If you hit the root page of many of the services (keystone, glance-api,
cinder and nova-api at least), the output will include the available
versions and their URLs.
These URLs are more or less hardcoded, with a config override.
In keystone these are public_endpoint and admin_endpoint, in glance-api
it is public_endpoint, etc.
This works fine for the default cases but falls down if you want to put
a proxy in front of it, I'm testing the TLS-proxy case. The advertised
values by default are unsecured which caused all sorts of interesting
failures in devstack.
These values are already available in the service catalog. I can fix
this short-term by setting values URLs in devstack but that is a hack at
best. It should either pull the values out of the catalog with each
request, or perhaps more performant, cache the values for some period.
Here is an example with the config options set in devstack with the
tls-proxy service enabled:
% curl https://localhost:5000
{"versions": {"values": [{"status": "stable", "updated":
"2015-03-30T00:00:00Z", "media-types": [{"base": "application/json",
"type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.4",
"links": [{"href": "https://localhost:5000/v3/";, "rel": "self"}]},
{"status": "stable", "updated": "2014-04-17T00:00:00Z", "media-types":
[{"base": "application/json", "type":
"application/vnd.openstack.identity-v2.0+json"}], "id": "v2.0", "links":
[{"href": "https://localhost:5000/v2.0/";, "rel": "self"}, {"href":
"http://docs.openstack.org/";, "type": "text/html", "rel":
"describedby"}]}]}}
Here are two reviews demonstrating the issue that are blocked because
fixing it in the config is not the best way to fix this overall:
https://review.openstack.org/187346
https://review.openstack.org/188879
So in short, how should we address this? How will the fixes be
coordinated, as we don't need four or five different solutions to the
same problem?
rob
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
