Bug 1237207 - http endpoint returned instead of https when cinder service calls are made
Summary: http endpoint returned instead of https when cinder service calls are made
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-cinder
Version: 5.0 (RHEL 7)
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
: 5.0 (RHEL 7)
Assignee: Gorka Eguileor
QA Contact: nlevinki
URL:
Whiteboard:
Depends On:
Blocks: 1277364
TreeView+ depends on / blocked
 
Reported: 2015-06-30 14:15 UTC by Jaison Raju
Modified: 2019-09-12 08:35 UTC (History)
8 users (show)

Fixed In Version: openstack-cinder-2014.1.5-3.el6ost, openstack-cinder-2014.1.5-3.el7ost
Doc Type: Bug Fix
Doc Text:
Previously, the version resource constructed the links by using the host_url, but the Image Service API endpoint may have been behind a proxy or the SSl terminator. With this update, a new configuration option 'public_endpoint' is added to point to the public URL and to use for the versions endpoint.
Clone Of:
: 1277364 (view as bug list)
Environment:
Last Closed: 2015-12-22 14:26:13 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:2686 0 normal SHIPPED_LIVE openstack-cinder bug fix advisory 2015-12-22 19:23:47 UTC

Description Jaison Raju 2015-06-30 14:15:37 UTC
Description of problem:
http endpoint returned instead of https when cinder service calls are made

$ curl -g -i -X GET https://node1.example.com:8776/ -H "Accept: application/json" -H "User-Agent: python-keystoneclient"
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 334
Date: Mon, 29 Jun 2015 15:59:35 GMT

{"versions": [{"status": "CURRENT", "updated": "2012-01-04T11:33:21Z", "id": "v1.0", "links": [{"href": "http://node1.example.com:8776/v1/", "rel": "self"}]}, {"status": "CURRENT", "updated": "2012-11-21T11:33:21Z", "id": "v2.0", "links": [{"href": "http://node1.example.com:8776/v2/", "rel": "self"}]}]}


$ keystone endpoint-list | egrep "8776" | awk -F\| '{print $3,$4,$5,$6}'
 RegionOne   https://node1.example.com:8776/v2/%(tenant_id)s   https://i.node1.example.com:8776/v2/%(tenant_id)s   https://i.node1.example.com:8776/v2/%(tenant_id)s
 RegionOne   https://node1.example.com:8776/v1/%(tenant_id)s   https://i.node1.example.com:8776/v1/%(tenant_id)s   https://i.node1.example.com:8776/v1/%(tenant_id)s

Version-Release number of selected component (if applicable):
openstack-cinder-2014.1.4-1.el7ost.noarch
python-cinder-2014.1.4-1.el7ost.noarch
python-cinderclient-1.0.9-1.el7ost.noarch

How reproducible:
Always

Steps to Reproduce:
1.
2.
3.

Actual results:
The http endpoint is listed.

Expected results:
service call should obtain https endpoint .

Additional info:
This behaviour is noticed for nova & glance too .
We suspect this to be caused due to behaviour mentioned in https://bugs.launchpad.net/cinder/+bug/1384379

Comment 5 William 2015-10-14 19:42:16 UTC
Do we have an update on this?

Comment 6 Sergey Gotliv 2015-10-19 06:18:30 UTC
(In reply to William from comment #5)
> Do we have an update on this?

(In reply to William from comment #5)
> Do we have an update on this?

I believe it's already fixed in Kilo (7.0), see this https://review.openstack.org/#/c/159374/

This bug is detected on 5.0 but targeted for 8.0 most probably because this is a default. Do you need to backport this fix to 5.0?

Comment 7 William 2015-10-21 19:14:25 UTC
(In reply to Sergey Gotliv from comment #6)
> (In reply to William from comment #5)
> > Do we have an update on this?
> 
> (In reply to William from comment #5)
> > Do we have an update on this?
> 
> I believe it's already fixed in Kilo (7.0), see this
> https://review.openstack.org/#/c/159374/
> 
> This bug is detected on 5.0 but targeted for 8.0 most probably because this
> is a default. Do you need to backport this fix to 5.0?

Sergey, yes please.

Is there anything you need me to do to facilitate?

Comment 8 Gorka Eguileor 2015-10-22 14:21:02 UTC
> Is there anything you need me to do to facilitate?

Thanks for the offer, no need for the moment.  :-)

Comment 11 errata-xmlrpc 2015-12-22 14:26:13 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2686.html


Note You need to log in before you can comment on or make changes to this bug.