Bug 1321952

Summary: In SSL + IPv6 + external loadbalancer deployment Horizon redirects https to non-https
Product: Red Hat OpenStack Reporter: Marius Cornea <mcornea>
Component: rhosp-directorAssignee: Angus Thomas <athomas>
Status: CLOSED NOTABUG QA Contact: Arik Chernetsky <achernet>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 8.0 (Liberty)CC: dbecker, mburns, morazi, rhel-osp-director-maint
Target Milestone: ---   
Target Release: 8.0 (Liberty)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-03-29 13:35:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
haproxy.cfg
none
enable-tls.yaml none

Description Marius Cornea 2016-03-29 12:54:45 UTC 
Created attachment 1141243 [details]
haproxy.cfg

Description of problem:
In an overcloud dpeloyment with SSL + IPv6 + external loadbalancer Horizon redirects https to non-https.

Version-Release number of selected component (if applicable):
openstack-tripleo-heat-templates-0.8.12-2.el7ost.noarch

How reproducible:


Steps to Reproduce:
1. Deploy overcloud
export THT=/usr/share/openstack-tripleo-heat-templates
openstack overcloud deploy --templates $THT \
  -e $THT/environments/network-isolation-v6.yaml \
  -e ~/templates/network-environment-v6.yaml \
  -e ~/templates/firstboot-environment.yaml \
  -e ~/templates/enable-tls.yaml \
  -e ~/templates/inject-trust-anchor.yaml \
  -e $THT/environments/external-loadbalancer-vip-v6.yaml \
  -e ~/templates/external-lb-v6.yaml \
  -e $THT/environments/storage-environment.yaml \
  --control-scale 3 \
  --compute-scale 1 \
  --ceph-storage-scale 2\
  --ntp-server clock.redhat.com \
  --libvirt-type qemu 

2. Try to reach Horizon on the public VIP:
curl https://[2001:db8:fd00:1000::5]

Actual results:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://[2001:db8:fd00:1000::5]/dashboard">here</a>.</p>
</body></html>

Expected results:
The redirect is done to https://[2001:db8:fd00:1000::5]/dashboard

Additional info:
Attaching the enable-tls.yaml file and the haproxy configuration that is set on the external loadbalancer. If there's any other info I should provide please let me know. Thanks!
Comment 2 Marius Cornea 2016-03-29 12:55:47 UTC 
Created attachment 1141244 [details]
enable-tls.yaml
Comment 3 Marius Cornea 2016-03-29 13:35:26 UTC 
Closing this as not a bug. I was missing the following directive in the horizon section of haproxy.cfg on the external loadbalancer:

rsprep ^Location:\ http://(.*) Location:\ https://\1