Unstable work keystone+TLS via LDAP proxy
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Fuel Plugins |
Fix Released
|
High
|
Max Yatsenko | ||
Bug Description
When there is a configuration: keystone+TLS (with domains are enabled) via LDAP proxy we get unstable keystone work.
It's reflected in the fact that i.e. keystone returns user list of some ldap domain or it is failed:
root@node-
An unexpected error prevented the server from fulfilling your request. (HTTP 500) (Request-ID: req-0b41a6d8-
-----
root@node-
+------
| ID | Name |
+------
| 5e3712f0a4f1e05
| bbe729e29e55faf
| 511b2c2670a05e8
+------
In keystone logs we have such errors:
---------
REQ: curl -g -i -X GET http://
Resetting dropped connection: 192.168.0.2
"GET /v3/users?
RESP: [500] Content-Length: 143 Vary: X-Auth-Token Server: Apache Connection: close Date: Wed, 22 Jun 2016 18:43:34 GMT Content-Type: application/json x-openstack-
RESP BODY: {"error": {"message": "An unexpected error prevented the server from fulfilling your request.", "code": 500, "title": "Internal Server Error"}}
---------
<12>Jun 23 11:00:27 node-3 keystone-admin: 2016-06-23 11:00:27.873 22793 WARNING keystone.
<15>Jun 23 11:00:27 node-3 keystone-admin: 2016-06-23 11:00:27.878 22793 DEBUG keystone.
----------
| Max Yatsenko (myatsenko) wrote | #1 |
| Changed in fuel-plugins: | |
| milestone: | none → 9.0 |
| assignee: | nobody → Max Yatsenko (myatsenko) |
| Alexander Petrov (apetrov-n) wrote | #2 |
| OpenStack Infra (hudson-openstack) wrote Related fix proposed to fuel-plugin-ldap (master) | #3 |
| Max Yatsenko (myatsenko) wrote | #4 |
| OpenStack Infra (hudson-openstack) wrote Related fix merged to fuel-plugin-ldap (master) | #5 |
| Changed in fuel-plugins: | |
| importance: | Undecided → High |
| status: | New → Fix Committed |
| Changed in fuel-plugins: | |
| status: | Fix Committed → Fix Released |
It was decided to transport using of TLS from keystone side to proxy side.