yahoo-eng-team team mailing list archive

[Amith Nayak <kanayak123@xxxxxxxxxxx>]

This was an config error, not a bug. However, directing it to
Openstack_ansible, because it seems to me that Openstack-ansible ignored
the secrets set in /etc/openstack_deploy/user_secrets.yml. I am using
Openstack-Ansible 13.2.0.

** Project changed: keystone => openstack-ansible

** Changed in: openstack-ansible
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1612518

Title:
  Auth failed for Neutron Server Service when behind haproxy

Status in openstack-ansible:
  Invalid

Bug description:
  I have Mitaka installed with password enabled for all services such as
  nova_service, nova_v3_service, nova_ec2_service etc. Neutron Server
  Container is put behind HAProxy. But the auth for Neutron Service
  fails from all hosts and Neutron CLIs. Keystone assumes that the auth
  request is originated from HAProxy IP and shows below message in logs.

  2016-08-12 12:04:02.080 3104 INFO keystone.common.wsgi [req-01943395-752e-4e3c-b1b6-5b288d3320e4 - - - - -] POST http://10.42.249.10:35357/v3/auth/tokens
  2016-08-12 12:04:02.105 3104 WARNING keystone.common.wsgi [req-01943395-752e-4e3c-b1b6-5b288d3320e4 - - - - -] Authorization failed. The request you have made requires authentication. from 10.42.249.10

  I have enabled "option forwardfor header X-Forwarded-For" in HAProxy
  And 'remoteip module' enabled in apache on keystone
  And "RemoteIPHeader X-Forwarded-For" and "RemoteIPTrustedProxy 10.42.249.10" in Apache conf.

  But the issue remains same. I think keystone requires to understand "X
  -Forwarded-For".

To manage notifications about this bug go to:
https://bugs.launchpad.net/openstack-ansible/+bug/1612518/+subscriptions