kolla

Redirects to HTTP when SSL enabled

Bug #1626645 reported by Bartłomiej Daca on 2016-09-22

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	kolla	Fix Released	Critical	Unassigned	kolla queens-3

Bug Description

Environment: multinode kolla deploy with haproxy and SSL

info: In some API calls there are redirects to http URL, not the https. Observed in:
- cinder when listing volumes with pagination
- swift when using Static Web functionality
- nova when listing version details

How to reproduce:

Example for nova:

curl -H 'X-Auth-Token: *****' https://my-cloud:8774/v2/

result:
{
    "version": {
        "status": "SUPPORTED",
        "updated": "2011-01-21T11:33:21Z",
        "links": [
            {"href": "http://my-cloud:8774/v2/", "rel": "self"},
            {"href": "http://docs.openstack.org/", "type": "text/html", "rel": "describedby"}
        ],
        "min_version": "",
        "version": "",
        "media-types": [{"base": "application/json", "type": "application/vnd.openstack.compute+json;version=2"}],
        "id": "v2.0"
    }
}

Example for cinder:

curl -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'X-Auth-Token: *****' https://my-cloud:8776/v2/{{ tenant_id }}/volumes?limit=1

result:
{
    "volumes_links": [
        {"href": "http://my-cloud:8776/v2/{{ tenant_id }}/volumes?limit=1&marker={{ volume_id }}", "rel": "next"}
    ],
    "volumes": [
        {
            "id": "{{ volume_id }}",
            "links": [
                {"href": "http://my-cloud:8776/v2/{{ tenant_id }}/volumes/{{ volume_id }}", "rel": "self"},
                {"href": "http://my-cloud:8776/{{ tenant_id }}/volumes/{{ volume_id }}", "rel": "bookmark"}
            ],
            "name": "dsf"
        }
    ]
}

I can provide example for swift if someone will be interested, but it is more complicated.

Paul Bourke (pauldbourke) on 2016-11-24

Changed in kolla:
status:	New → Confirmed
status:	Confirmed → Triaged
importance:	Undecided → High

Jeffrey Zhang (jeffrey4l) on 2016-12-16

Changed in kolla:
milestone:	none → ocata-3

Jeffrey Zhang (jeffrey4l) on 2017-01-29

Changed in kolla:
milestone:	ocata-3 → ocata-rc1

Jeffrey Zhang (jeffrey4l) on 2017-02-16

Changed in kolla:
milestone:	ocata-rc1 → pike-1

Jeffrey Zhang (jeffrey4l) on 2017-06-14

Changed in kolla:
milestone:	pike-2 → pike-3

Revision history for this message

Christian Berendt (berendt) wrote on 2017-06-19:

Same for Heat when using the --wait parameter of stack create/update.

Revision history for this message

Christian Berendt (berendt) wrote on 2017-06-19:

For heat: by default the enable_proxy_headers_parsing parameter is set to False in [oslo_middleware] section. This parameter has to be set to True when running heat-api behind a proxy. After settings this parameter to True everything is working like expected. Probably this is the same issue for the other services.

Setting priority to critical, at least Heat is not working behind a proxy using SSL which is a blocker from my POV.

Changed in kolla:
importance:	High → Critical
status:	Triaged → Confirmed

Jeffrey Zhang (jeffrey4l) on 2017-07-30

Changed in kolla:
milestone:	pike-3 → pike-rc1

Eduardo Gonzalez (egonzalez90) on 2017-09-06

Changed in kolla:
milestone:	pike-rc1 → queens-1

Jeffrey Zhang (jeffrey4l) on 2017-12-11

Changed in kolla:
milestone:	queens-2 → queens-3

Revision history for this message

Jeffrey Zhang (jeffrey4l) wrote on 2017-12-18:

This is resolved by https://review.openstack.org/#/c/439468/ since pike cycle.

Changed in kolla:
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.