search

servicecatalog / oscm

An Enterprise-ready Cloud Services Management Software.
https://openservicecatalogmanager.org
Apache License 2.0
38 stars 14 forks source link

openstack access via https #1284

Open vvvladd opened 2 years ago

vvvladd commented 2 years ago

Version Info latest oscm, openstack xena charmed

Describe the bug I've successfully generate token via bash after add ca to /etc/ssl/cert/ca-bundle.crt, but via oscm web can not access the controller. There is only simple log from keystone haproxy : Feb 16 08:54:22 juju-5cb111-0-lxd-5 haproxy[730]: 10.100.0.11:44336 [16/Feb/2022:08:52:51.946] tcp-in_public-port public-port_10.100.0.20/keystone-0 1/0/90356 15539 cD 2/2/1/1/0 0/0

And nothing in keystone log. The params are the same in oscm and for curl: Example: docker exec -it oscm-app /bin/bash

export TOKEN=curl --silent -X POST -H "Content-Type: application/json" -d '{ "auth": { "identity": { "methods": ["password"], "password": { "user": { "name": "admin", "domain": { "id": "30d31be6fd6e46df9c4cd340c079996f" }, "password": "xxxxxxxxxxxx" } } }, "scope": { "project": { "name": "admin", "domain": { "id": "30d31be6fd6e46df9c4cd340c079996f" } } } } }' -i "https://10.50.0.14:5000/v3/auth/tokens" | grep X-Subject-Token | cut -d ":" -f 2 echo $TOKEN gAAAAABiDLxflHVyboYA-j5NMX7N02PtdE-39bU22wUgj5zXB-1k-yuRGsknqmot-SB1n5WYw0W25bFKyecitvRfqlzge8nFuF3W_KEPDvxjAfHkkHWdbq5n57fHKkaMtI_8gDW18dH5lyte-rIILDn74Z6hN09drV-wPdzrMwGOyKF87N05ZlA

How to Reproduce Steps to reproduce the behavior:

  1. deploy openstack via juju and maas with self-signed ca (vault)
  2. add ca to ca-bundle in container
  3. Docker instance is in the same network like openstack controller public ip.
  4. test with curl and via oscm web

Observed behavior A clear description of what was observed to happen.

Expected behavior A clear and concise description of what is expected to happen.

Screenshots If applicable, screenshots to help explain your problem.

Additional context Any other context about the problem here.

vvvladd commented 2 years ago

From oscm log:

Unable to connect to the OpenStack Controller. [org.oscm.app.openstack.OpenStackConnection.processRequest(OpenStackConnection.java:177), org.oscm.app.openstack.KeystoneClient.authenticate(KeystoneClient.java:93), org.oscm.app.openstack.controller.OpenStackController.ping(OpenStackController.java:613),

From keystone: nothing in /var/log/keystone.log in haproxy.log: Feb 16 08:54:29 juju-5cb111-0-lxd-5 haproxy[730]: 10.100.0.11:44444 [16/Feb/2022:08:52:53.355] tcp-in_public-port public-port_10.100.0.20/keystone-0 1/0/96068 28879 cD 1/1/0/0/0 0/0 In apache logs - nothing.