Bug 1036198

Summary: packstack configures allowed hosts on horizon
Product: [Community] RDO Reporter: Mohammed Arafa <bugzilla>
Component: openstack-packstackAssignee: RHOS Maint <rhos-maint>
Status: CLOSED DUPLICATE QA Contact: Nir Magnezi <nmagnezi>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: aortega, derekh, dneary, hateya, mrunge, yeylon
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-02 11:49:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Mohammed Arafa 2013-11-29 17:38:46 UTC 
Description of problem:
packstack configures horizon to only allow the localhost with a real ip to access it.
eg:
ALLOWED_HOSTS = ['192.168.122.254', ]

the fix is to 
DEBUG = True


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Mohammed Arafa 2013-11-30 15:45:08 UTC 
so if you do a packstack all in one installation the dashboard is 100% useless unless this trick is known.
Comment 2 Mohammed Arafa 2013-12-01 16:50:14 UTC 
service httpd restart for changes to take effect
Comment 3 Dave Neary 2013-12-02 09:13:20 UTC 
Since prior to the ALLOWED_HOSTS requirement there was no restriction on who could connect (and for something like the dashboard it probably doesn't make sense to have such a restriction by default) you could almost consider this a regression (in that something which worked before doesn't work now).

I would suggest that adding ALLOWED_HOSTS=['*']; and leaving DEBUG at False is a better default setting. This also applies to RDO packages.
Comment 4 Matthias Runge 2013-12-02 11:43:30 UTC 
(In reply to Dave Neary from comment #3)
> Since prior to the ALLOWED_HOSTS requirement there was no restriction on who
> could connect (and for something like the dashboard it probably doesn't make
> sense to have such a restriction by default) you could almost consider this
> a regression (in that something which worked before doesn't work now).
> 
> I would suggest that adding ALLOWED_HOSTS=['*']; and leaving DEBUG at False
> is a better default setting. This also applies to RDO packages.

I strongly recommend not to set 
ALLOWED_HOSTS= ['*']

since it opens the door for attacks on your service.

One should add there the IP address, the full qualified hostname of your horizon node. If you have put horizon behind a load balancer, then you could also add your domain name there.
Comment 5 Matthias Runge 2013-12-02 11:49:52 UTC 

*** This bug has been marked as a duplicate of bug 988316 ***