Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1519537 - OSP11 -> OSP12 upgrade: after upgrade of an SSL enabled undercloud the telemetry endpoints get set in HAProxy even though enable_telemetry is not set in undercloud.conf
Summary: OSP11 -> OSP12 upgrade: after upgrade of an SSL enabled undercloud the teleme...
Keywords:
Status: CLOSED EOL
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: rhosp-director
Version: 12.0 (Pike)
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: zstream
: 12.0 (Pike)
Assignee: Pradeep Kilambi
QA Contact: Sasha Smolyak
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-30 21:06 UTC by Marius Cornea
Modified: 2019-01-11 16:26 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-01-11 16:26:38 UTC


Attachments (Terms of Use)

Description Marius Cornea 2017-11-30 21:06:37 UTC
Description of problem:
OSP11 -> OSP12 upgrade: after upgrade of an SSL enabled undercloud the telemetry endpoints get set in HAProxy even though enable_telemetry is not set in undercloud.conf

Version-Release number of selected component (if applicable):
instack-undercloud-7.4.3-5.el7ost.noarch
instack-7.0.1-1.el7ost.noarch

How reproducible:
100%

Steps to Reproduce:
1. Deploy SSL enabled OSP11 undercloud
2. Upgrade undercloud to OSP12
3. Check undercloud HAProxy services

Actual results:

[stack@undercloud-0 ~]$ echo "show stat" | sudo socat /var/lib/haproxy/stats stdio | grep DOWN
aodh,192.168.24.1,0,0,0,0,,0,0,0,,0,,0,0,0,0,DOWN,1,1,0,1,1,598,598,,1,2,1,,0,,2,0,,0,L4CON,,0,0,0,0,0,0,0,0,,,,0,0,,,,,-1,Connection refused,,0,0,0,0,
aodh,BACKEND,0,0,0,0,410,0,0,0,0,0,,0,0,0,0,DOWN,0,0,0,,1,598,598,,1,2,0,,0,,1,0,,0,,,,0,0,0,0,0,0,,,,,0,0,0,0,0,0,-1,,,0,0,0,0,
ceilometer,192.168.24.1,0,0,0,0,,0,0,0,,0,,0,0,0,0,DOWN,1,1,0,1,1,598,598,,1,3,1,,0,,2,0,,0,L4CON,,0,0,0,0,0,0,0,0,,,,0,0,,,,,-1,Connection refused,,0,0,0,0,
ceilometer,BACKEND,0,0,0,0,410,0,0,0,0,0,,0,0,0,0,DOWN,0,0,0,,1,598,598,,1,3,0,,0,,1,0,,0,,,,0,0,0,0,0,0,,,,,0,0,0,0,0,0,-1,,,0,0,0,0,
gnocchi,192.168.24.1,0,0,0,0,,0,0,0,,0,,0,0,0,0,DOWN,1,1,0,5,1,501,501,,1,6,1,,0,,2,0,,0,L4CON,,0,0,0,0,0,0,0,0,,,,0,0,,,,,-1,Connection refused,,0,0,0,0,
gnocchi,BACKEND,0,0,0,0,410,0,0,0,0,0,,0,0,0,0,DOWN,0,0,0,,1,501,501,,1,6,0,,0,,1,0,,0,,,,0,0,0,0,0,0,,,,,0,0,0,0,0,0,-1,,,0,0,0,0,
panko,192.168.24.1,0,0,0,0,,0,0,0,,0,,0,0,0,0,DOWN,1,1,0,1,1,596,596,,1,18,1,,0,,2,0,,0,L4CON,,0,,,,,,,0,,,,0,0,,,,,-1,Connection refused,,0,0,0,0,
panko,BACKEND,0,0,0,0,410,0,0,0,0,0,,0,0,0,0,DOWN,0,0,0,,1,596,596,,1,18,0,,0,,1,0,,0,,,,,,,,,,,,,,0,0,0,0,0,0,-1,,,0,0,0,0,

Expected results:
The telemetry services don't get configured in haproxy when enable_telemetry is not set.

Additional info:

[stack@undercloud-0 ~]$ cat undercloud.conf 
[DEFAULT]
# Network interface on the Undercloud that will be handling the PXE
# boots and DHCP for Overcloud instances. (string value)
local_interface = eth0
# 192.168.24.0 subnet is by default used since RHOS11
local_ip = 192.168.24.1/24
network_gateway = 192.168.24.1
undercloud_public_vip = 192.168.24.2
undercloud_admin_vip = 192.168.24.3
network_cidr = 192.168.24.0/24
masquerade_network = 192.168.24.0/24
dhcp_start = 192.168.24.5
dhcp_end = 192.168.24.24
inspection_iprange = 192.168.24.100,192.168.24.120
undercloud_service_certificate = /etc/pki/instack-certs/undercloud.pem

[stack@undercloud-0 ~]$ sudo cat /etc/haproxy/haproxy.cfg 
# This file managed by Puppet
global
  daemon  
  group  haproxy
  log  /dev/log local0
  maxconn  20480
  pidfile  /var/run/haproxy.pid
  ssl-default-bind-ciphers  !SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES
  ssl-default-bind-options  no-sslv3
  stats  socket /var/lib/haproxy/stats mode 600 level user
  stats  timeout 2m
  user  haproxy

defaults
  log  global
  maxconn  4096
  mode  tcp
  retries  3
  timeout  http-request 10s
  timeout  queue 2m
  timeout  connect 10s
  timeout  client 2m
  timeout  server 2m
  timeout  check 10s

listen aodh
  bind 192.168.24.2:13042 transparent ssl crt /etc/pki/instack-certs/undercloud.pem
  bind 192.168.24.3:8042 transparent
  mode http
  http-request set-header X-Forwarded-Proto https if { ssl_fc }
  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
  option httpchk
  redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc }
  rsprep ^Location:\ http://(.*) Location:\ https://\1
  server 192.168.24.1 192.168.24.1:8042 check fall 5 inter 2000 rise 2

listen ceilometer
  bind 192.168.24.2:13777 transparent ssl crt /etc/pki/instack-certs/undercloud.pem
  bind 192.168.24.3:8777 transparent
  mode http
  http-request set-header X-Forwarded-Proto https if { ssl_fc }
  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
  option httpchk
  redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc }
  rsprep ^Location:\ http://(.*) Location:\ https://\1
  server 192.168.24.1 192.168.24.1:8777 check fall 5 inter 2000 rise 2

listen docker-registry
  bind 192.168.24.2:13787 transparent ssl crt /etc/pki/instack-certs/undercloud.pem
  bind 192.168.24.3:8787 transparent
  http-request set-header X-Forwarded-Proto https if { ssl_fc }
  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
  option httpchk
  server 192.168.24.1 192.168.24.1:8787 check fall 5 inter 2000 rise 2

listen glance_api
  bind 192.168.24.2:13292 transparent ssl crt /etc/pki/instack-certs/undercloud.pem
  bind 192.168.24.3:9292 transparent
  mode http
  http-request set-header X-Forwarded-Proto https if { ssl_fc }
  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
  option httpchk GET /healthcheck
  redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc }
  rsprep ^Location:\ http://(.*) Location:\ https://\1
  server 192.168.24.1 192.168.24.1:9292 check fall 5 inter 2000 rise 2

listen gnocchi
  bind 192.168.24.2:13041 transparent ssl crt /etc/pki/instack-certs/undercloud.pem
  bind 192.168.24.3:8041 transparent
  mode http
  http-request set-header X-Forwarded-Proto https if { ssl_fc }
  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
  option httpchk
  redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc }
  rsprep ^Location:\ http://(.*) Location:\ https://\1
  server 192.168.24.1 192.168.24.1:8041 check fall 5 inter 2000 rise 2

listen haproxy.stats
  bind 192.168.24.3:1993 transparent
  mode http
  stats enable
  stats uri /
  stats auth admin:8e51da192b2cf5cce420796d92e958a5fbf27cfc

listen heat_api
  bind 192.168.24.2:13004 transparent ssl crt /etc/pki/instack-certs/undercloud.pem
  bind 192.168.24.3:8004 transparent
  mode http
  http-request set-header X-Forwarded-Proto https if { ssl_fc }
  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
  option httpchk
  redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc }
  rsprep ^Location:\ http://192.168.24.2(.*) Location:\ https://192.168.24.2\1
  timeout client 10m
  timeout server 10m
  server 192.168.24.1 192.168.24.1:8004 check fall 5 inter 2000 rise 2

listen ironic
  bind 192.168.24.2:13385 transparent ssl crt /etc/pki/instack-certs/undercloud.pem
  bind 192.168.24.3:6385 transparent
  http-request set-header X-Forwarded-Proto https if { ssl_fc }
  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
  option httpchk
  server 192.168.24.1 192.168.24.1:6385 check fall 5 inter 2000 rise 2

listen ironic-inspector
  bind 192.168.24.2:13050 transparent ssl crt /etc/pki/instack-certs/undercloud.pem
  bind 192.168.24.3:5050 transparent
  http-request set-header X-Forwarded-Proto https if { ssl_fc }
  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
  option httpchk
  server 192.168.24.1 192.168.24.1:5050 check fall 5 inter 2000 rise 2

listen keystone_admin
  bind 192.168.24.3:35357 transparent
  mode http
  http-request set-header X-Forwarded-Proto https if { ssl_fc }
  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
  option httpchk GET /v3
  server 192.168.24.1 192.168.24.1:35357 check fall 5 inter 2000 rise 2

listen keystone_public
  bind 192.168.24.2:13000 transparent ssl crt /etc/pki/instack-certs/undercloud.pem
  bind 192.168.24.3:5000 transparent
  mode http
  http-request set-header X-Forwarded-Proto https if { ssl_fc }
  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
  option httpchk GET /v3
  redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc }
  rsprep ^Location:\ http://(.*) Location:\ https://\1
  server 192.168.24.1 192.168.24.1:5000 check fall 5 inter 2000 rise 2

listen mistral
  bind 192.168.24.2:13989 transparent ssl crt /etc/pki/instack-certs/undercloud.pem
  bind 192.168.24.3:8989 transparent
  http-request set-header X-Forwarded-Proto https if { ssl_fc }
  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
  option httpchk
  server 192.168.24.1 192.168.24.1:8989 check fall 5 inter 2000 rise 2

listen neutron
  bind 192.168.24.2:13696 transparent ssl crt /etc/pki/instack-certs/undercloud.pem
  bind 192.168.24.3:9696 transparent
  mode http
  http-request set-header X-Forwarded-Proto https if { ssl_fc }
  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
  option httpchk
  redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc }
  rsprep ^Location:\ http://(.*) Location:\ https://\1
  server 192.168.24.1 192.168.24.1:9696 check fall 5 inter 2000 rise 2

listen nova_metadata
  bind 192.168.24.3:8775 transparent
  option httpchk
  server 192.168.24.1 192.168.24.1:8775 check fall 5 inter 2000 rise 2

listen nova_osapi
  bind 192.168.24.2:13774 transparent ssl crt /etc/pki/instack-certs/undercloud.pem
  bind 192.168.24.3:8774 transparent
  mode http
  http-request set-header X-Forwarded-Proto https if { ssl_fc }
  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
  option httpchk
  redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc }
  rsprep ^Location:\ http://(.*) Location:\ https://\1
  server 192.168.24.1 192.168.24.1:8774 check fall 5 inter 2000 rise 2

listen nova_placement
  bind 192.168.24.2:13778 transparent ssl crt /etc/pki/instack-certs/undercloud.pem
  bind 192.168.24.3:8778 transparent
  mode http
  http-request set-header X-Forwarded-Proto https if { ssl_fc }
  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
  option httpchk
  redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc }
  rsprep ^Location:\ http://(.*) Location:\ https://\1
  server 192.168.24.1 192.168.24.1:8778 check fall 5 inter 2000 rise 2

listen panko
  bind 192.168.24.2:13977 transparent ssl crt /etc/pki/instack-certs/undercloud.pem
  bind 192.168.24.3:8977 transparent
  http-request set-header X-Forwarded-Proto https if { ssl_fc }
  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
  option httpchk
  server 192.168.24.1 192.168.24.1:8977 check fall 5 inter 2000 rise 2

listen rabbitmq
  bind 192.168.24.3:5672 transparent
  option tcpka
  timeout client 0
  timeout server 0
  server 192.168.24.1 192.168.24.1:5672 check fall 5 inter 2000 rise 2

listen swift_proxy_server
  bind 192.168.24.2:13808 transparent ssl crt /etc/pki/instack-certs/undercloud.pem
  bind 192.168.24.3:8080 transparent
  option httpchk GET /healthcheck
  timeout client 2m
  timeout server 2m
  server 192.168.24.1 192.168.24.1:8080 check fall 5 inter 2000 rise 2

listen ui
  bind 192.168.24.2:443 transparent ssl crt /etc/pki/instack-certs/undercloud.pem
  bind 192.168.24.3:3000 transparent
  mode http
  option forwardfor
  redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc }
  rsprep ^Location:\ http://(.*) Location:\ https://\1
  timeout tunnel 3600s
  server 192.168.24.1 192.168.24.1:3000 check fall 5 inter 2000 rise 2

listen zaqar_api
  bind 192.168.24.2:13888 transparent ssl crt /etc/pki/instack-certs/undercloud.pem
  bind 192.168.24.3:8888 transparent
  mode http
  http-request set-header X-Forwarded-Proto https if { ssl_fc }
  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
  option httpchk
  redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc }
  rsprep ^Location:\ http://(.*) Location:\ https://\1
  server 192.168.24.1 192.168.24.1:8888 check fall 5 inter 2000 rise 2

listen zaqar_ws
  bind 192.168.24.2:9000 ssl crt /etc/pki/instack-certs/undercloud.pem
  bind 192.168.24.3:9000 
  mode http
  option forwardfor
  redirect scheme https code 301 if { hdr(host) -i 192.168.24.2 } !{ ssl_fc }
  rsprep ^Location:\ http://(.*) Location:\ https://\1
  timeout connect 5s
  timeout client 25s
  timeout server 25s
  timeout tunnel 3600s
  server 192.168.24.1 192.168.24.1:9000 check fall 5 inter 2000 rise 2


Note You need to log in before you can comment on or make changes to this bug.