← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #44964

[Bug 1536258] [NEW] Metadata agent fails when use_ssl is set to True in neutron.conf

  Thread PreviousDate PreviousThread Next 
Public bug reported:

The Neutron metadata agent listens on a unix domain socket for requests
coming from Neutron metadata proxies. This communication is done via the
HTTP protocol. When the Neutron Server is configured to use SSL the
use_ssl flag in Neutron will be set to True. As it turns out, this also
affects the Neutron metadata agent.

We use OpenStack Liberty on Ubuntu 14.04 using cloud archive packages.

To reproduce:

Enable SSL in neutron.conf:
use_ssl = True
ssl_cert_file = /etc/neutron/ssl/cert.crt
ssl_key_file = /etc/neutron/ssl/cert.key

Do a request to the Neutron metadata proxy socket:
echo 'GET /' | socat - UNIX-CONNECT:/var/lib/neutron/metadata_proxy

Expected behaviour:
Should return a HTTP 500 error, because of missing headers.

Actual behaviour:
Connection is immediately clossed.

Workaround:
Set 'use_ssl = False' in metadata_agent.ini.

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: neutron-metadata-agent

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1536258

Title:
  Metadata agent fails when use_ssl is set to True in neutron.conf

Status in neutron:
  New

Bug description:
  The Neutron metadata agent listens on a unix domain socket for
  requests coming from Neutron metadata proxies. This communication is
  done via the HTTP protocol. When the Neutron Server is configured to
  use SSL the use_ssl flag in Neutron will be set to True. As it turns
  out, this also affects the Neutron metadata agent.

  We use OpenStack Liberty on Ubuntu 14.04 using cloud archive packages.

  To reproduce:

  Enable SSL in neutron.conf:
  use_ssl = True
  ssl_cert_file = /etc/neutron/ssl/cert.crt
  ssl_key_file = /etc/neutron/ssl/cert.key

  Do a request to the Neutron metadata proxy socket:
  echo 'GET /' | socat - UNIX-CONNECT:/var/lib/neutron/metadata_proxy

  Expected behaviour:
  Should return a HTTP 500 error, because of missing headers.

  Actual behaviour:
  Connection is immediately clossed.

  Workaround:
  Set 'use_ssl = False' in metadata_agent.ini.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1536258/+subscriptions
  Thread PreviousDate PreviousThread Next