-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add config parameter os.region #128
Comments
Hi Guillaume, |
Hi Adam, |
Great to hear! I'll be ready to test when you do. |
@vinsh, this one is available in the fresh release 0.6.0. Don't hesitate to test it against your OpenStack and to give us your feedback. |
Yes! Thank you for the good work here. Testing to start now. We have 2 regions to work against now and will likely be flipping between each often. |
Let me know if you want a new issue opened for some of these findings: I have set the following in my Vagrantfile:
I have to specify an auth_url as just specifying region alone wont work. But this doesn't make sense in a general use case(no UK endpoint here..).. i'm using a private openstack cloud and without an auth_url in the vagrant file... it has no url to default to. Next issue is that my network endpoint is https. By default this provider attempts to connect to the http endpoint.
This fails. I have to specify my https url in the vagrant file for openstack_network_url to get it working. I would expect that the region support should only require the region and the openstack_auth_url.. and interpret http vs https based on the authurl... and then use that for the other endpoints. |
About your first point, this is just an error in the README because it is inherited from the vagrant-rackspace plugin but there's nothing about that in the code. I just fixed the documentation. About the protocol error, the plugin never choose to use http or https. It just use what it gets in the catalog. But, even if the neutron endpoint is well configured in https in the Keystone service catalog it is not enough because the neutron URL in the catalog is only used to get the neutron version list (with URLs) to choose the URL of the desired neutron version. There is a common mistake when using https endpoints on OpenStack. Let's say in your Keystone service catalog you have the neutron service configured with something like : {
"endpoints": [
{
"adminURL": "http://admin.regionone.neutron",
"region": "regionOne",
"internalURL": "http://internal.regionone.neutron",
"id": "709384a4c86a47abebc3b30e5a03605f",
"publicURL": "https://public.regionone.neutron"
},
{
"adminURL": "http://admin.regiontwo.neutron",
"region": "regionTwo",
"internalURL": "http://internal.regiontwo.neutron",
"id": "ae5184a4c86a47abebc3b30e5a98de4a",
"publicURL": "https://public.regiontwo.neutron"
}
],
"endpoints_links": [],
"type": "network",
"name": "neutron"
} The Then we run a request {
"versions": [
{
"status": "CURRENT",
"id": "v2.0",
"links": [
{
"href": "https://public.regionone.neutron/v2.0",
"rel": "self"
}
]
}
]
} You should see that in debug logs
Here, in my example the URL for neutron v2.0 is right but i suspect yours to be in http instead of https. This is a common issue when OpenStack services are not themselves secured but security is handled by an ssl termination done for instance by a reverse proxy. |
@ggiamarchi You nailed it, that is exactly the case here. Where does neutron get its endpoint data for version lists from? How do most folks correct this disconnect? |
Unfortunately there is no clean solution to this problem (or if there is one, i have not find it so far). Neutron builds the version URL from the application URL (see versions.py). That means if your neutron server listen on HTTP, your application URL is an HTTP URL and thus your version URL too. The problem is the same for all the OpenStack services. The simple solution is to enable SSL on all the OpenStack services rather that dealing with SSL at a higher level but i guess you probably don't want to do that. When i had to deal with this problem i did a kind of search and replace on the response body implemented in a reverse proxy in front of my OpenStack APIs. That's a dirty workaround but i don't have a better solution... |
Hi. Is it possible to provision in two regions at once (i.e. with multiple machines)? It seems to me that the region is chosen before the multi-machine configuration is processed, but I might be wrong :) |
@alanraison You're right, it doesn't work. The region of the first machine is used for the others even if you explicitly specify the region at the machine level. As a workaround, you can run a command by machine. Let's say you have a Vagrantfile that looks like Vagrant.configure('2') do |config|
config.vm.provider :openstack do |os|
...
end
config.vm.define 'server-1' do |s|
s.vm.provider :openstack do |os|
...
os.region = 'RegionOne'
end
end
config.vm.define 'server-2' do |s|
s.vm.provider :openstack do |os|
...
os.region = 'RegionTwo'
end
end
end Running
Will do the trick. |
The issue in Openstack: https://bugs.launchpad.net/glance/+bug/1384379 https://review.openstack.org/#/c/206479/ . |
To make possible to specify the OpenStack region for endpoints selection.
The text was updated successfully, but these errors were encountered: