DC system controller admin endpoint is http, not https by default
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
John Kung |
Bug Description
Brief Description
-----------------
In distributed cloud, system controller admin endpoint by default should be https, but it shows http
Severity
--------
Major
Steps to Reproduce
------------------
install DC system
check system controller admin endpoint
Expected Behavior
------------------
system controller admin endpoint should be https
Actual Behavior
----------------
system controller admin endpoint is http
Reproducibility
---------------
Reproducible
Intermittent
Unknown - first time this is seen in sanity, will monitor
System Configuration
-------
DC system
Lab-name: WCP_80-91
Branch/Pull Time/Commit
-------
"2020-05-
Last Pass
---------
"2020-05-
Timestamp/Logs
--------------
[sysadmin@
| 76eb600b2e47401
| faf82ecb07c64cb
| 33696c92baa14ad
| be493cbd83c2498
| 97f45f5d5802497
| 82d9f1e227f1467
| 823d13e518864e8
| 9b517630ac714b3
| 8b2a5729fe1f497
| e717b31f29624e9
| 830b2e670e744be
| fd4a00c96fa3473
Test Activity
-------------
Sanity
tags: | added: stx.retestneeded |
Changed in starlingx: | |
importance: | Undecided → High |
status: | New → Triaged |
description: | updated |
tags: | added: stx.4.02 |
tags: |
added: stx.4.0 stx.config stx.security removed: stx.4.02 |
Changed in starlingx: | |
assignee: | nobody → Bin Qian (bqian20) |
Changed in starlingx: | |
assignee: | Bin Qian (bqian20) → John Kung (john-kung) |
tags: | added: stx.distcloud |
the hieradata has the right admin_url, something after went wrong: puppet/ 20.04/hieradata /system. yaml:barbican: :keystone: :auth:: admin_url: https://[fd01:1::2]:9312 puppet/ 20.04/hieradata /system. yaml:dcdbsync: :keystone: :auth:: admin_url: https://[fd01:1: :2]:8220/ v1.0 puppet/ 20.04/hieradata /system. yaml:dcmanager: :keystone: :auth:: admin_url: https://[fd01:1: :2]:8120/ v1.0 puppet/ 20.04/hieradata /system. yaml:dcorch: :keystone: :auth:: identity_ proxy_admin_ url: https://[fd01:1: :2]:25001/ v3 puppet/ 20.04/hieradata /system. yaml:dcorch: :keystone: :auth:: patching_ proxy_admin_ url: https://[fd01:1::2]:25492/ puppet/ 20.04/hieradata /system. yaml:dcorch: :keystone: :auth:: sysinv_ proxy_admin_ url: https://[fd01:1: :2]:26386/ v1 puppet/ 20.04/hieradata /system. yaml:fm: :keystone: :auth:: admin_url: https://[fd01:1::2]:18003 puppet/ 20.04/hieradata /system. yaml:keystone: :endpoint: :admin_ url: https://[fd01:1::2]:5001 puppet/ 20.04/hieradata /system. yaml:nfv: :keystone: :auth:: admin_url: https://[fd01:1::2]:4546 puppet/ 20.04/hieradata /system. yaml:patching: :keystone: :auth:: admin_url: https://[fd01:1::2]:5492 puppet/ 20.04/hieradata /system. yaml:platform: :smapi: :params: :admin_ url: https://[fd01:1::2]:7778 puppet/ 20.04/hieradata /system. yaml:smapi: :keystone: :auth:: admin_url: https://[fd01:1::2]:7778 puppet/ 20.04/hieradata /system. yaml:sysinv: :keystone: :auth:: admin_url: https://[fd01:1::2]:6386/v1 haproxy. cfg is configured correctly with admin endpoints as https restapi- admin private/ admin-ep- cert.pem restapi- admin-internal restapi- admin private/ admin-ep- cert.pem restapi- admin-internal restapi- admin private/ admin-ep- cert.pem restapi- admin-internal identity- api-proxy- admin private/ admin-ep- cert.pem identity- api-proxy- admin-internal patch-api- proxy-admin private/ admin-ep- cert.pem patch-api- proxy-admin- internal sysinv- api-proxy- admin private/ admin-ep- cert.pem sysinv- api-proxy- admin-internal private/ admin-ep- cert.pem admin-internal restapi- admin private/ admin-ep- cert.pem restapi- admin-internal restapi- admin private/ admin-ep- cert.pem restapi- admin-internal private/ admin-ep- cert.pem admin-internal restapi- admin
/opt/platform/
/opt/platform/
/opt/platform/
/opt/platform/
/opt/platform/
/opt/platform/
/opt/platform/
/opt/platform/
/opt/platform/
/opt/platform/
/opt/platform/
/opt/platform/
/opt/platform/
Also /etc/haproxy/
frontend barbican-
bind fd01:1::2:9312 ssl crt /etc/ssl/
default_backend barbican-
--
frontend dcdbsync-
bind fd01:1::2:8220 ssl crt /etc/ssl/
default_backend dcdbsync-
--
frontend dcmanager-
bind fd01:1::2:8120 ssl crt /etc/ssl/
default_backend dcmanager-
--
frontend dcorch-
bind fd01:1::2:25001 ssl crt /etc/ssl/
default_backend dcorch-
--
frontend dcorch-
bind fd01:1::2:25492 ssl crt /etc/ssl/
default_backend dcorch-
--
frontend dcorch-
bind fd01:1::2:26386 ssl crt /etc/ssl/
default_backend dcorch-
--
frontend fm-api-admin
bind fd01:1::2:18003 ssl crt /etc/ssl/
default_backend fm-api-
--
frontend keystone-
bind fd01:1::2:5001 ssl crt /etc/ssl/
default_backend keystone-
--
frontend patching-
bind fd01:1::2:5492 ssl crt /etc/ssl/
default_backend patching-
--
frontend sm-api-admin
bind fd01:1::2:7778 ssl crt /etc/ssl/
default_backend sm-api-
--
frontend sysinv-
bind fd01:1::2:6386 ssl c...