tripleo

ovn_nb_connection for Octavia is hard-coded to use tcp: schema

Bug #1861886 reported by Flavio Fernandes
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Undecided
Flavio Fernandes

Bug Description

When deploying Octavia with TLS Everywhere and the OVN mechanism, the ovn_nb_connection option in Octavia still uses tcp:<VIP>:<Port> This appears to be hard-coded in puppet-tripleo. It should be ssl:<VIP>:<Port> when TLS Everywhere is enabled.

Flavio Fernandes (ffernand)
Changed in tripleo:
assignee: nobody → Flavio Fernandes (ffernand)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-tripleo (master)

Fix proposed to branch: master
Review: https://review.opendev.org/705728

Changed in tripleo:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-tripleo (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/705821

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on puppet-tripleo (stable/train)

Change abandoned by Flavio Fernandes (<email address hidden>) on branch: stable/train
Review: https://review.opendev.org/705821

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to tripleo-heat-templates (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/711921

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to puppet-tripleo (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/713716

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on tripleo-heat-templates (master)

Change abandoned by Flavio Fernandes (<email address hidden>) on branch: master
Review: https://review.opendev.org/711921
Reason: .

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to puppet-tripleo (master)

Reviewed: https://review.opendev.org/705728
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=c68aa2e140890478156aa197a4217bd362e913ab
Submitter: Zuul
Branch: master

commit c68aa2e140890478156aa197a4217bd362e913ab
Author: Flavio Fernandes <email address hidden>
Date: Mon Mar 2 18:36:45 2020 -0500

    Add Octavia OVN Provider configuration (1 of 2)

    This is part 1 of 2, where ovn provider info located in
    tripleo::profile::base::octavia::api will move
    to newly created octavia::provider::ovn.
    But that has to be split into 2 parts to avoid breaking the
    CI until the THT+pupple-tripleo changes merges [1].

    [1]: https://review.opendev.org/#/q/topic:bug/1861886+(status:open+OR+status:merged)

    This patch enhances Octavia's OVN driver config, so it can connect to
    OVN_Northbound DB using TLS.

    Depends-On: https://review.opendev.org/#/c/711333/

    Change-Id: I85049de9960586a1069aa750c8d727c6e37cec73
    Related-Bug: #1861886

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to tripleo-heat-templates (stable/train)

Related fix proposed to branch: stable/train
Review: https://review.opendev.org/714916

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to puppet-tripleo (stable/train)

Related fix proposed to branch: stable/train
Review: https://review.opendev.org/715960

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to puppet-tripleo (stable/train)

Reviewed: https://review.opendev.org/705821
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=ebc195991cfa62447552a870e3af80e66da02b29
Submitter: Zuul
Branch: stable/train

commit ebc195991cfa62447552a870e3af80e66da02b29
Author: Flavio Fernandes <email address hidden>
Date: Tue Feb 4 11:18:07 2020 -0500

    Add Octavia OVN Provider configuration (1 of 2)

    This is part 1 of 2, where ovn provider info located in
    tripleo::profile::base::octavia::api will move
    to newly created octavia::provider::ovn.
    But that has to be split into 2 parts to avoid breaking the
    CI until the THT+pupple-tripleo changes merges [1].

    [1]: https://review.opendev.org/#/q/topic:bug/1861886+(status:open+OR+status:merged)

    This patch enhances Octavia's OVN driver config, so it can connect to
    OVN_Northbound DB using TLS.

    Depends-On: https://review.opendev.org/#/c/714895/

    Change-Id: I85049de9960586a1069aa750c8d727c6e37cec73
    Related-Bug: #1861886
    (cherry picked from commit c68aa2e140890478156aa197a4217bd362e913ab)

tags: added: in-stable-train
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to tripleo-heat-templates (master)

Reviewed: https://review.opendev.org/707695
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=d8a64956925feb007fbc1abbd03ff39d65470eb2
Submitter: Zuul
Branch: master

commit d8a64956925feb007fbc1abbd03ff39d65470eb2
Author: Flavio Fernandes <email address hidden>
Date: Tue Mar 3 16:11:12 2020 -0500

    Add Octavia OVN Provider configuration

    This patch supports configuring the OVN provider and sets up a pattern
    that will later be expanded on to support multiple provider drivers
    without requiring modification of the core Octavia configuration.

    Depends-On: https://review.opendev.org/#/c/711333/
    Depends-On: https://review.opendev.org/#/c/705728/

    Change-Id: If199f6e2841f8c7bbfe1fb56538b0283ac04681c
    Related-Bug: #1861886

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (master)

Reviewed: https://review.opendev.org/713716
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=a485965a2326cb1e62c2597b3eeac7e2cd54131f
Submitter: Zuul
Branch: master

commit a485965a2326cb1e62c2597b3eeac7e2cd54131f
Author: Flavio Fernandes <email address hidden>
Date: Wed Mar 18 14:36:15 2020 -0400

    Add Octavia OVN Provider configuration (2 of 2)

    This is part 2 of 2, where ovn provider info located in
    tripleo::profile::base::octavia::api will move
    to newly created octavia::provider::ovn.
    But that has to be split into 2 parts to avoid breaking the
    CI until the THT+pupple-tripleo changes merges [1].

    [1]: https://review.opendev.org/#/q/topic:bug/1861886+(status:open+OR+status:merged)

    This patch enhances Octavia's OVN driver config, so it can connect to
    OVN_Northbound DB using TLS.

    Depends-On: https://review.opendev.org/#/c/711333/
    Depends-On: https://review.opendev.org/#/c/711557/
    Depends-On: https://review.opendev.org/#/c/705728/
    Depends-On: https://review.opendev.org/#/c/707695/

    Closes-Bug: #1861886

    Change-Id: If4a6f25015374883050c48b7705e8207906118f4

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to tripleo-heat-templates (stable/train)

Reviewed: https://review.opendev.org/714916
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=69c2b13f9159ad34cc7a595b4941acc1129426e6
Submitter: Zuul
Branch: stable/train

commit 69c2b13f9159ad34cc7a595b4941acc1129426e6
Author: Flavio Fernandes <email address hidden>
Date: Tue Mar 3 16:11:12 2020 -0500

    Add Octavia OVN Provider configuration

    This patch supports configuring the OVN provider and sets up a pattern
    that will later be expanded on to support multiple provider drivers
    without requiring modification of the core Octavia configuration.

    Depends-On: https://review.opendev.org/#/c/714895/
    Depends-On: https://review.opendev.org/#/c/705821/

    Change-Id: If199f6e2841f8c7bbfe1fb56538b0283ac04681c
    Related-Bug: #1861886
    (cherry picked from commit d8a64956925feb007fbc1abbd03ff39d65470eb2)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (stable/train)

Reviewed: https://review.opendev.org/715960
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=b2348525333bc6ac6df9597361bdc7b3dd4bf9b4
Submitter: Zuul
Branch: stable/train

commit b2348525333bc6ac6df9597361bdc7b3dd4bf9b4
Author: Flavio Fernandes <email address hidden>
Date: Wed Mar 18 14:36:15 2020 -0400

    Add Octavia OVN Provider configuration (2 of 2)

    This is part 2 of 2, where ovn provider info located in
    tripleo::profile::base::octavia::api will move
    to newly created octavia::provider::ovn.
    But that has to be split into 2 parts to avoid breaking the
    CI until the THT+pupple-tripleo changes merges [1].

    [1]: https://review.opendev.org/#/q/topic:bug/1861886+(status:open+OR+status:merged)

    This patch enhances Octavia's OVN driver config, so it can connect to
    OVN_Northbound DB using TLS.

    Depends-On: https://review.opendev.org/#/c/714895/
    Depends-On: https://review.opendev.org/#/c/715950/
    Depends-On: https://review.opendev.org/#/c/705821/
    Depends-On: https://review.opendev.org/#/c/714916/

    Closes-Bug: #1861886

    Change-Id: If4a6f25015374883050c48b7705e8207906118f4
    (cherry picked from commit a485965a2326cb1e62c2597b3eeac7e2cd54131f)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-tripleo 11.5.0

This issue was fixed in the openstack/puppet-tripleo 11.5.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.