Bug 1237207

Summary: http endpoint returned instead of https when cinder service calls are made
Product: Red Hat OpenStack Reporter: Jaison Raju <jraju>
Component: openstack-cinderAssignee: Gorka Eguileor <geguileo>
Status: CLOSED ERRATA QA Contact: nlevinki <nlevinki>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 5.0 (RHEL 7)CC: dnavale, eharney, geguileo, jraju, scohen, sgotliv, wlehman, yeylon
Target Milestone: ---Keywords: ZStream
Target Release: 5.0 (RHEL 7)   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openstack-cinder-2014.1.5-3.el6ost, openstack-cinder-2014.1.5-3.el7ost Doc Type: Bug Fix
Doc Text:
Previously, the version resource constructed the links by using the host_url, but the Image Service API endpoint may have been behind a proxy or the SSl terminator. With this update, a new configuration option 'public_endpoint' is added to point to the public URL and to use for the versions endpoint.
 Story Points: ---
Clone Of:
: 1277364 (view as bug list) Environment:
Last Closed: 2015-12-22 14:26:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1277364    

Description Jaison Raju 2015-06-30 14:15:37 UTC 
Description of problem:
http endpoint returned instead of https when cinder service calls are made

$ curl -g -i -X GET https://node1.example.com:8776/ -H "Accept: application/json" -H "User-Agent: python-keystoneclient"
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 334
Date: Mon, 29 Jun 2015 15:59:35 GMT

{"versions": [{"status": "CURRENT", "updated": "2012-01-04T11:33:21Z", "id": "v1.0", "links": [{"href": "http://node1.example.com:8776/v1/", "rel": "self"}]}, {"status": "CURRENT", "updated": "2012-11-21T11:33:21Z", "id": "v2.0", "links": [{"href": "http://node1.example.com:8776/v2/", "rel": "self"}]}]}


$ keystone endpoint-list | egrep "8776" | awk -F\| '{print $3,$4,$5,$6}'
 RegionOne   https://node1.example.com:8776/v2/%(tenant_id)s   https://i.node1.example.com:8776/v2/%(tenant_id)s   https://i.node1.example.com:8776/v2/%(tenant_id)s
 RegionOne   https://node1.example.com:8776/v1/%(tenant_id)s   https://i.node1.example.com:8776/v1/%(tenant_id)s   https://i.node1.example.com:8776/v1/%(tenant_id)s

Version-Release number of selected component (if applicable):
openstack-cinder-2014.1.4-1.el7ost.noarch
python-cinder-2014.1.4-1.el7ost.noarch
python-cinderclient-1.0.9-1.el7ost.noarch

How reproducible:
Always

Steps to Reproduce:
1.
2.
3.

Actual results:
The http endpoint is listed.

Expected results:
service call should obtain https endpoint .

Additional info:
This behaviour is noticed for nova & glance too .
We suspect this to be caused due to behaviour mentioned in https://bugs.launchpad.net/cinder/+bug/1384379
Comment 5 William 2015-10-14 19:42:16 UTC 
Do we have an update on this?
Comment 6 Sergey Gotliv 2015-10-19 06:18:30 UTC 
(In reply to William from comment #5)
> Do we have an update on this?

(In reply to William from comment #5)
> Do we have an update on this?

I believe it's already fixed in Kilo (7.0), see this https://review.openstack.org/#/c/159374/

This bug is detected on 5.0 but targeted for 8.0 most probably because this is a default. Do you need to backport this fix to 5.0?
Comment 7 William 2015-10-21 19:14:25 UTC 
(In reply to Sergey Gotliv from comment #6)
> (In reply to William from comment #5)
> > Do we have an update on this?
> 
> (In reply to William from comment #5)
> > Do we have an update on this?
> 
> I believe it's already fixed in Kilo (7.0), see this
> https://review.openstack.org/#/c/159374/
> 
> This bug is detected on 5.0 but targeted for 8.0 most probably because this
> is a default. Do you need to backport this fix to 5.0?

Sergey, yes please.

Is there anything you need me to do to facilitate?
Comment 8 Gorka Eguileor 2015-10-22 14:21:02 UTC 
> Is there anything you need me to do to facilitate?

Thanks for the offer, no need for the moment.  :-)
Comment 11 errata-xmlrpc 2015-12-22 14:26:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2686.html