[Openstack] Nova SSL API Endpoint Failure in Horizon - Pike

Steven D. Searles SSearles at zimcom.net
Thu Oct 19 04:20:51 UTC 2017 

Hello everyone,  In my pike lab setup I am having an issue with using an https endpoint for the compute service only through horizon. The python client works fine.  Below is what I am seeing. If you think its a bug let me know and I will file a report. Any assistance would be appreciated.

Nova Endpoints Non SSL functioning correctly.

root at controller01<mailto:root at controller01>:~# openstack endpoint list |grep compute
| 308f5b565c974aa8a080020ce9c84c40 | us-east-dtw | nova         | compute      | True    | public    | http://controller01.us-east-dtw.public.lco.cloud:8774/v2.1                |
| d941c3f61cae4b95b9a2fb0b10d9c536 | us-east-dtw | nova         | compute      | True    | internal  | http://controller01.us-east-dtw.internal.lco.cloud:8774/v2.1              |
| db194f0b5aa7402d82da696c0bf32e38 | us-east-dtw | nova         | compute      | True    | admin     | http://controller01.us-east-dtw.admin.lco.cloud:8774/v2.1                 |
root at controller01<mailto:root at controller01>:~#

Changed the endpoint to SSL and a new URL.

root at controller01<mailto:root at controller01>:~# openstack endpoint list |grep compute
| 168593fd00134b5f9278d81b56e16625 | us-east-dtw | nova         | compute      | True    | public    | https://compute.apigw.us-east-dtw.lco.cloud:8774/v2.1                     |
| d941c3f61cae4b95b9a2fb0b10d9c536 | us-east-dtw | nova         | compute      | True    | internal  | http://controller01.us-east-dtw.internal.lco.cloud:8774/v2.1              |
| db194f0b5aa7402d82da696c0bf32e38 | us-east-dtw | nova         | compute      | True    | admin     | http://controller01.us-east-dtw.admin.lco.cloud:8774/v2.1                 |

Test if the api endpoint is there.  From Controller.

root at controller01:~# curl https://compute.apigw.us-east-dtw.lco.cloud:8774/v2.1
{"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}

Test if the api endpoint is listening and reachable from the Horizon Server.

root at horizon01:~# curl https://compute.apigw.us-east-dtw.lco.cloud:8774/v2.1
{"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}

Yes it is there and listening from both.

Test from the openstack client

root at controller01<mailto:root at controller01>:~# openstack server list
+--------------------------------------+-----------+--------+-------------------------+-------+----------+
| ID                                   | Name      | Status | Networks                | Image | Flavor   |
+--------------------------------------+-----------+--------+-------------------------+-------+----------+
| 70ce7c5b-df65-456c-bb26-f4741f78f691 | WinTest-5 | ACTIVE | Admin-RFC1918=10.0.0.23 |       | m1.large |
| 8eaf4a62-7611-4c39-aab1-39726c4e1461 | WinTest-4 | ACTIVE | Admin-RFC1918=10.0.0.39 |       | m1.large |
| 9e1e58d2-da74-4c09-a999-e69a4616f244 | WinTest-3 | ACTIVE | Admin-RFC1918=10.0.0.13 |       | m1.large |
| 24ec52a5-c405-483e-aa58-4af3f4ef6448 | WinTest-2 | ACTIVE | Admin-RFC1918=10.0.0.25 |       | m1.large |
| 9402a70a-ead3-41ef-bcb6-0ca387295b95 | WinTest-1 | ACTIVE | Admin-RFC1918=10.0.0.38 |       | m1.large |
+--------------------------------------+-----------+--------+-------------------------+-------+----------+
root at controller01<mailto:root at controller01>:~#


Test from Horizon UI.  Fail "Unable to Retrieve instance list".

This is the error from the horizon error log.

[Thu Oct 19 03:50:50.747066 2017] [wsgi:error] [pid 1631:tid 139920712161024] WARNING horizon.exceptions Recoverable error: Unable to establish connection to http://compute.apigw.us-east-dtw.lco.cloud/v2.1/: HTTPConnectionPool(host='compute.apigw.us-east-dtw.lco.cloud', port=80): Max retries exceeded with url: /v2.1/ (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f41d2d3b050>: Failed to establish a new connection: [Errno 111] Connection refused',))

The obvious problem is that request went to port 80 and is not https://  but why? I double checked local_settings.py and publicURL is set for the endpoint type.  Setting it back to the original, non ssl endpoint and horizon works properly.   Any ideas?

So far I have only seen this issue with Nova.  I did swift earlier without issue.

root at controller01<mailto:root at controller01>:~# openstack endpoint list |grep object
| 169d972b2ac5435cbcfd8900a94f2c61 | us-east-dtw | swift        | object-store | True    | public    | https://object.apigw.us-east-dtw.lco.cloud:8080/v1/AUTH_%(project_id)s    |
| 5b030e1c00834fbda424a8c0b0c95d17 | us-east-dtw | swift        | object-store | True    | internal  | http://swift01.us-east-dtw.internal.lco.cloud:8080/v1/AUTH_%(project_id)s |
| aa6be6369f884f78b01bd965e0b9fa12 | us-east-dtw | swift        | object-store | True    | admin     | http://swift01.us-east-dtw.admin.lco.cloud:8080/v1                        |
root at controller01<mailto:root at controller01>:~#


Thanks in advance.


Steve Searles





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20171019/3dbefff4/attachment.html>

More information about the Openstack mailing list