yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1573766] [NEW] Enable the paste filter HTTPProxyToWSGI by default

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Rob Crittenden <rcritten@xxxxxxxxxx>
Date: Fri, 22 Apr 2016 19:41:26 -0000
Reply-to: Bug 1573766 <1573766@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

oslo middleware provides a paste filter that sets the correct proxy
scheme and host. This is needed for the TLS proxy case.

Without this then enabling the TLS proxy in devstack will fail
configuring tempest because 'nova flavor-list' returns a http scheme in
Location in a redirect it returns.

I've proposed a temporary workaround in devstack using:

+            iniset $NOVA_API_PASTE_INI filter:ssl_header_handler past
e.filter_factory oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
+            iniset $NOVA_API_PASTE_INI composite:openstack_compute_ap
i_v21 keystone "ssl_header_handler cors compute_req_id faultwrap sizelimit autht
oken keystonecontext osapi_compute_app_v21"

But this isn't a long-term solution because two copies of the default
paste filters will need to be maintained.

See https://review.openstack.org/#/c/301172

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1573766

Title:
  Enable the paste filter HTTPProxyToWSGI by default

Status in OpenStack Compute (nova):
  New

Bug description:
  oslo middleware provides a paste filter that sets the correct proxy
  scheme and host. This is needed for the TLS proxy case.

  Without this then enabling the TLS proxy in devstack will fail
  configuring tempest because 'nova flavor-list' returns a http scheme
  in Location in a redirect it returns.

  I've proposed a temporary workaround in devstack using:

  +            iniset $NOVA_API_PASTE_INI filter:ssl_header_handler past
  e.filter_factory oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
  +            iniset $NOVA_API_PASTE_INI composite:openstack_compute_ap
  i_v21 keystone "ssl_header_handler cors compute_req_id faultwrap sizelimit autht
  oken keystonecontext osapi_compute_app_v21"

  But this isn't a long-term solution because two copies of the default
  paste filters will need to be maintained.

  See https://review.openstack.org/#/c/301172

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1573766/+subscriptions

Follow ups

[Bug 1573766] Re: Enable the paste filter HTTPProxyToWSGI by default
From: Seyeong Kim, 2018-03-20
[Bug 1573766] Re: Enable the paste filter HTTPProxyToWSGI by default
From: Corey Bryant, 2018-01-10
[Bug 1573766] Re: Enable the paste filter HTTPProxyToWSGI by default
From: Launchpad Bug Tracker, 2017-12-18
[Bug 1573766] Re: Enable the paste filter HTTPProxyToWSGI by default
From: Corey Bryant, 2017-11-21
[Bug 1573766] Re: Enable the paste filter HTTPProxyToWSGI by default
From: Edward Hope-Morley, 2017-11-21
[Bug 1573766] Re: Enable the paste filter HTTPProxyToWSGI by default
From: Seyeong Kim, 2017-11-21
[Bug 1573766] Re: Enable the paste filter HTTPProxyToWSGI by default
From: Seyeong Kim, 2017-11-20
[Bug 1573766] Re: Enable the paste filter HTTPProxyToWSGI by default
From: OpenStack Infra, 2016-05-24
[Bug 1573766] Re: Enable the paste filter HTTPProxyToWSGI by default
From: Juan Antonio Osorio Robles, 2016-05-23