Re: [openstack-community] Error add member to pool ( OCTAVIA ) when using SSL to verify
Adding the OpenStack discuss list. Amy (spotz)
On Aug 24, 2020, at 11:14 PM, Vinh Nguyen Duc <vinhducnguyen1708@gmail.com> wrote:
Dear Openstack community,
My name is Duc Vinh, I am newer in Openstack I am deploy Openstack Ussuri on Centos8 , I am using three nodes controller with High Availability topology and using HAproxy to verify cert for connect HTTPS, I have trouble with project Octavia, I cannot add member in a pool after created Loadbalancer, listener, pool ( everything is fine). Here is my log and configuration file:
LOGS:
2020-08-25 10:55:42.872 226250 DEBUG octavia.network.drivers.neutron.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Neutron extension security-group found enabled _check_extension_enabled /usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py:66 2020-08-25 10:55:42.892 226250 DEBUG octavia.network.drivers.neutron.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Neutron extension dns-integration is not enabled _check_extension_enabled /usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py:70 2020-08-25 10:55:42.911 226250 DEBUG octavia.network.drivers.neutron.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Neutron extension qos found enabled _check_extension_enabled /usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py:66 2020-08-25 10:55:42.933 226250 DEBUG octavia.network.drivers.neutron.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Neutron extension allowed-address-pairs found enabled _check_extension_enabled /usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py:66 2020-08-25 10:55:43.068 226250 WARNING keystoneauth.identity.generic.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Failed to discover available identity versions when contacting https://192.168.10.150:5000. Attempting to parse version from URL.: keystoneauth1.exceptions.connection.SSLError: SSL exception connecting to https://192.168.10.150:5000: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),)) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Error retrieving subnet (subnet id: 035f3183-f469-415f-b536-b4a81364e814.: keystoneauth1.exceptions.discovery.DiscoveryFailure: Could not find versioned identity endpoints when attempting to authenticate. Please check that your auth_url is correct. SSL exception connecting to https://192.168.10.150:5000: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),)) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base Traceback (most recent call last): 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base chunked=chunked) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self._validate_conn(conn) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in _validate_conn 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base conn.connect() 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 344, in connect 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base ssl_context=context) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 367, in ssl_wrap_socket 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return context.wrap_socket(sock) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base _context=self, _session=session) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib64/python3.6/ssl.py", line 776, in __init__ 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self.do_handshake() 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self._sslobj.do_handshake() 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self._sslobj.do_handshake() 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base During handling of the above exception, another exception occurred: 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base Traceback (most recent call last): 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 449, in send 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base timeout=timeout 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 638, in urlopen 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base _stacktrace=sys.exc_info()[2]) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/util/retry.py", line 399, in increment 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base raise MaxRetryError(_pool, url, error or ResponseError(cause)) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),)) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base During handling of the above exception, another exception occurred: 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base Traceback (most recent call last): 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1004, in _send_request 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base resp = self.session.request(method, url, **kwargs) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 533, in request 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base resp = self.send(prep, **send_kwargs) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 646, in send 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base r = adapter.send(request, **kwargs) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 514, in send 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base raise SSLError(e, request=request) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),)) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base During handling of the above exception, another exception occurred: 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base Traceback (most recent call last): 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py", line 138, in _do_create_plugin 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base authenticated=False) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py", line 610, in get_discovery 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base authenticated=authenticated) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/discover.py", line 1452, in get_discovery 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base disc = Discover(session, url, authenticated=authenticated) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/discover.py", line 536, in __init__ 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base authenticated=authenticated) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/discover.py", line 102, in get_version_data 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base resp = session.get(url, headers=headers, authenticated=authenticated) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1123, in get 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return self.request(url, 'GET', **kwargs) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 913, in request 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base resp = send(**kwargs) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1008, in _send_request 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base raise exceptions.SSLError(msg) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base keystoneauth1.exceptions.connection.SSLError: SSL exception connecting to https://192.168.10.150:5000: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),)) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base During handling of the above exception, another exception occurred: 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base Traceback (most recent call last): 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py", line 193, in _get_resource 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base resource_type)(resource_id) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/v2_0/client.py", line 869, in show_subnet 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return self.get(self.subnet_path % (subnet), params=_params) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/v2_0/client.py", line 354, in get 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base headers=headers, params=params) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/v2_0/client.py", line 331, in retry_request 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base headers=headers, params=params) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/v2_0/client.py", line 282, in do_request 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base headers=headers) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/client.py", line 339, in do_request 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self._check_uri_length(url) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/client.py", line 332, in _check_uri_length 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base uri_len = len(self.endpoint_url) + len(url) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/client.py", line 346, in endpoint_url 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return self.get_endpoint() 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/adapter.py", line 282, in get_endpoint 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return self.session.get_endpoint(auth or self.auth, **kwargs) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1225, in get_endpoint 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return auth.get_endpoint(self, **kwargs) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py", line 380, in get_endpoint 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base allow_version_hack=allow_version_hack, **kwargs) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py", line 271, in get_endpoint_data 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base service_catalog = self.get_access(session).service_catalog 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py", line 134, in get_access 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self.auth_ref = self.get_auth_ref(session) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py", line 206, in get_auth_ref 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self._plugin = self._do_create_plugin(session) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py", line 161, in _do_create_plugin 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base 'auth_url is correct. %s' % e) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base keystoneauth1.exceptions.discovery.DiscoveryFailure: Could not find versioned identity endpoints when attempting to authenticate. Please check that your auth_url is correct. SSL exception connecting to https://192.168.10.150:5000: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),)) 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base 2020-08-25 10:55:43.074 226250 DEBUG wsme.api [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Client-side error: Subnet 035f3183-f469-415f-b536-b4a81364e814 not found. format_exception /usr/lib/python3.6/site-packages/wsme/api.py:222 2020-08-25 10:55:43.076 226250 DEBUG octavia.common.keystone [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Request path is / and it does not require keystone authentication process_request /usr/lib/python3.6/site-packages/octavia/common/keystone.py:77 2020-08-25 10:55:43.080 226250 DEBUG octavia.common.keystone [req-5091d326-0cb4-4ae1-bf4b-9ef6b9313dca - - - - -] Request path is / and it does not require keystone authentication process_request /usr/lib/python3.6/site-packages/octavia/common/keystone.py:77
Configuration: [root@controller01 ~]# cat /etc/octavia/octavia.conf [DEFAULT]
log_dir = /var/log/octavia debug = True transport_url = rabbit://openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.178:5672,openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.179:5672,openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.28:5672
[api_settings] api_base_uri = https://192.168.10.150:9876 bind_host = 192.168.10.178 bind_port = 9876 auth_strategy = keystone healthcheck_enabled = True allow_tls_terminated_listeners = True
[database] connection = mysql+pymysql://octavia:FUkbii8AY4G6H9LxbJ2RRlOzHN61X8PI8FrMcuXQ@192.168.10.150/octavia max_retries = -1
[health_manager] bind_port = 5555 bind_ip = 192.168.10.178 controller_ip_port_list = 192.168.10.178:5555, 192.168.10.179:5555, 192.168.10.28:5555 heartbeat_key = insecure
[keystone_authtoken] service_token_roles_required = True www_authenticate_uri = https://192.168.10.150:5000 auth_url = https://192.168.10.150:5000 region_name = Hanoi memcached_servers = 192.168.10.178:11211,192.168.10.179:11211,192.168.10.28:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = octavia password = esGn3rN3iJOAD2HXmqznFPI9oAY2wQNDWYwqJaCH cafile = /etc/ssl/private/haproxy.pem insecure = false
[certificates] cert_generator = local_cert_generator #server_certs_key_passphrase = insecure-key-do-not-use-this-key ca_private_key_passphrase = esGn3rN3iJOAD2HXmqznFPI9oAY2wQNDWYwqJaCH ca_private_key = /etc/octavia/certs/server_ca.key.pem ca_certificate = /etc/octavia/certs/server_ca.cert.pem region_name = Hanoi ca_certificates_file = /etc/ssl/private/haproxy.pem endpoint_type = internal
[networking] #allow_vip_network_id = True #allow_vip_subnet_id = True #allow_vip_port_id = True
[haproxy_amphora] #bind_port = 9443 server_ca = /etc/octavia/certs/server_ca.cert.pem client_cert = /etc/octavia/certs/client.cert-and-key.pem base_path = /var/lib/octavia base_cert_dir = /var/lib/octavia/certs connection_max_retries = 1500 connection_retry_interval = 1
[controller_worker] amp_image_tag = amphora amp_ssh_key_name = octavia amp_secgroup_list = 80f44b73-dc9f-48aa-a0b8-8b78e5c6585c amp_boot_network_list = 04425cb2-5963-48f5-a229-b89b7c6036bd amp_flavor_id = 200 network_driver = allowed_address_pairs_driver compute_driver = compute_nova_driver amphora_driver = amphora_haproxy_rest_driver client_ca = /etc/octavia/certs/client_ca.cert.pem loadbalancer_topology = SINGLE amp_active_retries = 9999
[task_flow] [oslo_messaging] topic = octavia_prov rpc_thread_pool_size = 2
[house_keeping] [amphora_agent] [keepalived_vrrp]
[service_auth] auth_url = https://192.168.10.150:5000 auth_type = password project_domain_name = default user_domain_name = default project_name = admin username = admin password = F35sXAYW5qDlMGfQbhmexIx12DqrQdpw6ixAseTd cafile = /etc/ssl/private/haproxy.pem region_name = Hanoi memcached_servers = 192.168.10.178:11211,192.168.10.179:11211,192.168.10.28:11211 #insecure = true
[glance] ca_certificates_file = /etc/ssl/private/haproxy.pem region_name = Hanoi endpoint_type = internal insecure = false
[neutron] ca_certificates_file = /etc/ssl/private/haproxy.pem region_name = Hanoi endpoint_type = internal insecure = false
[cinder] ca_certificates_file = /etc/ssl/private/haproxy.pem region_name = Hanoi endpoint_type = internal insecure = false
[nova] ca_certificates_file = /etc/ssl/private/haproxy.pem region_name = Hanoi endpoint_type = internal insecure = false
[oslo_policy] #policy_file = /etc/octavia/policy.json
[oslo_messaging_notifications] transport_url = rabbit://openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.178:5672,openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.179:5672,openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.28:5672
_______________________________________________ Community mailing list Community@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/community
From the log, it seems like the HTTPS communication with Neutron failed, can you successfully talk to Neutron using HTTPS? You can also try to simulate the code here https://github.com/openstack/octavia/blob/stable%2Fussuri/octavia/network/dr... for testing.
--- Lingxian Kong Senior Software Engineer Catalyst Cloud www.catalystcloud.nz On Wed, Aug 26, 2020 at 2:25 AM Amy Marrich <amy@demarco.com> wrote:
Adding the OpenStack discuss list.
Amy (spotz)
On Aug 24, 2020, at 11:14 PM, Vinh Nguyen Duc <vinhducnguyen1708@gmail.com> wrote:
Dear Openstack community,
My name is Duc Vinh, I am newer in Openstack
I am deploy Openstack Ussuri on Centos8 , I am using three nodes controller with High Availability topology and using HAproxy to verify cert for connect HTTPS,
I have trouble with project Octavia, I cannot add member in a pool after created Loadbalancer, listener, pool ( everything is fine).
Here is my log and configuration file:
*LOGS: *
2020-08-25 10:55:42.872 226250 DEBUG octavia.network.drivers.neutron.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Neutron extension security-group found enabled _check_extension_enabled /usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py:66
2020-08-25 10:55:42.892 226250 DEBUG octavia.network.drivers.neutron.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Neutron extension dns-integration is not enabled _check_extension_enabled /usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py:70
2020-08-25 10:55:42.911 226250 DEBUG octavia.network.drivers.neutron.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Neutron extension qos found enabled _check_extension_enabled /usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py:66
2020-08-25 10:55:42.933 226250 DEBUG octavia.network.drivers.neutron.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Neutron extension allowed-address-pairs found enabled _check_extension_enabled /usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py:66
2020-08-25 10:55:43.068 226250 WARNING keystoneauth.identity.generic.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Failed to discover available identity versions when contacting https://192.168.10.150:5000. Attempting to parse version from URL.: keystoneauth1.exceptions.connection.SSLError: SSL exception connecting to https://192.168.10.150:5000: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Error retrieving subnet (subnet id: 035f3183-f469-415f-b536-b4a81364e814.: keystoneauth1.exceptions.discovery.DiscoveryFailure: Could not find versioned identity endpoints when attempting to authenticate. Please check that your auth_url is correct. SSL exception connecting to https://192.168.10.150:5000: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base Traceback (most recent call last):
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base chunked=chunked)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self._validate_conn(conn)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in _validate_conn
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base conn.connect()
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 344, in connect
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base ssl_context=context)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 367, in ssl_wrap_socket
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return context.wrap_socket(sock)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base _context=self, _session=session)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib64/python3.6/ssl.py", line 776, in __init__
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self.do_handshake()
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self._sslobj.do_handshake()
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self._sslobj.do_handshake()
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base During handling of the above exception, another exception occurred:
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base Traceback (most recent call last):
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 449, in send
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base timeout=timeout
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 638, in urlopen
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base _stacktrace=sys.exc_info()[2])
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/util/retry.py", line 399, in increment
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base raise MaxRetryError(_pool, url, error or ResponseError(cause))
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base During handling of the above exception, another exception occurred:
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base Traceback (most recent call last):
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1004, in _send_request
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base resp = self.session.request(method, url, **kwargs)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 533, in request
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base resp = self.send(prep, **send_kwargs)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 646, in send
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base r = adapter.send(request, **kwargs)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 514, in send
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base raise SSLError(e, request=request)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base During handling of the above exception, another exception occurred:
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base Traceback (most recent call last):
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py", line 138, in _do_create_plugin
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base authenticated=False)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py", line 610, in get_discovery
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base authenticated=authenticated)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/discover.py", line 1452, in get_discovery
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base disc = Discover(session, url, authenticated=authenticated)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/discover.py", line 536, in __init__
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base authenticated=authenticated)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/discover.py", line 102, in get_version_data
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base resp = session.get(url, headers=headers, authenticated=authenticated)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1123, in get
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return self.request(url, 'GET', **kwargs)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 913, in request
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base resp = send(**kwargs)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1008, in _send_request
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base raise exceptions.SSLError(msg)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base keystoneauth1.exceptions.connection.SSLError: SSL exception connecting to https://192.168.10.150:5000: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base During handling of the above exception, another exception occurred:
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base Traceback (most recent call last):
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py", line 193, in _get_resource
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base resource_type)(resource_id)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/v2_0/client.py", line 869, in show_subnet
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return self.get(self.subnet_path % (subnet), params=_params)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/v2_0/client.py", line 354, in get
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base headers=headers, params=params)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/v2_0/client.py", line 331, in retry_request
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base headers=headers, params=params)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/v2_0/client.py", line 282, in do_request
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base headers=headers)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/client.py", line 339, in do_request
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self._check_uri_length(url)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/client.py", line 332, in _check_uri_length
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base uri_len = len(self.endpoint_url) + len(url)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/client.py", line 346, in endpoint_url
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return self.get_endpoint()
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/adapter.py", line 282, in get_endpoint
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return self.session.get_endpoint(auth or self.auth, **kwargs)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1225, in get_endpoint
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return auth.get_endpoint(self, **kwargs)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py", line 380, in get_endpoint
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base allow_version_hack=allow_version_hack, **kwargs)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py", line 271, in get_endpoint_data
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base service_catalog = self.get_access(session).service_catalog
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py", line 134, in get_access
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self.auth_ref = self.get_auth_ref(session)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py", line 206, in get_auth_ref
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self._plugin = self._do_create_plugin(session)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py", line 161, in _do_create_plugin
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base 'auth_url is correct. %s' % e)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base keystoneauth1.exceptions.discovery.DiscoveryFailure: Could not find versioned identity endpoints when attempting to authenticate. Please check that your auth_url is correct. SSL exception connecting to https://192.168.10.150:5000: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
2020-08-25 10:55:43.074 226250 DEBUG wsme.api [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Client-side error: Subnet 035f3183-f469-415f-b536-b4a81364e814 not found. format_exception /usr/lib/python3.6/site-packages/wsme/api.py:222
2020-08-25 10:55:43.076 226250 DEBUG octavia.common.keystone [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Request path is / and it does not require keystone authentication process_request /usr/lib/python3.6/site-packages/octavia/common/keystone.py:77
2020-08-25 10:55:43.080 226250 DEBUG octavia.common.keystone [req-5091d326-0cb4-4ae1-bf4b-9ef6b9313dca - - - - -] Request path is / and it does not require keystone authentication process_request /usr/lib/python3.6/site-packages/octavia/common/keystone.py:77
*Configuration:*
[root@controller01 ~]# cat /etc/octavia/octavia.conf
[DEFAULT]
log_dir = /var/log/octavia
debug = True
transport_url = rabbit:// openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.178:5672, openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.179:5672, openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.28:5672
[api_settings]
api_base_uri = https://192.168.10.150:9876
bind_host = 192.168.10.178
bind_port = 9876
auth_strategy = keystone
healthcheck_enabled = True
allow_tls_terminated_listeners = True
[database]
connection = mysql+pymysql:// octavia:FUkbii8AY4G6H9LxbJ2RRlOzHN61X8PI8FrMcuXQ@192.168.10.150/octavia
max_retries = -1
[health_manager]
bind_port = 5555
bind_ip = 192.168.10.178
controller_ip_port_list = 192.168.10.178:5555, 192.168.10.179:5555, 192.168.10.28:5555
heartbeat_key = insecure
[keystone_authtoken]
service_token_roles_required = True
www_authenticate_uri = https://192.168.10.150:5000
auth_url = https://192.168.10.150:5000
region_name = Hanoi
memcached_servers = 192.168.10.178:11211,192.168.10.179:11211, 192.168.10.28:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = octavia
password = esGn3rN3iJOAD2HXmqznFPI9oAY2wQNDWYwqJaCH
cafile = /etc/ssl/private/haproxy.pem
insecure = false
[certificates]
cert_generator = local_cert_generator
#server_certs_key_passphrase = insecure-key-do-not-use-this-key
ca_private_key_passphrase = esGn3rN3iJOAD2HXmqznFPI9oAY2wQNDWYwqJaCH
ca_private_key = /etc/octavia/certs/server_ca.key.pem
ca_certificate = /etc/octavia/certs/server_ca.cert.pem
region_name = Hanoi
ca_certificates_file = /etc/ssl/private/haproxy.pem
endpoint_type = internal
[networking]
#allow_vip_network_id = True
#allow_vip_subnet_id = True
#allow_vip_port_id = True
[haproxy_amphora]
#bind_port = 9443
server_ca = /etc/octavia/certs/server_ca.cert.pem
client_cert = /etc/octavia/certs/client.cert-and-key.pem
base_path = /var/lib/octavia
base_cert_dir = /var/lib/octavia/certs
connection_max_retries = 1500
connection_retry_interval = 1
[controller_worker]
amp_image_tag = amphora
amp_ssh_key_name = octavia
amp_secgroup_list = 80f44b73-dc9f-48aa-a0b8-8b78e5c6585c
amp_boot_network_list = 04425cb2-5963-48f5-a229-b89b7c6036bd
amp_flavor_id = 200
network_driver = allowed_address_pairs_driver
compute_driver = compute_nova_driver
amphora_driver = amphora_haproxy_rest_driver
client_ca = /etc/octavia/certs/client_ca.cert.pem
loadbalancer_topology = SINGLE
amp_active_retries = 9999
[task_flow]
[oslo_messaging]
topic = octavia_prov
rpc_thread_pool_size = 2
[house_keeping]
[amphora_agent]
[keepalived_vrrp]
[service_auth]
auth_url = https://192.168.10.150:5000
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = admin
username = admin
password = F35sXAYW5qDlMGfQbhmexIx12DqrQdpw6ixAseTd
cafile = /etc/ssl/private/haproxy.pem
region_name = Hanoi
memcached_servers = 192.168.10.178:11211,192.168.10.179:11211, 192.168.10.28:11211
#insecure = true
[glance]
ca_certificates_file = /etc/ssl/private/haproxy.pem
region_name = Hanoi
endpoint_type = internal
insecure = false
[neutron]
ca_certificates_file = /etc/ssl/private/haproxy.pem
region_name = Hanoi
endpoint_type = internal
insecure = false
[cinder]
ca_certificates_file = /etc/ssl/private/haproxy.pem
region_name = Hanoi
endpoint_type = internal
insecure = false
[nova]
ca_certificates_file = /etc/ssl/private/haproxy.pem
region_name = Hanoi
endpoint_type = internal
insecure = false
[oslo_policy]
#policy_file = /etc/octavia/policy.json
[oslo_messaging_notifications]
transport_url = rabbit:// openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.178:5672, openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.179:5672, openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.28:5672
_______________________________________________ Community mailing list Community@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/community
Thank you again Amy. Hi Duc Vinh, Sorry to hear you are having trouble getting Octavia setup. It appears to be an issue with the certificate on the keystone endpoint.
From the log and your configuration I can see: Your keystone auth_url is https://192.168.10.150:5000 You CAfile for this endpoint is configured as: /etc/ssl/private/haproxy.pem
Let's test that configuration by running the following command: echo "Q" | openssl s_client -connect 192.168.10.150:5000 -CAfile /etc/ssl/private/haproxy.pem This will return a lot of information about the certificate on the endpoint and test the CA file. In the output of this command, you want to see "Verification: OK". If you don't, there is a problem either with the certificate on the endpoint of the CA file being used. Check both match and are the expected files. If you are still not sure what is wrong, please send the output of the above command and the output of the following command: openssl x509 -in /etc/ssl/private/haproxy.pem -noout -text I will take a look at that information and should be able to help. Michael On Tue, Aug 25, 2020 at 7:19 AM Amy Marrich <amy@demarco.com> wrote:
Adding the OpenStack discuss list.
Amy (spotz)
On Aug 24, 2020, at 11:14 PM, Vinh Nguyen Duc <vinhducnguyen1708@gmail.com> wrote:
Dear Openstack community,
My name is Duc Vinh, I am newer in Openstack
I am deploy Openstack Ussuri on Centos8 , I am using three nodes controller with High Availability topology and using HAproxy to verify cert for connect HTTPS,
I have trouble with project Octavia, I cannot add member in a pool after created Loadbalancer, listener, pool ( everything is fine).
Here is my log and configuration file:
LOGS:
2020-08-25 10:55:42.872 226250 DEBUG octavia.network.drivers.neutron.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Neutron extension security-group found enabled _check_extension_enabled /usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py:66
2020-08-25 10:55:42.892 226250 DEBUG octavia.network.drivers.neutron.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Neutron extension dns-integration is not enabled _check_extension_enabled /usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py:70
2020-08-25 10:55:42.911 226250 DEBUG octavia.network.drivers.neutron.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Neutron extension qos found enabled _check_extension_enabled /usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py:66
2020-08-25 10:55:42.933 226250 DEBUG octavia.network.drivers.neutron.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Neutron extension allowed-address-pairs found enabled _check_extension_enabled /usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py:66
2020-08-25 10:55:43.068 226250 WARNING keystoneauth.identity.generic.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Failed to discover available identity versions when contacting https://192.168.10.150:5000. Attempting to parse version from URL.: keystoneauth1.exceptions.connection.SSLError: SSL exception connecting to https://192.168.10.150:5000: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Error retrieving subnet (subnet id: 035f3183-f469-415f-b536-b4a81364e814.: keystoneauth1.exceptions.discovery.DiscoveryFailure: Could not find versioned identity endpoints when attempting to authenticate. Please check that your auth_url is correct. SSL exception connecting to https://192.168.10.150:5000: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base Traceback (most recent call last):
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base chunked=chunked)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self._validate_conn(conn)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in _validate_conn
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base conn.connect()
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 344, in connect
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base ssl_context=context)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 367, in ssl_wrap_socket
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return context.wrap_socket(sock)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base _context=self, _session=session)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib64/python3.6/ssl.py", line 776, in __init__
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self.do_handshake()
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self._sslobj.do_handshake()
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self._sslobj.do_handshake()
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base During handling of the above exception, another exception occurred:
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base Traceback (most recent call last):
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 449, in send
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base timeout=timeout
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 638, in urlopen
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base _stacktrace=sys.exc_info()[2])
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/urllib3/util/retry.py", line 399, in increment
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base raise MaxRetryError(_pool, url, error or ResponseError(cause))
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base During handling of the above exception, another exception occurred:
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base Traceback (most recent call last):
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1004, in _send_request
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base resp = self.session.request(method, url, **kwargs)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 533, in request
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base resp = self.send(prep, **send_kwargs)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 646, in send
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base r = adapter.send(request, **kwargs)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 514, in send
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base raise SSLError(e, request=request)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base During handling of the above exception, another exception occurred:
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base Traceback (most recent call last):
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py", line 138, in _do_create_plugin
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base authenticated=False)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py", line 610, in get_discovery
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base authenticated=authenticated)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/discover.py", line 1452, in get_discovery
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base disc = Discover(session, url, authenticated=authenticated)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/discover.py", line 536, in __init__
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base authenticated=authenticated)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/discover.py", line 102, in get_version_data
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base resp = session.get(url, headers=headers, authenticated=authenticated)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1123, in get
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return self.request(url, 'GET', **kwargs)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 913, in request
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base resp = send(**kwargs)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1008, in _send_request
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base raise exceptions.SSLError(msg)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base keystoneauth1.exceptions.connection.SSLError: SSL exception connecting to https://192.168.10.150:5000: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base During handling of the above exception, another exception occurred:
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base Traceback (most recent call last):
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py", line 193, in _get_resource
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base resource_type)(resource_id)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/v2_0/client.py", line 869, in show_subnet
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return self.get(self.subnet_path % (subnet), params=_params)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/v2_0/client.py", line 354, in get
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base headers=headers, params=params)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/v2_0/client.py", line 331, in retry_request
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base headers=headers, params=params)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/v2_0/client.py", line 282, in do_request
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base headers=headers)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/client.py", line 339, in do_request
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self._check_uri_length(url)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/client.py", line 332, in _check_uri_length
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base uri_len = len(self.endpoint_url) + len(url)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/neutronclient/client.py", line 346, in endpoint_url
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return self.get_endpoint()
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/adapter.py", line 282, in get_endpoint
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return self.session.get_endpoint(auth or self.auth, **kwargs)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1225, in get_endpoint
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base return auth.get_endpoint(self, **kwargs)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py", line 380, in get_endpoint
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base allow_version_hack=allow_version_hack, **kwargs)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py", line 271, in get_endpoint_data
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base service_catalog = self.get_access(session).service_catalog
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py", line 134, in get_access
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self.auth_ref = self.get_auth_ref(session)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py", line 206, in get_auth_ref
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base self._plugin = self._do_create_plugin(session)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py", line 161, in _do_create_plugin
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base 'auth_url is correct. %s' % e)
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base keystoneauth1.exceptions.discovery.DiscoveryFailure: Could not find versioned identity endpoints when attempting to authenticate. Please check that your auth_url is correct. SSL exception connecting to https://192.168.10.150:5000: HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
2020-08-25 10:55:43.074 226250 DEBUG wsme.api [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Client-side error: Subnet 035f3183-f469-415f-b536-b4a81364e814 not found. format_exception /usr/lib/python3.6/site-packages/wsme/api.py:222
2020-08-25 10:55:43.076 226250 DEBUG octavia.common.keystone [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 - 8259463ce052437396afa845933afe4b - default default] Request path is / and it does not require keystone authentication process_request /usr/lib/python3.6/site-packages/octavia/common/keystone.py:77
2020-08-25 10:55:43.080 226250 DEBUG octavia.common.keystone [req-5091d326-0cb4-4ae1-bf4b-9ef6b9313dca - - - - -] Request path is / and it does not require keystone authentication process_request /usr/lib/python3.6/site-packages/octavia/common/keystone.py:77
Configuration:
[root@controller01 ~]# cat /etc/octavia/octavia.conf
[DEFAULT]
log_dir = /var/log/octavia
debug = True
transport_url = rabbit://openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.178:5672,openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.179:5672,openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.28:5672
[api_settings]
api_base_uri = https://192.168.10.150:9876
bind_host = 192.168.10.178
bind_port = 9876
auth_strategy = keystone
healthcheck_enabled = True
allow_tls_terminated_listeners = True
[database]
connection = mysql+pymysql://octavia:FUkbii8AY4G6H9LxbJ2RRlOzHN61X8PI8FrMcuXQ@192.168.10.150/octavia
max_retries = -1
[health_manager]
bind_port = 5555
bind_ip = 192.168.10.178
controller_ip_port_list = 192.168.10.178:5555, 192.168.10.179:5555, 192.168.10.28:5555
heartbeat_key = insecure
[keystone_authtoken]
service_token_roles_required = True
www_authenticate_uri = https://192.168.10.150:5000
auth_url = https://192.168.10.150:5000
region_name = Hanoi
memcached_servers = 192.168.10.178:11211,192.168.10.179:11211,192.168.10.28:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = octavia
password = esGn3rN3iJOAD2HXmqznFPI9oAY2wQNDWYwqJaCH
cafile = /etc/ssl/private/haproxy.pem
insecure = false
[certificates]
cert_generator = local_cert_generator
#server_certs_key_passphrase = insecure-key-do-not-use-this-key
ca_private_key_passphrase = esGn3rN3iJOAD2HXmqznFPI9oAY2wQNDWYwqJaCH
ca_private_key = /etc/octavia/certs/server_ca.key.pem
ca_certificate = /etc/octavia/certs/server_ca.cert.pem
region_name = Hanoi
ca_certificates_file = /etc/ssl/private/haproxy.pem
endpoint_type = internal
[networking]
#allow_vip_network_id = True
#allow_vip_subnet_id = True
#allow_vip_port_id = True
[haproxy_amphora]
#bind_port = 9443
server_ca = /etc/octavia/certs/server_ca.cert.pem
client_cert = /etc/octavia/certs/client.cert-and-key.pem
base_path = /var/lib/octavia
base_cert_dir = /var/lib/octavia/certs
connection_max_retries = 1500
connection_retry_interval = 1
[controller_worker]
amp_image_tag = amphora
amp_ssh_key_name = octavia
amp_secgroup_list = 80f44b73-dc9f-48aa-a0b8-8b78e5c6585c
amp_boot_network_list = 04425cb2-5963-48f5-a229-b89b7c6036bd
amp_flavor_id = 200
network_driver = allowed_address_pairs_driver
compute_driver = compute_nova_driver
amphora_driver = amphora_haproxy_rest_driver
client_ca = /etc/octavia/certs/client_ca.cert.pem
loadbalancer_topology = SINGLE
amp_active_retries = 9999
[task_flow]
[oslo_messaging]
topic = octavia_prov
rpc_thread_pool_size = 2
[house_keeping]
[amphora_agent]
[keepalived_vrrp]
[service_auth]
auth_url = https://192.168.10.150:5000
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = admin
username = admin
password = F35sXAYW5qDlMGfQbhmexIx12DqrQdpw6ixAseTd
cafile = /etc/ssl/private/haproxy.pem
region_name = Hanoi
memcached_servers = 192.168.10.178:11211,192.168.10.179:11211,192.168.10.28:11211
#insecure = true
[glance]
ca_certificates_file = /etc/ssl/private/haproxy.pem
region_name = Hanoi
endpoint_type = internal
insecure = false
[neutron]
ca_certificates_file = /etc/ssl/private/haproxy.pem
region_name = Hanoi
endpoint_type = internal
insecure = false
[cinder]
ca_certificates_file = /etc/ssl/private/haproxy.pem
region_name = Hanoi
endpoint_type = internal
insecure = false
[nova]
ca_certificates_file = /etc/ssl/private/haproxy.pem
region_name = Hanoi
endpoint_type = internal
insecure = false
[oslo_policy]
#policy_file = /etc/octavia/policy.json
[oslo_messaging_notifications]
transport_url = rabbit://openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.178:5672,openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.179:5672,openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF@192.168.10.28:5672
_______________________________________________ Community mailing list Community@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/community
participants (3)
-
Amy Marrich
-
Lingxian Kong
-
Michael Johnson