Bug 1351255
Summary: | nova-api not properly configure secure_proxy_ssl_header option in nova.conf when using HAProxy and SSL | |||
---|---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Arx Cruz <acruz> | |
Component: | openstack-tripleo-heat-templates | Assignee: | Marios Andreou <mandreou> | |
Status: | CLOSED ERRATA | QA Contact: | Daniel Mellado <dmellado> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 9.0 (Mitaka) | CC: | bperkins, dbecker, jason.dobies, jcoufal, jjoyce, mburns, mcornea, mlopes, morazi, rhel-osp-director-maint, tkammer, tvignaud | |
Target Milestone: | ga | Keywords: | Automation, AutomationBlocker, TestOnly, Triaged | |
Target Release: | 9.0 (Mitaka) | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | openstack-tripleo-heat-templates-2.0.0-26.el7ost | Doc Type: | Bug Fix | |
Doc Text: |
Prior to this update, the secure_proxy_ssl_header option for Compute was not being set in nova.conf by Red Hat OpenStack Platform director (as discussed in the upstream bug https://bugs.launchpad.net/tripleo/+bug/1606863).
Consequently, when haproxy and SSL were enabled for the director deployment, nova-api could not handle service requests since it was not configured to handle the "X-Forwarded-Proto" header in HTTP requests. In particular, the tempest.api.compute.test_versions.TestVersions.test_get_version_details tests failed with the error:
'Connection aborted.', BadStatusLine("''",)
With this update, the secure_proxy_ssl_header is now set to the appropriate value (X-Forwarded-Proto) for director deployments, see https://review.openstack.org/#/c/347806/ for more details.
As a result, the nova-api service should now be able to handle service requests correctly when haproxy and SSL are enabled for the director deployment.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1568469 (view as bug list) | Environment: | ||
Last Closed: | 2016-08-24 13:01:32 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1568469, 1631473 |
Description
Arx Cruz
2016-06-29 14:23:42 UTC
Looking at puppet-nova, I see this is being set as so: nova/manifests/api.pp: $secure_proxy_ssl_header = $::os_service_default, So my guess is tht just needs to configure this, in the same manner as is done elsewhere moved to ON_DEV - I filed an upstream bug for this (required for stable/mitaka, which is where this is needed here) https://bugs.launchpad.net/tripleo/+bug/1606863 - reviews to master and mitaka linked. Working with latest puddle # rhos-release 9-director -p 2016-08-19.3 [stack@undercloud-0 tempest]$ python -m testtools.run tempest.api.compute.test_versions.TestVersions.test_get_version_details Tests running... Ran 1 test in 2.563s OK openstack-nova-compute-13.1.1-2.el7ost.noarch openstack-nova-console-13.1.1-2.el7ost.noarch python-novaclient-3.3.1-1.el7ost.noarch python-nova-13.1.1-2.el7ost.noarch openstack-nova-novncproxy-13.1.1-2.el7ost.noarch openstack-nova-common-13.1.1-2.el7ost.noarch openstack-nova-api-13.1.1-2.el7ost.noarch openstack-nova-conductor-13.1.1-2.el7ost.noarch openstack-nova-cert-13.1.1-2.el7ost.noarch openstack-nova-scheduler-13.1.1-2.el7ost.noarch Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-1762.html |