Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1384334 - On an SSL enabled overcloud the Neutron api returns http URL
On an SSL enabled overcloud the Neutron api returns http URL
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-neutron (Show other bugs)
10.0 (Newton)
Unspecified Unspecified
high Severity high
: rc
: 10.0 (Newton)
Assigned To: John Schwarz
Marius Cornea
: Triaged
Depends On:
Blocks: 1384340
  Show dependency treegraph
 
Reported: 2016-10-13 02:54 EDT by Marius Cornea
Modified: 2016-12-14 11:18 EST (History)
13 users (show)

See Also:
Fixed In Version: openstack-neutron-9.0.0-1.7.el7ost
Doc Type: Bug Fix
Doc Text:
This release adds a HTTPProxyToWSGI middleware in front of the OpenStack Networking API to set up a request URL correctly in case a proxy (eg. HAProxy) is used between the client and server. This ensures that when a client uses SSL, the server recognizes this and responds using the correct protocol. Previously, using a proxy made it possible for the server to respond with HTTP (instead of HTTPS) even when a client used SSL.
Story Points: ---
Clone Of:
: 1384340 (view as bug list)
Environment:
Last Closed: 2016-12-14 11:18:25 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
OpenStack gerrit 384294 None None None 2016-10-13 02:54 EDT
OpenStack gerrit 387356 None None None 2016-10-21 13:08 EDT
Red Hat Product Errata RHEA-2016:2948 normal SHIPPED_LIVE Red Hat OpenStack Platform 10 enhancement update 2016-12-14 14:55:27 EST

  None (edit)
Description Marius Cornea 2016-10-13 02:54:01 EDT 
Description of problem:
On an SSL enabled overcloud the Neutron api returns http URL

openstack catalog show neutron
+-----------+------------------------------------------------------+
| Field     | Value                                                |
+-----------+------------------------------------------------------+
| endpoints | regionOne                                            |
|           |   publicURL: https://[2001:db8:ca2:4::10]:13696      |
|           |   internalURL: http://[fd00:fd00:fd00:2000::14]:9696 |
|           |   adminURL: http://[fd00:fd00:fd00:2000::14]:9696    |
|           |                                                      |
| name      | neutron                                              |
| type      | network                                              |
+-----------+------------------------------------------------------+

curl -s -H "X-Auth-Token: $OS_TOKEN" https://172.16.18.25:13042  | python -m json.tool

{
    "versions": [
        {
            "id": "v2.0",
            "links": [
                {
                    "href": "http://[2001:db8:ca2:4::10]:13696/v2.0",
                    "rel": "self"
                }
            ],
            "status": "CURRENT"
        }
    ]
}


Version-Release number of selected component (if applicable):
openstack-neutron-9.0.0-0.20160929051647.71f2d2b.el7ost.noarch
Comment 3 Marius Cornea 2016-11-28 11:01:00 EST 
Testing fails with the current build. I believe in order to be able to verify this we also need a fix for BZ#1384340 which is still in NEW state. 

curl -s -H "X-Auth-Token: $OS_TOKEN" https://172.16.18.25:13696 | python -m json.tool
{
    "versions": [
        {
            "id": "v2.0",
            "links": [
                {
                    "href": "http://172.16.18.25:13696/v2.0",
                    "rel": "self"
                }
            ],
            "status": "CURRENT"
        }
    ]
}
Comment 4 Ihar Hrachyshka 2016-11-28 11:16:18 EST 
Marius, do you have a specific puppet patch on your mind?
Comment 5 Marius Cornea 2016-11-28 11:29:59 EST 
(In reply to Ihar Hrachyshka from comment #4)
> Marius, do you have a specific puppet patch on your mind?

Yes, it looks that this one fixes addresses the issue:
https://review.openstack.org/#/c/400591/
Comment 6 John Schwarz 2016-11-28 11:33:02 EST 
Marius, puppet-tripleo doesn't have a patches branch. In other words, patches are automatically synced from upstream. Putting a needinfo on Mike Burns who I hear deals with the syncs.
Comment 7 Marius Cornea 2016-11-29 06:53:32 EST 
This has landed in the latest build and canbe verified:

{
    "versions": [
        {
            "id": "v2.0",
            "links": [
                {
                    "href": "https://172.16.18.25:13696/v2.0",
                    "rel": "self"
                }
            ],
            "status": "CURRENT"
        }
    ]
}
Comment 10 errata-xmlrpc 2016-12-14 11:18:25 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2948.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.