StarlingX

subcloud7 http 8219 port of public endpoint is unreachable

Bug #1892391 reported by Difu Hu
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Medium
Andy

Bug Description

Brief Description
-----------------
DC-1 subcloud7 https_enabled is false, public endpoint 8129 port is unreachable.

Severity
--------
Major

Steps to Reproduce
------------------
system --os-auth-url http://[fd01:14::2]:5000/v3 --os-endpoint-type internalURL --os-region-name subcloud7 modify --https_enabled="false"
curl from test server: curl -i http://[2620:10a:a001:a103::1183]:8219/v1.0

Expected Behavior
------------------
http://[2620:10a:a001:a103::1183]:8219/v1.0 is reachable

Actual Behavior
----------------
curl: (28) Failed to connect to 2620:10a:a001:a103::1183 port 8219: Connection timed out

Reproducibility
---------------
yes

System Configuration
--------------------
Lab-name: DC-1 subcloud7

Branch/Pull Time/Commit
-----------------------
2020-06-27_18-35-20 with PATCH_0003

Last Pass
---------
Not sure

Timestamp/Logs
--------------
[sysadmin@controller-0 ~(keystone_admin)]$ openstack endpoint list --interface=public
+----------------------------------+-----------+--------------+-----------------+---------+-----------+---------------------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+-----------------+---------+-----------+---------------------------------------------+
| 5fb0584b0d27433d8a95c63611f9033c | subcloud7 | fm | faultmanagement | True | public | http://[2620:10a:a001:a103::1183]:18002 |
| 9e0108dc35254914afb2f30c6dc02494 | subcloud7 | patching | patching | True | public | http://[2620:10a:a001:a103::1183]:15491 |
| 51898de69cda415e8627e1d98ade336a | subcloud7 | vim | nfv | True | public | http://[2620:10a:a001:a103::1183]:4545 |
| b04cf714d6c94b038ef9346003dad896 | subcloud7 | smapi | smapi | True | public | http://[2620:10a:a001:a103::1183]:7777 |
| 9413d569b01e45fd99fddd07b5f9ca08 | subcloud7 | keystone | identity | True | public | http://[2620:10a:a001:a103::1183]:5000/v3 |
| 71627f8716ef4920ac335f05dc29aed8 | subcloud7 | dcdbsync | dcorch-dbsync | True | public | http://[2620:10a:a001:a103::1183]:8219/v1.0 |
| 02613889d28446809ce8bf8072c55020 | subcloud7 | barbican | key-manager | True | public | http://[2620:10a:a001:a103::1183]:9311 |
| 9bf57ff9dfef4463b8a6ad0ad89e25f1 | subcloud7 | sysinv | platform | True | public | http://[2620:10a:a001:a103::1183]:6385/v1 |
+----------------------------------+-----------+--------------+-----------------+---------+-----------+---------------------------------------------+

$ curl -i http://[2620:10a:a001:a103::1183]:8219/v1.0
curl: (28) Failed to connect to 2620:10a:a001:a103::1183 port 8219: Connection timed out

Test Activity
-------------
Regression Testing

Revision history for this message
Difu Hu (difuhu) wrote :

log
https://files.starlingx.kube.cengn.ca/launchpad/1892391

Revision history for this message
Bill Zvonar (billzvonar) wrote :

Andy, can you triage this please.

Changed in starlingx:
assignee: nobody → Andy (andy.wrs)
Revision history for this message
Andy (andy.wrs) wrote :

The dcdbsync is a private service intended only to be used by dcorch of System Controller to orchestrate keystone resources (such as user ID, project ID, role ID etc) over mgmt network. So its APIs are not exposed to public on OAM IF. This is by design.

Changed in starlingx:
status: New → Invalid
Revision history for this message
Yang Liu (yliu12) wrote :

@Andy, in this case, shouldn't its public endpoint be removed?
I think the dcorch uses the admin endpoint?

Revision history for this message
Andy (andy.wrs) wrote :

I agree, we could use this LP to remove the public endpoint from keystone catalog. For short term we can just document it I think.

Changed in starlingx:
status: Invalid → Confirmed
Revision history for this message
Ghada Khalil (gkhalil) wrote :

Marking as stx.5.0 for now to consider removing the endpoints in stx master for the next release.

tags: added: stx.distcloud
Changed in starlingx:
importance: Undecided → Medium
tags: added: stx.5.0
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to stx-puppet (master)

Fix proposed to branch: master
Review: https://review.opendev.org/753111

Changed in starlingx:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to stx-puppet (master)

Reviewed: https://review.opendev.org/753111
Committed: https://git.openstack.org/cgit/starlingx/stx-puppet/commit/?id=a7449bcb6ee3b1477c476b33b45e26675eb7a813
Submitter: Zuul
Branch: master

commit a7449bcb6ee3b1477c476b33b45e26675eb7a813
Author: Andy Ning <email address hidden>
Date: Mon Sep 21 13:55:21 2020 -0400

    Remove dcdbsync public endpoint from keystone catalog

    dcdbsync is a private service only used by dcorch in DC system to
    synchronize keystone resources. It's not supposed to have public
    endpoint in keystone catalog to expose its service on OAM IF.

    This update removed its public endpoint from keystone catalog.

    Change-Id: Idfb95ad26ea99e3ca01d78b974284909f82becc0
    Closes-Bug: 1892391
    Signed-off-by: Andy Ning <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to stx-puppet (f/centos8)

Fix proposed to branch: f/centos8
Review: https://review.opendev.org/762919

Revision history for this message
Difu Hu (difuhu) wrote :

Verified on 2020-11-28_00-00-07.

tags: removed: stx.retestneeded
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.