yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #27681
[Bug 1370022] Re: Keystone cannot cope with being behind an SSL terminator for version list
** Changed in: keystone
Status: Fix Committed => Fix Released
** Changed in: keystone
Milestone: None => kilo-2
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1370022
Title:
Keystone cannot cope with being behind an SSL terminator for version
list
Status in OpenStack Identity (Keystone):
Fix Released
Bug description:
When keystone set up behind SSL termintator then it returns 'http' as
protocol in URLs returned by version list command -
user@host:~$ curl https://MYHOST:5000/
{"versions": {"values": [{"status": "stable", "updated":
"2013-03-06T00:00:00Z", "media-types": [{"base": "application/json",
"type": "application/vnd.openstack.identity-v3+json"}, {"base":
"application/xml", "type":
"application/vnd.openstack.identity-v3+xml"}], "id": "v3.0", "links":
[{"href": "http://MYHOST:5000/v3/", "rel": "self"}]}, {"status":
"stable", "updated": "2014-04-17T00:00:00Z", "media-types": [{"base":
"application/json", "type":
"application/vnd.openstack.identity-v2.0+json"}, {"base":
"application/xml", "type":
"application/vnd.openstack.identity-v2.0+xml"}], "id": "v2.0",
"links": [{"href": "http://MYHOST:5000/v2.0/", "rel": "self"},
{"href": "http://docs.openstack.org/api/openstack-identity-
service/2.0/content/", "type": "text/html", "rel": "describedby"},
{"href": "http://docs.openstack.org/api/openstack-identity-service/2.0
/identity-dev-guide-2.0.pdf", "type": "application/pdf", "rel":
"describedby"}]}]}}
my ha_proxyconfig -
frontend keystone_main_frontend
bind 172.31.7.253:5000
bind 172.31.7.252:5000 ssl crt /etc/haproxy/certs/runtime
reqadd X-Forwarded-Proto:\ https if { ssl_fc }
default_backend keystone_main_backend
option httpclose
option http-pretend-keepalive
option forwardfor
backend keystone_main_backend
server HOST1 172.31.0.10:5000 check
server HOST2 172.31.0.12:5000 check
server HOST3 172.31.0.16:5000 check
Similar bug is here https://bugs.launchpad.net/heat/+bug/1235555
And because of this bug last cinder client doesn't work -
user@host:~$cinder --os-username admin --os-tenant-name admin --os-password password --os-auth-url https://MYHOST:5000/v2.0/ --endpoint-type publicURL --debug list
ERROR: Unable to establish connection to http://MYHOST:5000/v2.0/tokens
Also - if I set public_endpoint and admin_endpoint in keystone.conf to use 'https' proto then all works.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1370022/+subscriptions
References