Public bug reported: I have Mitaka installed with all service password enabled. Neutron Server Container is put behind HAProxy. But the auth for Neutron fails from all compute nodes and Neutron CLIs. Keystone assumes the auth request is originated from HAProxy IP. Below is the error log from Keystone.
2016-08-12 12:04:02.080 3104 INFO keystone.common.wsgi [req-01943395-752e-4e3c-b1b6-5b288d3320e4 - - - - -] POST http://10.42.249.10:35357/v3/auth/tokens 2016-08-12 12:04:02.105 3104 WARNING keystone.common.wsgi [req-01943395-752e-4e3c-b1b6-5b288d3320e4 - - - - -] Authorization failed. The request you have made requires authentication. from 10.42.249.10 I have enabled "option forwardfor header X-Forwarded-For" in HAProxy And remoteip module And "RemoteIPHeader X-Forwarded-For" and "RemoteIPTrustedProxy 10.42.249.10" in Apache conf. But the issue remains same. I think keystone requires to understand "X -Forwarded-For". ** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1612518 Title: Auth failed for Neutron when behind haproxy Status in OpenStack Identity (keystone): New Bug description: I have Mitaka installed with all service password enabled. Neutron Server Container is put behind HAProxy. But the auth for Neutron fails from all compute nodes and Neutron CLIs. Keystone assumes the auth request is originated from HAProxy IP. Below is the error log from Keystone. 2016-08-12 12:04:02.080 3104 INFO keystone.common.wsgi [req-01943395-752e-4e3c-b1b6-5b288d3320e4 - - - - -] POST http://10.42.249.10:35357/v3/auth/tokens 2016-08-12 12:04:02.105 3104 WARNING keystone.common.wsgi [req-01943395-752e-4e3c-b1b6-5b288d3320e4 - - - - -] Authorization failed. The request you have made requires authentication. from 10.42.249.10 I have enabled "option forwardfor header X-Forwarded-For" in HAProxy And remoteip module And "RemoteIPHeader X-Forwarded-For" and "RemoteIPTrustedProxy 10.42.249.10" in Apache conf. But the issue remains same. I think keystone requires to understand "X -Forwarded-For". To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1612518/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
