928131b8b7a1851f294c17644ae
Submitter: Jenkins
Branch: stable/newton

commit 981babbd05ade928131b8b7a1851f294c17644ae
Author: Steven Hardy <email address hidden>
Date: Tue Nov 15 22:23:37 2016 +0000

    Don't default metadata server URLs to localhost

    These settings are all legacy, as for some time heat has instead supported
    deriving the URLs internally using the endpoints from the keystone catalog.

    Defaulting these to localhost seems like a bad default, as in
    most cases heat will caclulate a more reasonable default (e.g something
    derived from the actual heat public endpoint in keystone), and it's somewhat
    surprising when you don't pass a value and get localhost instead of the heat
    defaults.

    They can still be used to override the keystone endpoint, which is sometimes
    useful, but in most cases these should no longer be set IMO.

    Note the relevant heat commits which make these settings optional are
    Id402664e38e3da071ad634233b3a1f8e13af152d and
    If8a2d3f37d87c26228e709c20f61969b397f2da0 (present in all Heat releases
    since Mitaka)

    Closes-Bug: #1641873
    Change-Id: I90ccdd881a41d803e28064f44b821ab48a6fa8ea
    (cherry picked from commit 6e8ef404833b9baf11f98db5b40ea222c60e041e)

tags: added: in-stable-newton

This issue was fixed in the openstack/puppet-heat 9.5.0 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers