Skip to content

Commit

Permalink
openstack/novarc: export HTTPS after vault init
Browse files Browse the repository at this point in the history 
The `export OS_AUTH_PROTOCOL=https` in the Vault-based SSL case
only happens in the check for 'Vault needs to be initialized',
which suggests to run the script to unseal/authorize.

However, if you type 'n' (not proceed), run that script, and
rerun ./configure, then it is not exported, which broke this
neutron command, as the server refuses HTTP on a HTTPS port.

With this patch, the neutron command succeeded, ./configure
finished, and juju status is all green/active/idle.
(openstack deployment of jammy yoga).

Steps:

```
$ ./configure
...
This deployment is using vault-based ssl certificates
but the vault seems to be not initialized yet.
It is recommended to initialize it via running
./tools/vault-unseal-and-authorise.sh before doing anything else.
Do you want to proceed anyway? (y/n): n
...

$ ./tools/vault-unseal-and-authorise.sh
...

$ ./configure
...
```

Before:

```
$ ./configure
...
+ ./bin/neutron-ext-net-ksv3 --project admin --network-type flat
  -g 10.5.0.1 -c 10.5.0.0/16 -f 10.5.150.0:10.5.200.254 ext_net
/usr/lib/python3/dist-packages/keystoneauth1/adapter.py:235:
   UserWarning: Using keystoneclient sessions has been deprecated.
   Please update your software to use keystoneauth1.
  warnings.warn('Using keystoneclient sessions has been deprecated. '
Traceback (most recent call last):
<...>
neutronclient.common.exceptions.BadRequest: <!DOCTYPE HTML PUBLIC ...
<...>
<p>Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
 Instead use the HTTPS scheme to access this URL, please.<br />
<...>
```

After:

```
$ ./configure
...
+ ./bin/neutron-ext-net-ksv3 --project admin --network-type flat
   -g 10.5.0.1 -c 10.5.0.0/16 -f 10.5.150.0:10.5.200.254 ext_net
/usr/lib/python3/dist-packages/keystoneauth1/adapter.py:235:
   UserWarning: Using keystoneclient sessions has been deprecated.
   Please update your software to use keystoneauth1.
  warnings.warn('Using keystoneclient sessions has been deprecated. '
INFO:root:Configuring external network 'ext_net'
INFO:root:Creating new external network definition: ext_net
INFO:root:New external network created: e8981a8a-6bad-469b-aef6-...
...
```

Fixes: 45aac54 ("novarc: uninitialized vault prompt")
Signed-off-by: Mauricio Faria de Oliveira <[email protected]>
  • Loading branch information
Mauricio Faria de Oliveira committed Sep 27, 2023
1 parent df1dfde commit 6fa1731
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion openstack/novarc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,8 @@ END
return;;
esac
fi
export OS_AUTH_PROTOCOL=https
fi
export OS_AUTH_PROTOCOL=https
else
unset OS_AUTH_PROTOCOL
fi
Expand Down

0 comments on commit 6fa1731

Please sign in to comment.