mistral endpoint when deploying with ssl/tls (self-signed)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-mistralclient |
New
|
Undecided
|
Unassigned |
Bug Description
kolla version: rocky, source, ubuntu
kolla-ansible: 7.0.0
When deploying mistral with ssl/tls by setting in globals.yml + running kolla-ansible certificates
kolla_enable_
kolla_external_
"kolla-
public_protocol: "{{ 'https' if kolla_enable_
This leads to "kolla-
mistral_
And since "kolla-
[api]
enable_ssl_api = True
[ssl]
ca_file = <path-to-ca file>
cert_file = <path-to-
key_file = <path-to-key file>
And "kolla-
listen mistral_
bind 192.168.9.9:8989 ssl crt /etc/haproxy/
This will lead to a failure to contact mistral-api with ssl errors. It can be tested with python-
The error looks like this:
Error: Unable to retrieve workbooks.: SSL exception connecting to https://<vip>:8989/
I haven't tested with a proper certificate yet.
=======
The easiest workaround to get mistral to work is to change the public endpoint to http like so:
1) delete the old https public endpoint
2) create a new endpoint with:
openstack endpoint create workflowv2 public http://<vip>:8989 --region <region>
3) edit /etc/kolla/
listen mistral_
bind 192.168.9.9:8989 ssl crt /etc/haproxy/
with:
listen mistral_
bind 192.168.9.9:8989
Can be done simply from your deploynode with two ad-hoc's:
ansible -i multinode control -m shell -a "sed -i 's,bind <vip>:8989 ssl crt /etc/haproxy/
ansible -i multinode control -m shell -a "docker restart haproxy"
description: | updated |
Added mistralclient as affected project, I tested locally and other services work.
Using mistral --insecure workflow-list works, but openstack --insecure workflow list does not,
returns an unverified ssl error. Seems mistralclient is not reading --insecure part from openstackclient.
Also tested adding MISTRALCLIENT_ INSECURE= True, but still not working.
A few logs http:// paste.openstack .org/show/ 735834/
Version used:
openstacksdk= =0.19.0 mistralclient= =3.7.0 openstackclient ==3.17. 0
python-
python-
Regards