Container healthchecks report false negative when internal TLS is enabled

Bug #1713689 reported by Martin André on 2017-08-29
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
High
Martin André

Bug Description

All the healthcheck_curl tests query using the http protocol while it should use https when internal TLS is enabled:

https://github.com/openstack/tripleo-common/blob/1abff9af09d4a4819bae87329b45027daa4b2a07/healthcheck/heat-api#L7

Although it should query the server name that is set in the vhost config otherwise curl fails to validate the certificate:

curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.

Fix proposed to branch: master
Review: https://review.openstack.org/498805

Changed in tripleo:
assignee: nobody → Martin André (mandre)
status: Triaged → In Progress

Reviewed: https://review.openstack.org/498805
Committed: https://git.openstack.org/cgit/openstack/tripleo-common/commit/?id=0389eece178dcb2c5e4ab561135ccc8b3fc96e70
Submitter: Jenkins
Branch: master

commit 0389eece178dcb2c5e4ab561135ccc8b3fc96e70
Author: Martin André <email address hidden>
Date: Tue Aug 29 15:04:25 2017 +0200

    Make curl healthchecks work with internal TLS

    Implement a new get_url_from_vhost bash function that parses the given
    vhost configuration file and returns the URL on which the service can
    be checked.

    Change-Id: I071ed26328703df9f272b689af854e3a6a1c9e97
    Closes-Bug: #1713689

Changed in tripleo:
status: In Progress → Fix Released

Reviewed: https://review.openstack.org/500149
Committed: https://git.openstack.org/cgit/openstack/tripleo-common/commit/?id=23b5468b4503de928a24942e7461b024ba78bcc8
Submitter: Jenkins
Branch: stable/pike

commit 23b5468b4503de928a24942e7461b024ba78bcc8
Author: Martin André <email address hidden>
Date: Tue Aug 29 15:04:25 2017 +0200

    Make curl healthchecks work with internal TLS

    Implement a new get_url_from_vhost bash function that parses the given
    vhost configuration file and returns the URL on which the service can
    be checked.

    Change-Id: I071ed26328703df9f272b689af854e3a6a1c9e97
    Closes-Bug: #1713689
    (cherry picked from commit 0389eece178dcb2c5e4ab561135ccc8b3fc96e70)

tags: added: in-stable-pike

This issue was fixed in the openstack/tripleo-common 7.6.0 release.

This issue was fixed in the openstack/tripleo-common 8.0.0 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers