[openstack-community] Error add member to pool ( OCTAVIA ) when using SSL to verify
Michael Johnson
johnsomor at gmail.com
Thu Aug 27 00:58:17 UTC 2020
Thank you again Amy.
Hi Duc Vinh,
Sorry to hear you are having trouble getting Octavia setup. It appears
to be an issue with the certificate on the keystone endpoint.
>From the log and your configuration I can see:
Your keystone auth_url is https://192.168.10.150:5000
You CAfile for this endpoint is configured as: /etc/ssl/private/haproxy.pem
Let's test that configuration by running the following command:
echo "Q" | openssl s_client -connect 192.168.10.150:5000 -CAfile
/etc/ssl/private/haproxy.pem
This will return a lot of information about the certificate on the
endpoint and test the CA file.
In the output of this command, you want to see "Verification: OK". If
you don't, there is a problem either with the certificate on the
endpoint of the CA file being used. Check both match and are the
expected files.
If you are still not sure what is wrong, please send the output of the
above command and the output of the following command:
openssl x509 -in /etc/ssl/private/haproxy.pem -noout -text
I will take a look at that information and should be able to help.
Michael
On Tue, Aug 25, 2020 at 7:19 AM Amy Marrich <amy at demarco.com> wrote:
>
> Adding the OpenStack discuss list.
>
> Amy (spotz)
>
> On Aug 24, 2020, at 11:14 PM, Vinh Nguyen Duc <vinhducnguyen1708 at gmail.com> wrote:
>
>
>
> Dear Openstack community,
>
>
>
> My name is Duc Vinh, I am newer in Openstack
>
> I am deploy Openstack Ussuri on Centos8 , I am using three nodes controller with High Availability topology and using HAproxy to verify cert for connect HTTPS,
>
> I have trouble with project Octavia, I cannot add member in a pool after created Loadbalancer, listener, pool ( everything is fine).
>
> Here is my log and configuration file:
>
>
>
> LOGS:
>
>
>
> 2020-08-25 10:55:42.872 226250 DEBUG octavia.network.drivers.neutron.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Neutron extension security-group found enabled _check_extension_enabled /usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py:66
>
> 2020-08-25 10:55:42.892 226250 DEBUG octavia.network.drivers.neutron.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Neutron extension dns-integration is not enabled _check_extension_enabled /usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py:70
>
> 2020-08-25 10:55:42.911 226250 DEBUG octavia.network.drivers.neutron.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Neutron extension qos found enabled _check_extension_enabled /usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py:66
>
> 2020-08-25 10:55:42.933 226250 DEBUG octavia.network.drivers.neutron.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Neutron extension allowed-address-pairs found enabled _check_extension_enabled /usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py:66
>
> 2020-08-25 10:55:43.068 226250 WARNING keystoneauth.identity.generic.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Failed to discover available identity versions when contacting https://192.168.10.150:5000. Attempting to parse version from URL.: keystoneauth1.exceptions.connection.SSLError: SSL exception connecting to https://192.168.10.150:5000: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Error retrieving subnet (subnet id: 035f3183-f469-415f-b536-b4a81364e814.: keystoneauth1.exceptions.discovery.DiscoveryFailure: Could not find versioned identity endpoints when attempting to authenticate. Please check that your auth_url is correct. SSL exception connecting to https://192.168.10.150:5000: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base Traceback (most recent call last):
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base chunked=chunked)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self._validate_conn(conn)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in _validate_conn
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base conn.connect()
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 344, in connect
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base ssl_context=context)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 367, in ssl_wrap_socket
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return context.wrap_socket(sock)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base _context=self, _session=session)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib64/python3.6/ssl.py", line 776, in __init__
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self.do_handshake()
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self._sslobj.do_handshake()
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self._sslobj.do_handshake()
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base During handling of the above exception, another exception occurred:
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base Traceback (most recent call last):
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 449, in send
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base timeout=timeout
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 638, in urlopen
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base _stacktrace=sys.exc_info()[2])
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/util/retry.py", line 399, in increment
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base raise MaxRetryError(_pool, url, error or ResponseError(cause))
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base During handling of the above exception, another exception occurred:
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base Traceback (most recent call last):
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1004, in _send_request
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base resp = self.session.request(method, url, **kwargs)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 533, in request
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base resp = self.send(prep, **send_kwargs)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 646, in send
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base r = adapter.send(request, **kwargs)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 514, in send
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base raise SSLError(e, request=request)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base During handling of the above exception, another exception occurred:
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base Traceback (most recent call last):
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py", line 138, in _do_create_plugin
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base authenticated=False)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py", line 610, in get_discovery
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base authenticated=authenticated)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/discover.py", line 1452, in get_discovery
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base disc = Discover(session, url, authenticated=authenticated)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/discover.py", line 536, in __init__
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base authenticated=authenticated)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/discover.py", line 102, in get_version_data
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base resp = session.get(url, headers=headers, authenticated=authenticated)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1123, in get
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return self.request(url, 'GET', **kwargs)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 913, in request
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base resp = send(**kwargs)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1008, in _send_request
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base raise exceptions.SSLError(msg)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base keystoneauth1.exceptions.connection.SSLError: SSL exception connecting to https://192.168.10.150:5000: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base During handling of the above exception, another exception occurred:
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base Traceback (most recent call last):
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py", line 193, in _get_resource
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base resource_type)(resource_id)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/v2_0/client.py", line 869, in show_subnet
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return self.get(self.subnet_path % (subnet), params=_params)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/v2_0/client.py", line 354, in get
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base headers=headers, params=params)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/v2_0/client.py", line 331, in retry_request
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base headers=headers, params=params)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/v2_0/client.py", line 282, in do_request
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base headers=headers)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/client.py", line 339, in do_request
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self._check_uri_length(url)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/client.py", line 332, in _check_uri_length
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base uri_len = len(self.endpoint_url) + len(url)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/client.py", line 346, in endpoint_url
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return self.get_endpoint()
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/adapter.py", line 282, in get_endpoint
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return self.session.get_endpoint(auth or self.auth, **kwargs)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1225, in get_endpoint
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return auth.get_endpoint(self, **kwargs)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py", line 380, in get_endpoint
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base allow_version_hack=allow_version_hack, **kwargs)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py", line 271, in get_endpoint_data
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base service_catalog = self.get_access(session).service_catalog
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py", line 134, in get_access
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self.auth_ref = self.get_auth_ref(session)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py", line 206, in get_auth_ref
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self._plugin = self._do_create_plugin(session)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py", line 161, in _do_create_plugin
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base 'auth_url is correct. %s' % e)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base keystoneauth1.exceptions.discovery.DiscoveryFailure: Could not find versioned identity endpoints when attempting to authenticate. Please check that your auth_url is correct. SSL exception connecting to https://192.168.10.150:5000: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
>
> 2020-08-25 10:55:43.074 226250 DEBUG wsme.api [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Client-side error: Subnet 035f3183-f469-415f-b536-b4a81364e814 not found. format_exception /usr/lib/python3.6/site-packages/wsme/api.py:222
>
> 2020-08-25 10:55:43.076 226250 DEBUG octavia.common.keystone [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Request path is / and it does not require keystone authentication process_request /usr/lib/python3.6/site-packages/octavia/common/keystone.py:77
>
> 2020-08-25 10:55:43.080 226250 DEBUG octavia.common.keystone [req-5091d326-0cb4-4ae1-bf4b-9ef6b9313dca - - - - -] Request path is / and it does not require keystone authentication process_request /usr/lib/python3.6/site-packages/octavia/common/keystone.py:77
>
>
>
> Configuration:
>
> [root at controller01 ~]# cat /etc/octavia/octavia.conf
>
> [DEFAULT]
>
>
>
> log_dir = /var/log/octavia
>
> debug = True
>
> transport_url = rabbit://openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.178:5672,openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.179:5672,openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.28:5672
>
>
>
> [api_settings]
>
> api_base_uri = https://192.168.10.150:9876
>
> bind_host = 192.168.10.178
>
> bind_port = 9876
>
> auth_strategy = keystone
>
> healthcheck_enabled = True
>
> allow_tls_terminated_listeners = True
>
>
>
> [database]
>
> connection = mysql+pymysql://octavia:FUkbii8AY4G6H9LxbJ2RRlOzHN61X8PI8FrMcuXQ@192.168.10.150/octavia
>
> max_retries = -1
>
>
>
> [health_manager]
>
> bind_port = 5555
>
> bind_ip = 192.168.10.178
>
> controller_ip_port_list = 192.168.10.178:5555, 192.168.10.179:5555, 192.168.10.28:5555
>
> heartbeat_key = insecure
>
>
>
> [keystone_authtoken]
>
> service_token_roles_required = True
>
> www_authenticate_uri = https://192.168.10.150:5000
>
> auth_url = https://192.168.10.150:5000
>
> region_name = Hanoi
>
> memcached_servers = 192.168.10.178:11211,192.168.10.179:11211,192.168.10.28:11211
>
> auth_type = password
>
> project_domain_name = Default
>
> user_domain_name = Default
>
> project_name = service
>
> username = octavia
>
> password = esGn3rN3iJOAD2HXmqznFPI9oAY2wQNDWYwqJaCH
>
> cafile = /etc/ssl/private/haproxy.pem
>
> insecure = false
>
>
>
>
>
> [certificates]
>
> cert_generator = local_cert_generator
>
> #server_certs_key_passphrase = insecure-key-do-not-use-this-key
>
> ca_private_key_passphrase = esGn3rN3iJOAD2HXmqznFPI9oAY2wQNDWYwqJaCH
>
> ca_private_key = /etc/octavia/certs/server_ca.key.pem
>
> ca_certificate = /etc/octavia/certs/server_ca.cert.pem
>
> region_name = Hanoi
>
> ca_certificates_file = /etc/ssl/private/haproxy.pem
>
> endpoint_type = internal
>
>
>
> [networking]
>
> #allow_vip_network_id = True
>
> #allow_vip_subnet_id = True
>
> #allow_vip_port_id = True
>
>
>
> [haproxy_amphora]
>
> #bind_port = 9443
>
> server_ca = /etc/octavia/certs/server_ca.cert.pem
>
> client_cert = /etc/octavia/certs/client.cert-and-key.pem
>
> base_path = /var/lib/octavia
>
> base_cert_dir = /var/lib/octavia/certs
>
> connection_max_retries = 1500
>
> connection_retry_interval = 1
>
>
>
> [controller_worker]
>
> amp_image_tag = amphora
>
> amp_ssh_key_name = octavia
>
> amp_secgroup_list = 80f44b73-dc9f-48aa-a0b8-8b78e5c6585c
>
> amp_boot_network_list = 04425cb2-5963-48f5-a229-b89b7c6036bd
>
> amp_flavor_id = 200
>
> network_driver = allowed_address_pairs_driver
>
> compute_driver = compute_nova_driver
>
> amphora_driver = amphora_haproxy_rest_driver
>
> client_ca = /etc/octavia/certs/client_ca.cert.pem
>
> loadbalancer_topology = SINGLE
>
> amp_active_retries = 9999
>
>
>
> [task_flow]
>
> [oslo_messaging]
>
> topic = octavia_prov
>
> rpc_thread_pool_size = 2
>
>
>
> [house_keeping]
>
> [amphora_agent]
>
> [keepalived_vrrp]
>
>
>
> [service_auth]
>
> auth_url = https://192.168.10.150:5000
>
> auth_type = password
>
> project_domain_name = default
>
> user_domain_name = default
>
> project_name = admin
>
> username = admin
>
> password = F35sXAYW5qDlMGfQbhmexIx12DqrQdpw6ixAseTd
>
> cafile = /etc/ssl/private/haproxy.pem
>
> region_name = Hanoi
>
> memcached_servers = 192.168.10.178:11211,192.168.10.179:11211,192.168.10.28:11211
>
> #insecure = true
>
>
>
>
>
> [glance]
>
> ca_certificates_file = /etc/ssl/private/haproxy.pem
>
> region_name = Hanoi
>
> endpoint_type = internal
>
> insecure = false
>
>
>
> [neutron]
>
> ca_certificates_file = /etc/ssl/private/haproxy.pem
>
> region_name = Hanoi
>
> endpoint_type = internal
>
> insecure = false
>
>
>
> [cinder]
>
> ca_certificates_file = /etc/ssl/private/haproxy.pem
>
> region_name = Hanoi
>
> endpoint_type = internal
>
> insecure = false
>
>
>
> [nova]
>
> ca_certificates_file = /etc/ssl/private/haproxy.pem
>
> region_name = Hanoi
>
> endpoint_type = internal
>
> insecure = false
>
>
>
> [oslo_policy]
>
> #policy_file = /etc/octavia/policy.json
>
>
>
> [oslo_messaging_notifications]
>
> transport_url = rabbit://openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.178:5672,openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.179:5672,openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.28:5672
>
>
>
> _______________________________________________
> Community mailing list
> Community at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/community
More information about the openstack-discuss
mailing list