[openstack-community] Error add member to pool ( OCTAVIA ) when using SSL to verify

Lingxian Kong anlin.kong at gmail.com
Tue Aug 25 21:41:19 UTC 2020


>From the log, it seems like the HTTPS communication with Neutron failed,
can you successfully talk to Neutron using HTTPS? You can also try to
simulate the code here
https://github.com/openstack/octavia/blob/stable%2Fussuri/octavia/network/drivers/neutron/base.py#L38
for testing.

---
Lingxian Kong
Senior Software Engineer
Catalyst Cloud
www.catalystcloud.nz


On Wed, Aug 26, 2020 at 2:25 AM Amy Marrich <amy at demarco.com> wrote:

> Adding the OpenStack discuss list.
>
> Amy (spotz)
>
> On Aug 24, 2020, at 11:14 PM, Vinh Nguyen Duc <vinhducnguyen1708 at gmail.com>
> wrote:
>
> 
>
> Dear Openstack community,
>
>
>
> My name is Duc Vinh,  I am newer in Openstack
>
> I am deploy Openstack Ussuri on Centos8 , I am using three nodes
> controller with High Availability topology and using HAproxy to verify
> cert for connect HTTPS,
>
> I have trouble with project Octavia, I cannot add member in a pool after
> created Loadbalancer, listener, pool ( everything is fine).
>
> Here is my log and configuration file:
>
>
>
> *LOGS: *
>
>
>
> 2020-08-25 10:55:42.872 226250 DEBUG octavia.network.drivers.neutron.base
> [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 -
> 8259463ce052437396afa845933afe4b - default default] Neutron extension
> security-group found enabled _check_extension_enabled
> /usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py:66
>
> 2020-08-25 10:55:42.892 226250 DEBUG octavia.network.drivers.neutron.base
> [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 -
> 8259463ce052437396afa845933afe4b - default default] Neutron extension
> dns-integration is not enabled _check_extension_enabled
> /usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py:70
>
> 2020-08-25 10:55:42.911 226250 DEBUG octavia.network.drivers.neutron.base
> [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 -
> 8259463ce052437396afa845933afe4b - default default] Neutron extension qos
> found enabled _check_extension_enabled
> /usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py:66
>
> 2020-08-25 10:55:42.933 226250 DEBUG octavia.network.drivers.neutron.base
> [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 -
> 8259463ce052437396afa845933afe4b - default default] Neutron extension
> allowed-address-pairs found enabled _check_extension_enabled
> /usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py:66
>
> 2020-08-25 10:55:43.068 226250 WARNING keystoneauth.identity.generic.base
> [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 -
> 8259463ce052437396afa845933afe4b - default default] Failed to discover
> available identity versions when contacting https://192.168.10.150:5000.
> Attempting to parse version from URL.:
> keystoneauth1.exceptions.connection.SSLError: SSL exception connecting to
> https://192.168.10.150:5000: HTTPSConnectionPool(host='192.168.10.150',
> port=5000): Max retries exceeded with url: / (Caused by
> SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify
> failed (_ssl.c:897)'),))
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
> [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 -
> 8259463ce052437396afa845933afe4b - default default] Error retrieving subnet
> (subnet id: 035f3183-f469-415f-b536-b4a81364e814.:
> keystoneauth1.exceptions.discovery.DiscoveryFailure: Could not find
> versioned identity endpoints when attempting to authenticate. Please check
> that your auth_url is correct. SSL exception connecting to
> https://192.168.10.150:5000: HTTPSConnectionPool(host='192.168.10.150',
> port=5000): Max retries exceeded with url: / (Caused by
> SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify
> failed (_ssl.c:897)'),))
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
> Traceback (most recent call last):
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in
> urlopen
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     chunked=chunked)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in
> _make_request
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     self._validate_conn(conn)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in
> _validate_conn
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     conn.connect()
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 344, in
> connect
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     ssl_context=context)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 367, in
> ssl_wrap_socket
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     return context.wrap_socket(sock)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File "/usr/lib64/python3.6/ssl.py",
> line 365, in wrap_socket
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     _context=self, _session=session)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File "/usr/lib64/python3.6/ssl.py",
> line 776, in __init__
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     self.do_handshake()
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File "/usr/lib64/python3.6/ssl.py",
> line 1036, in do_handshake
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     self._sslobj.do_handshake()
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File "/usr/lib64/python3.6/ssl.py",
> line 648, in do_handshake
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     self._sslobj.do_handshake()
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
> ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
> (_ssl.c:897)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
> During handling of the above exception, another exception occurred:
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
> Traceback (most recent call last):
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/requests/adapters.py", line 449, in send
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     timeout=timeout
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 638, in
> urlopen
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
>     _stacktrace=sys.exc_info()[2])
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/urllib3/util/retry.py", line 399, in
> increment
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     raise MaxRetryError(_pool, url,
> error or ResponseError(cause))
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
> urllib3.exceptions.MaxRetryError:
> HTTPSConnectionPool(host='192.168.10.150', port=5000): Max retries exceeded
> with url: / (Caused by SSLError(SSLError(1, '[SSL:
> CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
> During handling of the above exception, another exception occurred:
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
> Traceback (most recent call last):
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1004, in
> _send_request
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     resp =
> self.session.request(method, url, **kwargs)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/requests/sessions.py", line 533, in
> request
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     resp = self.send(prep,
> **send_kwargs)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/requests/sessions.py", line 646, in send
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     r = adapter.send(request, **kwargs)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/requests/adapters.py", line 514, in send
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     raise SSLError(e, request=request)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
> requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.10.150',
> port=5000): Max retries exceeded with url: / (Caused by
> SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify
> failed (_ssl.c:897)'),))
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
> During handling of the above exception, another exception occurred:
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
> Traceback (most recent call last):
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py",
> line 138, in _do_create_plugin
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     authenticated=False)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py", line
> 610, in get_discovery
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     authenticated=authenticated)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/keystoneauth1/discover.py", line 1452, in
> get_discovery
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     disc = Discover(session, url,
> authenticated=authenticated)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/keystoneauth1/discover.py", line 536, in
> __init__
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     authenticated=authenticated)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/keystoneauth1/discover.py", line 102, in
> get_version_data
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     resp = session.get(url,
> headers=headers, authenticated=authenticated)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1123, in
> get
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     return self.request(url, 'GET',
> **kwargs)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 913, in
> request
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     resp = send(**kwargs)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1008, in
> _send_request
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     raise exceptions.SSLError(msg)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
> keystoneauth1.exceptions.connection.SSLError: SSL exception connecting to
> https://192.168.10.150:5000: HTTPSConnectionPool(host='192.168.10.150',
> port=5000): Max retries exceeded with url: / (Caused by
> SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify
> failed (_ssl.c:897)'),))
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
> During handling of the above exception, another exception occurred:
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
> Traceback (most recent call last):
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
>   File
> "/usr/lib/python3.6/site-packages/octavia/network/drivers/neutron/base.py",
> line 193, in _get_resource
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     resource_type)(resource_id)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/neutronclient/v2_0/client.py", line 869,
> in show_subnet
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     return self.get(self.subnet_path %
> (subnet), params=_params)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/neutronclient/v2_0/client.py", line 354,
> in get
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     headers=headers, params=params)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/neutronclient/v2_0/client.py", line 331,
> in retry_request
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     headers=headers, params=params)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/neutronclient/v2_0/client.py", line 282,
> in do_request
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     headers=headers)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/neutronclient/client.py", line 339, in
> do_request
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     self._check_uri_length(url)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/neutronclient/client.py", line 332, in
> _check_uri_length
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     uri_len = len(self.endpoint_url) +
> len(url)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/neutronclient/client.py", line 346, in
> endpoint_url
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     return self.get_endpoint()
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/keystoneauth1/adapter.py", line 282, in
> get_endpoint
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     return
> self.session.get_endpoint(auth or self.auth, **kwargs)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1225, in
> get_endpoint
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     return auth.get_endpoint(self,
> **kwargs)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py", line
> 380, in get_endpoint
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base
> allow_version_hack=allow_version_hack, **kwargs)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py", line
> 271, in get_endpoint_data
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     service_catalog =
> self.get_access(session).service_catalog
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/keystoneauth1/identity/base.py", line
> 134, in get_access
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     self.auth_ref =
> self.get_auth_ref(session)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py",
> line 206, in get_auth_ref
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     self._plugin =
> self._do_create_plugin(session)
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base   File
> "/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py",
> line 161, in _do_create_plugin
>
> 2020-08-25 10:55:43.070 226250 ERROR
> octavia.network.drivers.neutron.base     'auth_url is correct. %s' % e)
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
> keystoneauth1.exceptions.discovery.DiscoveryFailure: Could not find
> versioned identity endpoints when attempting to authenticate. Please check
> that your auth_url is correct. SSL exception connecting to
> https://192.168.10.150:5000: HTTPSConnectionPool(host='192.168.10.150',
> port=5000): Max retries exceeded with url: / (Caused by
> SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify
> failed (_ssl.c:897)'),))
>
> 2020-08-25 10:55:43.070 226250 ERROR octavia.network.drivers.neutron.base
>
> 2020-08-25 10:55:43.074 226250 DEBUG wsme.api
> [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 -
> 8259463ce052437396afa845933afe4b - default default] Client-side error:
> Subnet 035f3183-f469-415f-b536-b4a81364e814 not found. format_exception
> /usr/lib/python3.6/site-packages/wsme/api.py:222
>
> 2020-08-25 10:55:43.076 226250 DEBUG octavia.common.keystone
> [req-57c5b37c-e50f-4d50-b535-b0a3d19db1d5 -
> 8259463ce052437396afa845933afe4b - default default] Request path is / and
> it does not require keystone authentication process_request
> /usr/lib/python3.6/site-packages/octavia/common/keystone.py:77
>
> 2020-08-25 10:55:43.080 226250 DEBUG octavia.common.keystone
> [req-5091d326-0cb4-4ae1-bf4b-9ef6b9313dca - - - - -] Request path is / and
> it does not require keystone authentication process_request
> /usr/lib/python3.6/site-packages/octavia/common/keystone.py:77
>
>
>
> *Configuration:*
>
> [root at controller01 ~]# cat /etc/octavia/octavia.conf
>
> [DEFAULT]
>
>
>
> log_dir = /var/log/octavia
>
> debug = True
>
> transport_url = rabbit://
> openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF at 192.168.10.178:5672,
> openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF at 192.168.10.179:5672,
> openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF at 192.168.10.28:5672
>
>
>
> [api_settings]
>
> api_base_uri = https://192.168.10.150:9876
>
> bind_host = 192.168.10.178
>
> bind_port = 9876
>
> auth_strategy = keystone
>
> healthcheck_enabled = True
>
> allow_tls_terminated_listeners = True
>
>
>
> [database]
>
> connection = mysql+pymysql://
> octavia:FUkbii8AY4G6H9LxbJ2RRlOzHN61X8PI8FrMcuXQ at 192.168.10.150/octavia
>
> max_retries = -1
>
>
>
> [health_manager]
>
> bind_port = 5555
>
> bind_ip = 192.168.10.178
>
> controller_ip_port_list = 192.168.10.178:5555, 192.168.10.179:5555,
> 192.168.10.28:5555
>
> heartbeat_key = insecure
>
>
>
> [keystone_authtoken]
>
> service_token_roles_required = True
>
> www_authenticate_uri = https://192.168.10.150:5000
>
> auth_url = https://192.168.10.150:5000
>
> region_name = Hanoi
>
> memcached_servers = 192.168.10.178:11211,192.168.10.179:11211,
> 192.168.10.28:11211
>
> auth_type = password
>
> project_domain_name = Default
>
> user_domain_name = Default
>
> project_name = service
>
> username = octavia
>
> password = esGn3rN3iJOAD2HXmqznFPI9oAY2wQNDWYwqJaCH
>
> cafile = /etc/ssl/private/haproxy.pem
>
> insecure = false
>
>
>
>
>
> [certificates]
>
> cert_generator = local_cert_generator
>
> #server_certs_key_passphrase = insecure-key-do-not-use-this-key
>
> ca_private_key_passphrase = esGn3rN3iJOAD2HXmqznFPI9oAY2wQNDWYwqJaCH
>
> ca_private_key = /etc/octavia/certs/server_ca.key.pem
>
> ca_certificate = /etc/octavia/certs/server_ca.cert.pem
>
> region_name = Hanoi
>
> ca_certificates_file = /etc/ssl/private/haproxy.pem
>
> endpoint_type = internal
>
>
>
> [networking]
>
> #allow_vip_network_id = True
>
> #allow_vip_subnet_id = True
>
> #allow_vip_port_id = True
>
>
>
> [haproxy_amphora]
>
> #bind_port = 9443
>
> server_ca = /etc/octavia/certs/server_ca.cert.pem
>
> client_cert = /etc/octavia/certs/client.cert-and-key.pem
>
> base_path = /var/lib/octavia
>
> base_cert_dir = /var/lib/octavia/certs
>
> connection_max_retries = 1500
>
> connection_retry_interval = 1
>
>
>
> [controller_worker]
>
> amp_image_tag = amphora
>
> amp_ssh_key_name = octavia
>
> amp_secgroup_list = 80f44b73-dc9f-48aa-a0b8-8b78e5c6585c
>
> amp_boot_network_list = 04425cb2-5963-48f5-a229-b89b7c6036bd
>
> amp_flavor_id = 200
>
> network_driver = allowed_address_pairs_driver
>
> compute_driver = compute_nova_driver
>
> amphora_driver = amphora_haproxy_rest_driver
>
> client_ca = /etc/octavia/certs/client_ca.cert.pem
>
> loadbalancer_topology = SINGLE
>
> amp_active_retries = 9999
>
>
>
> [task_flow]
>
> [oslo_messaging]
>
> topic = octavia_prov
>
> rpc_thread_pool_size = 2
>
>
>
> [house_keeping]
>
> [amphora_agent]
>
> [keepalived_vrrp]
>
>
>
> [service_auth]
>
> auth_url = https://192.168.10.150:5000
>
> auth_type = password
>
> project_domain_name = default
>
> user_domain_name = default
>
> project_name = admin
>
> username = admin
>
> password = F35sXAYW5qDlMGfQbhmexIx12DqrQdpw6ixAseTd
>
> cafile = /etc/ssl/private/haproxy.pem
>
> region_name = Hanoi
>
> memcached_servers = 192.168.10.178:11211,192.168.10.179:11211,
> 192.168.10.28:11211
>
> #insecure = true
>
>
>
>
>
> [glance]
>
> ca_certificates_file = /etc/ssl/private/haproxy.pem
>
> region_name = Hanoi
>
> endpoint_type = internal
>
> insecure = false
>
>
>
> [neutron]
>
> ca_certificates_file = /etc/ssl/private/haproxy.pem
>
> region_name = Hanoi
>
> endpoint_type = internal
>
> insecure = false
>
>
>
> [cinder]
>
> ca_certificates_file = /etc/ssl/private/haproxy.pem
>
> region_name = Hanoi
>
> endpoint_type = internal
>
> insecure = false
>
>
>
> [nova]
>
> ca_certificates_file = /etc/ssl/private/haproxy.pem
>
> region_name = Hanoi
>
> endpoint_type = internal
>
> insecure = false
>
>
>
> [oslo_policy]
>
> #policy_file = /etc/octavia/policy.json
>
>
>
> [oslo_messaging_notifications]
>
> transport_url = rabbit://
> openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF at 192.168.10.178:5672,
> openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF at 192.168.10.179:5672,
> openstack:4ychZAT5VrWlk6KFfgAmpXvGdzfdV8hEpIgOLhyF at 192.168.10.28:5672
>
>
> _______________________________________________
> Community mailing list
> Community at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/community
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20200826/622eec3f/attachment-0001.html>


More information about the openstack-discuss mailing list