Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RDO tickets are now tracked in Jira https://issues.redhat.com/projects/RDO/issues/

Bug 1259351

Summary: Neutron API behind SSL terminating haproxy returns http version URL's instead of https
Product: [Community] RDO Reporter: Jasper Spit <js>
Component: openstack-neutronAssignee: lpeer <lpeer>
Status: CLOSED EOL QA Contact: Ofer Blaut <oblaut>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: KiloCC: bperkins, chrisw, srevivo
Target Milestone: ---   
Target Release: Kilo   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-19 16:04:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jasper Spit 2015-09-02 12:38:31 UTC 
Description of problem:

When using haproxy with SSL termination in front of neutron, neutron will return version URL's with http:// prefix instead of https://. This causes API clients to fail.

Version-Release number of selected component (if applicable):

python-neutron-2015.1.0-1.el7

How reproducible:

Steps to Reproduce:
1. Configure HAproxy in front of Neutron with SSL termination (so client talks to neutron over SSL, HAproxy talks to Neutron over plain HTTP)
2. curl https://openstack-api.example.com:9696

Actual results:

{"versions": [{"status": "CURRENT", "id": "v2.0", "links": [{"href": "http://openstack-api.example.com:9696/v2.0", "rel": "self"}]}]}

Expected results:

{"versions": [{"status": "CURRENT", "id": "v2.0", "links": [{"href": "https://openstack-api.example.com:9696/v2.0", "rel": "self"}]}]}

Additional info:

I patched this issue in /usr/lib/python2.7/site-packages/neutron/api/views/versions.py:

def get_view_builder(req):
    base_url = req.application_url
    if req.environ.get('HTTP_X_FORWARDED_PROTO', None) != None:
        base_url = base_url.replace('http://', 'https://')
    return ViewBuilder(base_url)

Then neutron returns the proper https URL. The X-Forwarded-Proto header is inserted by haproxy.

Note: this issue is present in other openstack api's as well but can be worked around by setting public_endpoint explicitly. This option is not available in neutron however.
Comment 1 Chandan Kumar 2016-05-19 16:04:02 UTC 
This bug is against a Version which has reached End of Life.
If it's still present in supported release (http://releases.openstack.org), please update Version and reopen.