Incorrect configuration in apache2 for internal service port
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Charm Helpers |
Fix Committed
|
Undecided
|
Edward Hope-Morley | ||
OpenStack Ironic API Charm |
Fix Committed
|
Undecided
|
Unassigned | ||
2023.1 |
New
|
Undecided
|
Unassigned | ||
OpenStack Octavia Charm |
Fix Committed
|
Undecided
|
Unassigned | ||
2023.1 |
Fix Committed
|
Undecided
|
Unassigned | ||
charms.openstack |
Invalid
|
Undecided
|
Unassigned |
Bug Description
An ironic based environment is misconfigured in the apache configuration, the ssl termination endpoint should be passing the requests to http://
$ openstack baremetal conductor list
SSL exception connecting to https:/
This behavior is currentl reproduced in a lab environment, although this same issue is being seen at the gate[0]
Here is the list of relevant open ports:
```
root@juju-
LISTEN 0 4096 0.0.0.0:6385 0.0.0.0:* users:(
LISTEN 0 128 0.0.0.0:6365 0.0.0.0:* users:(
LISTEN 0 4096 *:6385 *:* users:(
LISTEN 0 511 *:6375 *:* users:(
```
Here it's the content of /etc/apache2/
```
Listen 6375
<VirtualHost 10.5.3.161:6375>
ServerName 10.5.250.100
SSLEngine on
# This section is based on Mozilla's recommendation
# as the "intermediate" profile as of July 7th, 2020.
# https:/
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-
SSLHonorCip
SSLCertific
SSLCertific
ProxyPass / http://
ProxyPassRe
ProxyPreser
RequestHeader set X-Forwarded-Proto "https"
KeepAliveTi
MaxKeepAliv
</VirtualHost>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
Order allow,deny
Allow from all
</Location>
```
Error in the gate:
```
2023-06-01 21:25:46.511409 | focal-medium | 2023-06-01 21:25:46 [INFO] raise exceptions.
2023-06-01 21:25:46.511437 | focal-medium | 2023-06-01 21:25:46 [INFO] keystoneauth1.
```
[0] https:/
Changed in charm-helpers: | |
status: | New → In Progress |
assignee: | nobody → Edward Hope-Morley (hopem) |
Changed in charms.openstack: | |
status: | New → Invalid |
Changed in charm-helpers: | |
status: | In Progress → Fix Committed |
same issue with octavia on zed/stable:
# egrep "ProxyPass|Listen" /etc/apache2/ sites-enabled/ openstack_ https_frontend. conf localhost: 9866/ verse / http:// localhost: 9866/
Listen 9866
ProxyPass / http://
ProxyPassRe
i.e. it is proxying to itself. Changing those to 9865 fixes it.