StarlingX

Bug #1960354
Comment #2

Comment 2 for bug 1960354

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-02-15: Fix merged to openstack-armada-app (master)

Reviewed: https://review.opendev.org/c/starlingx/openstack-armada-app/+/822833
Committed: https://opendev.org/starlingx/openstack-armada-app/commit/27c4d562c8ade4b4f34ec807ac327334fdd13cb3
Submitter: "Zuul (22348)"
Branch: master

commit 27c4d562c8ade4b4f34ec807ac327334fdd13cb3
Author: Lucas Cavalcante <email address hidden>
Date: Thu Dec 23 11:13:15 2021 -0300

Fixes Application Apply failing when HTTPS enabled

    Openstack-helm provides the option to terminate TLS at the services.
    However, at Starlingx TLS termination is done at the reverse
    proxy (ingress) and therefore is unecessary for the OpenStack itself
    be HTTPS and terminate tls a second time. Furthermore, it is not
    possible to have https enabled on openstack services with the
    current centos based containers that we have, openstack-helm only
    supports tls using debian based containers.

    Manually working arroud this creates a cumbersome override file, so
    to diminish this overrides this patch 0020 and 0013(osh-i) disables
    https at the backend, thus maitaining the same behaviour as stx 5.0

    Mariadb and RabbitMQ tls does not seem to be working very well within
    Starlingx, so we also disable TLS for them. I am not confident that
    current openstack-helm and openstack-helm-infra supports production level
    openstack with mariadb in TLS mode. Furthermore, from the way everything
    is redirected in StarlingX I do see too many performance and stability
    issues using both of them with tls enabled.

Disclaimer I did not test with either only mairiadb tls or
rabbitmq activated, but with both of them on the system is not usable.

Test Plan:

    PASS: Openstack is Applied. (https disabled)
    PASS: enable https. Opensatck is Applied (WITHOUT service.conf
    overrides)

    Signed-off-by: Lucas Cavalcante <email address hidden>
    Change-Id: Ifb7946e9a289234047934b52d200b951a59c1a3f
    Partial-bug: 1960354
    Related-to: https://review.opendev.org/c/starlingx/helm-charts/+/828815

Reviewed:  https://review.opendev.org/c/starlingx/openstack-armada-app/+/822833
Committed: https://opendev.org/starlingx/openstack-armada-app/commit/27c4d562c8ade4b4f34ec807ac327334fdd13cb3
Submitter: "Zuul (22348)"
Branch:    master

commit 27c4d562c8ade4b4f34ec807ac327334fdd13cb3
Author: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Date:   Thu Dec 23 11:13:15 2021 -0300

Fixes Application Apply failing when HTTPS enabled
    
    Openstack-helm provides the option to terminate TLS at the services.
    However, at Starlingx TLS termination is done at the reverse
    proxy (ingress) and therefore is unecessary for the OpenStack itself
    be HTTPS and terminate tls a second time. Furthermore,  it is not
    possible to have https enabled on openstack services with the
    current centos based containers that we have, openstack-helm only
    supports tls using debian based containers.
    
    Manually working arroud this creates a cumbersome override file, so
    to diminish this overrides this patch 0020 and 0013(osh-i) disables
    https at the backend, thus maitaining the same behaviour as stx 5.0
    
    Mariadb and RabbitMQ tls does not seem to be working very well within
    Starlingx, so we also disable TLS for them. I am not confident that
    current openstack-helm and openstack-helm-infra supports production level
    openstack with mariadb in TLS mode. Furthermore, from the way everything
    is redirected in StarlingX I do see too many performance and stability
    issues using both of them with tls enabled.
    
    Disclaimer I did not test with either only mairiadb tls or
    rabbitmq activated, but with both of them on the system is not usable.
    
    Test Plan:
    
    PASS: Openstack is Applied. (https disabled)
    PASS: enable https. Opensatck is Applied (WITHOUT service.conf
    overrides)
    
    Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
    Change-Id: Ifb7946e9a289234047934b52d200b951a59c1a3f
    Partial-bug: 1960354
    Related-to: https://review.opendev.org/c/starlingx/helm-charts/+/828815