[Bug 1573766] Re: Enable the paste filter HTTPProxyToWSGI by default

Ubuntu Foundations Team Bug Bot 1573766 at bugs.launchpad.net
Tue Nov 21 04:23:14 UTC 2017 

The attachment "lp1573766_xenial.debdiff" seems to be a debdiff.  The
ubuntu-sponsors team has been subscribed to the bug report so that they
can review and hopefully sponsor the debdiff.  If the attachment isn't a
patch, please remove the "patch" flag from the attachment, remove the
"patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe
the team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issue please contact him.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1573766

Title:
  Enable the paste filter HTTPProxyToWSGI by default

Status in OpenStack nova-cloud-controller charm:
  New
Status in OpenStack Compute (nova):
  Fix Released
Status in nova package in Ubuntu:
  New

Bug description:
  [Impact]

  Getting http link instead of https even if https setting is set.

  [Test case]

  1. deploy openstack ( with keystone charm option use-https, https-service-endpoints)
  2. create instance
  3. nova --debug list
     - check the result if https links are there.

  [Regression Potential]

  nova pkg will be affected by this patch. However, this patch modifies
  only api-paste.ini by adding http_proxy_to_wsgi. To accept this patch,
  nova service need to be restarted. Tested no vms are affected this
  patch, but APIs or daemons are temporarily.

  
  [Others]

  related commits ( which are already in comments )

  https://git.openstack.org/cgit/openstack/nova/commit/?id=b609a3b32ee8e68cef7e66fabff07ca8ad6d4649
  https://git.openstack.org/cgit/openstack/nova/commit/?id=6051f30a7e61c32833667d3079744b2d4fd1ce7c

  
  [Original Description]

  oslo middleware provides a paste filter that sets the correct proxy
  scheme and host. This is needed for the TLS proxy case.

  Without this then enabling the TLS proxy in devstack will fail
  configuring tempest because 'nova flavor-list' returns a http scheme
  in Location in a redirect it returns.

  I've proposed a temporary workaround in devstack using:

  +            iniset $NOVA_API_PASTE_INI filter:ssl_header_handler past
  e.filter_factory oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
  +            iniset $NOVA_API_PASTE_INI composite:openstack_compute_ap
  i_v21 keystone "ssl_header_handler cors compute_req_id faultwrap sizelimit autht
  oken keystonecontext osapi_compute_app_v21"

  But this isn't a long-term solution because two copies of the default
  paste filters will need to be maintained.

  See https://review.openstack.org/#/c/301172

To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-nova-cloud-controller/+bug/1573766/+subscriptions

More information about the Ubuntu-sponsors mailing list