tripleo

Container healthchecks report false negative when internal TLS is enabled

Bug #1713689 reported by Martin André
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
Martin André
tripleo pike-rc2

Bug Description

All the healthcheck_curl tests query using the http protocol while it should use https when internal TLS is enabled:

https://github.com/openstack/tripleo-common/blob/1abff9af09d4a4819bae87329b45027daa4b2a07/healthcheck/heat-api#L7

Although it should query the server name that is set in the vhost config otherwise curl fails to validate the certificate:

curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-common (master)

Fix proposed to branch: master
Review: https://review.openstack.org/498805

Changed in tripleo:
assignee: nobody → Martin André (mandre)
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-common (master)

Reviewed: https://review.openstack.org/498805
Committed: https://git.openstack.org/cgit/openstack/tripleo-common/commit/?id=0389eece178dcb2c5e4ab561135ccc8b3fc96e70
Submitter: Jenkins
Branch: master

commit 0389eece178dcb2c5e4ab561135ccc8b3fc96e70
Author: Martin André <email address hidden>
Date: Tue Aug 29 15:04:25 2017 +0200

    Make curl healthchecks work with internal TLS

    Implement a new get_url_from_vhost bash function that parses the given
    vhost configuration file and returns the URL on which the service can
    be checked.

    Change-Id: I071ed26328703df9f272b689af854e3a6a1c9e97
    Closes-Bug: #1713689

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-common (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/500149

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-common (stable/pike)

Reviewed: https://review.openstack.org/500149
Committed: https://git.openstack.org/cgit/openstack/tripleo-common/commit/?id=23b5468b4503de928a24942e7461b024ba78bcc8
Submitter: Jenkins
Branch: stable/pike

commit 23b5468b4503de928a24942e7461b024ba78bcc8
Author: Martin André <email address hidden>
Date: Tue Aug 29 15:04:25 2017 +0200

    Make curl healthchecks work with internal TLS

    Implement a new get_url_from_vhost bash function that parses the given
    vhost configuration file and returns the URL on which the service can
    be checked.

    Change-Id: I071ed26328703df9f272b689af854e3a6a1c9e97
    Closes-Bug: #1713689
    (cherry picked from commit 0389eece178dcb2c5e4ab561135ccc8b3fc96e70)

tags: added: in-stable-pike
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-common 7.6.0

This issue was fixed in the openstack/tripleo-common 7.6.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-common 8.0.0

This issue was fixed in the openstack/tripleo-common 8.0.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.