yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1746448] [NEW] Creation of HTTP monitor should be restricted if pool is created with HTTPS protocol

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Puneet Arora <apuneet@xxxxxxxxxx>
Date: Wed, 31 Jan 2018 08:57:37 -0000
Reply-to: Bug 1746448 <1746448@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Creation of HTTP monitor should be restricted if pool is created with
HTTPS protocol. Right now in neutron-lbaas code this is allowed and main
consequence is HTTPS traffic stops working if I add healthmonitor of
type HTTP to pool.

I used below commands to send https traffic :

###################
Openstack commands:
###################
neutron lbaas-loadbalancer-create --name lb_https2 private-subnet
neutron lbaas-listener-create --loadbalancer lb_https2 --protocol HTTPS --protocol-port 443 --name list_https2
neutron lbaas-pool-create --lb-algorithm ROUND_ROBIN --listener list_https2 --protocol HTTPS --name web_pool_https1
neutron lbaas-member-create --subnet private-subnet --address 10.0.0.4 --protocol-port 443 web_pool_https1
neutron lbaas-member-create --subnet private-subnet --address 10.0.0.13 --protocol-port 443 web_pool_https1

Till this time HTTPS traffic works fine. 
But now if I add healthmonitor of type HTTP under pool then traffic stops working.

neutron lbaas-healthmonitor-create --name health-tempest --delay 5
--max-retries 4 --timeout 3 --type HTTP --pool web_pool_https1

Ideally if pool is of HTTPS protocol type then healthmonitor shouldn't
be of type HTTP. So there should be validation check in neutron-lbaas
code if someone try to create healthmonitor of HTTP type and pool
already created with HTTPS type then exception should appear on the
prompt.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1746448

Title:
  Creation of HTTP monitor should be restricted if pool is created with
  HTTPS protocol

Status in neutron:
  New

Bug description:
  Creation of HTTP monitor should be restricted if pool is created with
  HTTPS protocol. Right now in neutron-lbaas code this is allowed and
  main consequence is HTTPS traffic stops working if I add healthmonitor
  of type HTTP to pool.

  I used below commands to send https traffic :

  ###################
  Openstack commands:
  ###################
  neutron lbaas-loadbalancer-create --name lb_https2 private-subnet
  neutron lbaas-listener-create --loadbalancer lb_https2 --protocol HTTPS --protocol-port 443 --name list_https2
  neutron lbaas-pool-create --lb-algorithm ROUND_ROBIN --listener list_https2 --protocol HTTPS --name web_pool_https1
  neutron lbaas-member-create --subnet private-subnet --address 10.0.0.4 --protocol-port 443 web_pool_https1
  neutron lbaas-member-create --subnet private-subnet --address 10.0.0.13 --protocol-port 443 web_pool_https1

  Till this time HTTPS traffic works fine. 
  But now if I add healthmonitor of type HTTP under pool then traffic stops working.

  neutron lbaas-healthmonitor-create --name health-tempest --delay 5
  --max-retries 4 --timeout 3 --type HTTP --pool web_pool_https1

  Ideally if pool is of HTTPS protocol type then healthmonitor shouldn't
  be of type HTTP. So there should be validation check in neutron-lbaas
  code if someone try to create healthmonitor of HTTP type and pool
  already created with HTTPS type then exception should appear on the
  prompt.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1746448/+subscriptions

Follow ups

[Bug 1746448] Re: Creation of HTTP monitor should be restricted if pool is created with HTTPS protocol
From: Akihiro Motoki, 2018-01-31