Reviewed: https://review.openstack.org/318603 Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=b609a3b32ee8e68cef7e66fabff07ca8ad6d4649 Submitter: Jenkins Branch: master
commit b609a3b32ee8e68cef7e66fabff07ca8ad6d4649 Author: Juan Antonio Osorio Robles <[email protected]> Date: Thu May 19 15:10:22 2016 +0300 Add http_proxy_to_wsgi to api-paste This sets up the HTTPProxyToWSGI middleware in front of Nova-API. The purpose of thise middleware is to set up the request URL correctly in case there is a proxy (For instance, a loadbalancer such as HAProxy) in front of Nova. So, for instance, when TLS connections are being terminated in the proxy, and one tries to get the versions from the / resource of Nova, one will notice that the protocol is incorrect; It will show 'http' instead of 'https'. So this middleware handles such cases. Thus helping Keystone discovery work correctly. The HTTPProxyToWSGI is off by default and needs to be enabled via a configuration value. Change-Id: Ia78f73e96585ab33a379a0b0be6d9682f7fbd810 Closes-Bug: #1573766 ** Changed in: nova Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1573766 Title: Enable the paste filter HTTPProxyToWSGI by default Status in OpenStack Compute (nova): Fix Released Bug description: oslo middleware provides a paste filter that sets the correct proxy scheme and host. This is needed for the TLS proxy case. Without this then enabling the TLS proxy in devstack will fail configuring tempest because 'nova flavor-list' returns a http scheme in Location in a redirect it returns. I've proposed a temporary workaround in devstack using: + iniset $NOVA_API_PASTE_INI filter:ssl_header_handler past e.filter_factory oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory + iniset $NOVA_API_PASTE_INI composite:openstack_compute_ap i_v21 keystone "ssl_header_handler cors compute_req_id faultwrap sizelimit autht oken keystonecontext osapi_compute_app_v21" But this isn't a long-term solution because two copies of the default paste filters will need to be maintained. See https://review.openstack.org/#/c/301172 To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1573766/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
