[Bug 1408902] Re: ssl not served when https-service-endpoints are enabled

James Page james.page at ubuntu.com
Thu Feb 23 19:02:37 UTC 2017 

** Changed in: charm-nova-cloud-controller
   Importance: Undecided => Low

** Changed in: charm-nova-cloud-controller
       Status: New => Confirmed

** Changed in: charm-nova-cloud-controller
     Assignee: (unassigned) => Billy Olsen (billy-olsen)

** Changed in: nova-cloud-controller (Juju Charms Collection)
       Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to cinder in Juju Charms Collection.
Matching subscriptions: charm-bugs
https://bugs.launchpad.net/bugs/1408902

Title:
  ssl not served when https-service-endpoints are enabled

Status in OpenStack cinder charm:
  Confirmed
Status in OpenStack glance charm:
  Confirmed
Status in OpenStack nova-cloud-controller charm:
  Confirmed
Status in cinder package in Juju Charms Collection:
  Invalid
Status in glance package in Juju Charms Collection:
  Invalid
Status in nova-cloud-controller package in Juju Charms Collection:
  Invalid

Bug description:
  In a MAAS deployment which is serving providing dns for the nodes the
  service endpoints are registered with keystone as the fqdn of the node
  name. The apache proxy used to configure the SSL will do so for a
  virtual host which is named which is not used by the time the request
  hits the server since the clients etc will turn the hostname into an
  IP.

  For example, in my virtual MAAS cluster I have a cinder node which is
  named cinder.wolsen.local. This will cause the charm to advertise its
  service endpoints to keystone as https://cinder.wolsen.local:8776/v2
  and the apache https configuration to look as follows:

  Listen 8776
  <VirtualHost cinder.wolsen.local:8776>
      ServerName cinder.wolsen.local
      SSLEngine on
      ...
      PRoxyPreserveHost on
  </VirtualHost>

  The problem is that this configuration binds the virtualhost for
  cinder.wolsen.local which isn't served because the requests come in
  for the IP address.

  Attempts to communicate with the service using (for example) the
  cinder list command fails with the following:

  ubuntu at horizon:~$ cinder list
  ERROR: Unable to establish connection: [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
  ubuntu at horizon:~$

To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-cinder/+bug/1408902/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list