oscm icon indicating copy to clipboard operation
oscm copied to clipboard
verified publisher icon servicecatalog

openstack access via https

Open vvvladd opened this issue 3 years ago • 1 comments

Version Info latest oscm, openstack xena charmed

Describe the bug I've successfully generate token via bash after add ca to /etc/ssl/cert/ca-bundle.crt, but via oscm web can not access the controller. There is only simple log from keystone haproxy : Feb 16 08:54:22 juju-5cb111-0-lxd-5 haproxy[730]: 10.100.0.11:44336 [16/Feb/2022:08:52:51.946] tcp-in_public-port public-port_10.100.0.20/keystone-0 1/0/90356 15539 cD 2/2/1/1/0 0/0

And nothing in keystone log. The params are the same in oscm and for curl: Example: docker exec -it oscm-app /bin/bash

export TOKEN=curl --silent -X POST -H "Content-Type: application/json" -d '{ "auth": { "identity": { "methods": ["password"], "password": { "user": { "name": "admin", "domain": { "id": "30d31be6fd6e46df9c4cd340c079996f" }, "password": "xxxxxxxxxxxx" } } }, "scope": { "project": { "name": "admin", "domain": { "id": "30d31be6fd6e46df9c4cd340c079996f" } } } } }' -i "https://10.50.0.14:5000/v3/auth/tokens" | grep X-Subject-Token | cut -d ":" -f 2 echo $TOKEN gAAAAABiDLxflHVyboYA-j5NMX7N02PtdE-39bU22wUgj5zXB-1k-yuRGsknqmot-SB1n5WYw0W25bFKyecitvRfqlzge8nFuF3W_KEPDvxjAfHkkHWdbq5n57fHKkaMtI_8gDW18dH5lyte-rIILDn74Z6hN09drV-wPdzrMwGOyKF87N05ZlA

How to Reproduce Steps to reproduce the behavior:

  1. deploy openstack via juju and maas with self-signed ca (vault)
  2. add ca to ca-bundle in container
  3. Docker instance is in the same network like openstack controller public ip.
  4. test with curl and via oscm web

Observed behavior A clear description of what was observed to happen.

Expected behavior A clear and concise description of what is expected to happen.

Screenshots If applicable, screenshots to help explain your problem.

Additional context Any other context about the problem here.

vvvladd avatar Feb 16 '22 08:02 vvvladd

From oscm log:

Unable to connect to the OpenStack Controller. [org.oscm.app.openstack.OpenStackConnection.processRequest(OpenStackConnection.java:177), org.oscm.app.openstack.KeystoneClient.authenticate(KeystoneClient.java:93), org.oscm.app.openstack.controller.OpenStackController.ping(OpenStackController.java:613),

From keystone: nothing in /var/log/keystone.log in haproxy.log: Feb 16 08:54:29 juju-5cb111-0-lxd-5 haproxy[730]: 10.100.0.11:44444 [16/Feb/2022:08:52:53.355] tcp-in_public-port public-port_10.100.0.20/keystone-0 1/0/96068 28879 cD 1/1/0/0/0 0/0 In apache logs - nothing.

vvvladd avatar Feb 16 '22 09:02 vvvladd