Public bug reported: When keystone set up behind SSL termintator then it returns 'http' as protocol in URLs returned by version list command -
user@host:~$ curl https://MYHOST:5000/ {"versions": {"values": [{"status": "stable", "updated": "2013-03-06T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}, {"base": "application/xml", "type": "application/vnd.openstack.identity-v3+xml"}], "id": "v3.0", "links": [{"href": "http://MYHOST:5000/v3/";, "rel": "self"}]}, {"status": "stable", "updated": "2014-04-17T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v2.0+json"}, {"base": "application/xml", "type": "application/vnd.openstack.identity-v2.0+xml"}], "id": "v2.0", "links": [{"href": "http://MYHOST:5000/v2.0/";, "rel": "self"}, {"href": "http://docs.openstack.org/api/openstack-identity-service/2.0/content/";, "type": "text/html", "rel": "describedby"}, {"href": "http://docs.openstack.org/api/openstack-identity-service/2.0/identity- dev-guide-2.0.pdf", "type": "application/pdf", "rel": "describedby"}]}]}} my ha_proxyconfig - frontend keystone_main_frontend bind 172.31.7.253:5000 bind 172.31.7.252:5000 ssl crt /etc/haproxy/certs/runtime reqadd X-Forwarded-Proto:\ https if { ssl_fc } default_backend keystone_main_backend option httpclose option http-pretend-keepalive option forwardfor backend keystone_main_backend server HOST1 172.31.0.10:5000 check server HOST2 172.31.0.12:5000 check server HOST3 172.31.0.16:5000 check Similar bug is here https://bugs.launchpad.net/heat/+bug/1235555 And because of this bug last cinder client doesn't work - user@host:~$cinder --os-username admin --os-tenant-name admin --os-password password --os-auth-url https://MYHOST:5000/v2.0/ --endpoint-type publicURL --debug list ERROR: Unable to establish connection to http://MYHOST:5000/v2.0/tokens Also - if I set public_endpoint and admin_endpoint in keystone.conf to use 'https' proto then all works. ** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1370022 Title: Keystone cannot cope with being behind an SSL terminator for version list Status in OpenStack Identity (Keystone): New Bug description: When keystone set up behind SSL termintator then it returns 'http' as protocol in URLs returned by version list command - user@host:~$ curl https://MYHOST:5000/ {"versions": {"values": [{"status": "stable", "updated": "2013-03-06T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}, {"base": "application/xml", "type": "application/vnd.openstack.identity-v3+xml"}], "id": "v3.0", "links": [{"href": "http://MYHOST:5000/v3/";, "rel": "self"}]}, {"status": "stable", "updated": "2014-04-17T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v2.0+json"}, {"base": "application/xml", "type": "application/vnd.openstack.identity-v2.0+xml"}], "id": "v2.0", "links": [{"href": "http://MYHOST:5000/v2.0/";, "rel": "self"}, {"href": "http://docs.openstack.org/api/openstack-identity- service/2.0/content/", "type": "text/html", "rel": "describedby"}, {"href": "http://docs.openstack.org/api/openstack-identity-service/2.0 /identity-dev-guide-2.0.pdf", "type": "application/pdf", "rel": "describedby"}]}]}} my ha_proxyconfig - frontend keystone_main_frontend bind 172.31.7.253:5000 bind 172.31.7.252:5000 ssl crt /etc/haproxy/certs/runtime reqadd X-Forwarded-Proto:\ https if { ssl_fc } default_backend keystone_main_backend option httpclose option http-pretend-keepalive option forwardfor backend keystone_main_backend server HOST1 172.31.0.10:5000 check server HOST2 172.31.0.12:5000 check server HOST3 172.31.0.16:5000 check Similar bug is here https://bugs.launchpad.net/heat/+bug/1235555 And because of this bug last cinder client doesn't work - user@host:~$cinder --os-username admin --os-tenant-name admin --os-password password --os-auth-url https://MYHOST:5000/v2.0/ --endpoint-type publicURL --debug list ERROR: Unable to establish connection to http://MYHOST:5000/v2.0/tokens Also - if I set public_endpoint and admin_endpoint in keystone.conf to use 'https' proto then all works. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1370022/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
