[Bug 1573766] Re: Enable the paste filter HTTPProxyToWSGI by default

Corey Bryant corey.bryant at canonical.com
Wed Jan 10 19:59:31 UTC 2018 

This bug was fixed in the package nova - 2:13.1.4-0ubuntu4.2~cloud0
---------------

 nova (2:13.1.4-0ubuntu4.2~cloud0) trusty-mitaka; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 nova (2:13.1.4-0ubuntu4.2) xenial; urgency=medium
 .
   [ Seyeong Kim ]
   * Add supporting http_proxy_to_wsgi to api-paste.ini (LP: #1573766)
     - d/p/0001-Add-http_proxy_to_wsgi-to-api-paste.patch
     - d/p/0002-Add-proxy-middleware-to-application-pipeline.patch
 .
   [ Edward Hope-Morley ]
   * Patch nova.db.sqlalchemy.api.compute_node_statistics() to
     exclude deleted services from stats count. This is the same
     fix as that backported to newton in bug 1692397 except that
     the actual patch is not backportable due to the underlying
     code changing extensively.
     - d/p/exlude-deleted-service-from-stats-count.patch (LP: #1692397)


** Changed in: cloud-archive/mitaka
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1573766

Title:
  Enable the paste filter HTTPProxyToWSGI by default

Status in OpenStack nova-cloud-controller charm:
  In Progress
Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive mitaka series:
  Fix Released
Status in OpenStack Compute (nova):
  Fix Released
Status in nova package in Ubuntu:
  Invalid
Status in nova source package in Xenial:
  Fix Released

Bug description:
  [Impact]

  Getting http link instead of https even if https setting is set.

  [Test case]

  1. deploy openstack ( with keystone charm option use-https, https-service-endpoints)
  2. create instance
  3. nova --debug list
     - check the result if https links are there.

  [Regression Potential]

  nova pkg will be affected by this patch. However, this patch modifies
  only api-paste.ini by adding http_proxy_to_wsgi. To accept this patch,
  nova service need to be restarted. Tested no vms are affected this
  patch, but APIs or daemons are temporarily.

  
  [Others]

  related commits ( which are already in comments )

  https://git.openstack.org/cgit/openstack/nova/commit/?id=b609a3b32ee8e68cef7e66fabff07ca8ad6d4649
  https://git.openstack.org/cgit/openstack/nova/commit/?id=6051f30a7e61c32833667d3079744b2d4fd1ce7c

  
  [Original Description]

  oslo middleware provides a paste filter that sets the correct proxy
  scheme and host. This is needed for the TLS proxy case.

  Without this then enabling the TLS proxy in devstack will fail
  configuring tempest because 'nova flavor-list' returns a http scheme
  in Location in a redirect it returns.

  I've proposed a temporary workaround in devstack using:

  +            iniset $NOVA_API_PASTE_INI filter:ssl_header_handler past
  e.filter_factory oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
  +            iniset $NOVA_API_PASTE_INI composite:openstack_compute_ap
  i_v21 keystone "ssl_header_handler cors compute_req_id faultwrap sizelimit autht
  oken keystonecontext osapi_compute_app_v21"

  But this isn't a long-term solution because two copies of the default
  paste filters will need to be maintained.

  See https://review.openstack.org/#/c/301172

To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-nova-cloud-controller/+bug/1573766/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list