keystone haproxy service configuration is broken when using federation
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
kolla-ansible | Status tracked in Dalmatian | |||||
Antelope |
In Progress
|
Medium
|
Unassigned | |||
Bobcat |
In Progress
|
Medium
|
Unassigned | |||
Caracal |
In Progress
|
Medium
|
Gaël THEROND | |||
Dalmatian |
Fix Released
|
Medium
|
Gaël THEROND | |||
Yoga |
Confirmed
|
Medium
|
Unassigned | |||
Zed |
Confirmed
|
Medium
|
Unassigned |
Bug Description
As of ZED and any branch that backported support for federation on kolla, the generated service.cfg file for keystone isn't correct.
Indeed, for the backend balancing mode, the template do generate an improper value:
```
backend keystone_
mode http
['balance source']
```
where it should produce:
```
backend keystone_
mode http
balance source
```
This is due to the way the service default main.yml substitution is made compared to other services:
On keystone:
```yaml
backend_http_extra: "{{ ['balance source'] if enable_
```
vs
On horizon
```yaml
backend_http_extra:
- "balance {{ 'roundrobin' if enable_memcached | bool or horizon_
```
As keystone need source when federation is enabled and roundrobin when disabled, we should rather use:
```yaml
backend_http_extra:
- balance "{{ 'source' if enable_
```
Of course we could leave the balance empty when keystone federation is disabled, but as the default balance algorithm for any backend is roundrobin no matter what (out of higher rank default directive set), that would probably beneficial for everyone to get the value explicited rather than letting operators have a long search about it.
ref: https:/
Changed in kolla-ansible: | |
assignee: | nobody → Gaël THEROND (gtherond) |
Fix proposed to branch: master /review. opendev. org/c/openstack /kolla- ansible/ +/913908
Review: https:/