settingsLogin | Registersettings

[Openstack] Nova SSL API Endpoint Failure in Horizon - Pike

0 votes

Hello everyone, In my pike lab setup I am having an issue with using an https endpoint for the compute service only through horizon. The python client works fine. Below is what I am seeing. If you think its a bug let me know and I will file a report. Any assistance would be appreciated.

Nova Endpoints Non SSL functioning correctly.

root@controller01<mailto:root@controller01>:~# openstack endpoint list |grep compute
| 308f5b565c974aa8a080020ce9c84c40 | us-east-dtw | nova | compute | True | public | http://controller01.us-east-dtw.public.lco.cloud:8774/v2.1 |
| d941c3f61cae4b95b9a2fb0b10d9c536 | us-east-dtw | nova | compute | True | internal | http://controller01.us-east-dtw.internal.lco.cloud:8774/v2.1 |
| db194f0b5aa7402d82da696c0bf32e38 | us-east-dtw | nova | compute | True | admin | http://controller01.us-east-dtw.admin.lco.cloud:8774/v2.1 |
root@controller01<mailto:root@controller01>:~#

Changed the endpoint to SSL and a new URL.

root@controller01<mailto:root@controller01>:~# openstack endpoint list |grep compute
| 168593fd00134b5f9278d81b56e16625 | us-east-dtw | nova | compute | True | public | https://compute.apigw.us-east-dtw.lco.cloud:8774/v2.1 |
| d941c3f61cae4b95b9a2fb0b10d9c536 | us-east-dtw | nova | compute | True | internal | http://controller01.us-east-dtw.internal.lco.cloud:8774/v2.1 |
| db194f0b5aa7402d82da696c0bf32e38 | us-east-dtw | nova | compute | True | admin | http://controller01.us-east-dtw.admin.lco.cloud:8774/v2.1 |

Test if the api endpoint is there. From Controller.

root@controller01:~# curl https://compute.apigw.us-east-dtw.lco.cloud:8774/v2.1
{"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}

Test if the api endpoint is listening and reachable from the Horizon Server.

root@horizon01:~# curl https://compute.apigw.us-east-dtw.lco.cloud:8774/v2.1
{"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}

Yes it is there and listening from both.

Test from the openstack client

root@controller01<mailto:root@controller01>:~# openstack server list
+--------------------------------------+-----------+--------+-------------------------+-------+----------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+-----------+--------+-------------------------+-------+----------+
| 70ce7c5b-df65-456c-bb26-f4741f78f691 | WinTest-5 | ACTIVE | Admin-RFC1918=10.0.0.23 | | m1.large |
| 8eaf4a62-7611-4c39-aab1-39726c4e1461 | WinTest-4 | ACTIVE | Admin-RFC1918=10.0.0.39 | | m1.large |
| 9e1e58d2-da74-4c09-a999-e69a4616f244 | WinTest-3 | ACTIVE | Admin-RFC1918=10.0.0.13 | | m1.large |
| 24ec52a5-c405-483e-aa58-4af3f4ef6448 | WinTest-2 | ACTIVE | Admin-RFC1918=10.0.0.25 | | m1.large |
| 9402a70a-ead3-41ef-bcb6-0ca387295b95 | WinTest-1 | ACTIVE | Admin-RFC1918=10.0.0.38 | | m1.large |
+--------------------------------------+-----------+--------+-------------------------+-------+----------+
root@controller01<mailto:root@controller01>:~#

Test from Horizon UI. Fail "Unable to Retrieve instance list".

This is the error from the horizon error log.

[Thu Oct 19 03:50:50.747066 2017] [wsgi:error] [pid 1631:tid 139920712161024] WARNING horizon.exceptions Recoverable error: Unable to establish connection to http://compute.apigw.us-east-dtw.lco.cloud/v2.1/: HTTPConnectionPool(host='compute.apigw.us-east-dtw.lco.cloud', port=80): Max retries exceeded with url: /v2.1/ (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f41d2d3b050>: Failed to establish a new connection: [Errno 111] Connection refused',))

The obvious problem is that request went to port 80 and is not https:// but why? I double checked local_settings.py and publicURL is set for the endpoint type. Setting it back to the original, non ssl endpoint and horizon works properly. Any ideas?

So far I have only seen this issue with Nova. I did swift earlier without issue.

root@controller01<mailto:root@controller01>:~# openstack endpoint list |grep object
| 169d972b2ac5435cbcfd8900a94f2c61 | us-east-dtw | swift | object-store | True | public | https://object.apigw.us-east-dtw.lco.cloud:8080/v1/AUTH_%(project_id)s |
| 5b030e1c00834fbda424a8c0b0c95d17 | us-east-dtw | swift | object-store | True | internal | http://swift01.us-east-dtw.internal.lco.cloud:8080/v1/AUTH_%(project_id)s |
| aa6be6369f884f78b01bd965e0b9fa12 | us-east-dtw | swift | object-store | True | admin | http://swift01.us-east-dtw.admin.lco.cloud:8080/v1 |
root@controller01<mailto:root@controller01>:~#

Thanks in advance.

Steve Searles


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
asked Oct 19, 2017 in openstack by Steve_Searles (480 points)   3 3
...