[Bug 1408902] Re: ssl not served when https-service-endpoints are enabled

James Page james.page at ubuntu.com
Thu Feb 23 19:02:37 UTC 2017

** Changed in: charm-nova-cloud-controller
   Importance: Undecided => Low

** Changed in: charm-nova-cloud-controller
       Status: New => Confirmed

** Changed in: charm-nova-cloud-controller
     Assignee: (unassigned) => Billy Olsen (billy-olsen)

** Changed in: nova-cloud-controller (Juju Charms Collection)
       Status: Confirmed => Invalid

You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to cinder in Juju Charms Collection.
Matching subscriptions: charm-bugs

  ssl not served when https-service-endpoints are enabled

Status in OpenStack cinder charm:
Status in OpenStack glance charm:
Status in OpenStack nova-cloud-controller charm:
Status in cinder package in Juju Charms Collection:
Status in glance package in Juju Charms Collection:
Status in nova-cloud-controller package in Juju Charms Collection:

Bug description:
  In a MAAS deployment which is serving providing dns for the nodes the
  service endpoints are registered with keystone as the fqdn of the node
  name. The apache proxy used to configure the SSL will do so for a
  virtual host which is named which is not used by the time the request
  hits the server since the clients etc will turn the hostname into an

  For example, in my virtual MAAS cluster I have a cinder node which is
  named cinder.wolsen.local. This will cause the charm to advertise its
  service endpoints to keystone as https://cinder.wolsen.local:8776/v2
  and the apache https configuration to look as follows:

  Listen 8776
  <VirtualHost cinder.wolsen.local:8776>
      ServerName cinder.wolsen.local
      SSLEngine on
      PRoxyPreserveHost on

  The problem is that this configuration binds the virtualhost for
  cinder.wolsen.local which isn't served because the requests come in
  for the IP address.

  Attempts to communicate with the service using (for example) the
  cinder list command fails with the following:

  ubuntu at horizon:~$ cinder list
  ERROR: Unable to establish connection: [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
  ubuntu at horizon:~$

To manage notifications about this bug go to:

More information about the Ubuntu-openstack-bugs mailing list