Open Stack

Thank you Juan Antonio Osorio!

 

With you response, I had fixed this error. I must add more config in nova.conf.

Here:

[oslo_middleware]

secure_proxy_ssl_header = X-Forwarded-Proto

enable_proxy_headers_parsing = true

 

Now, I can use nova command normally.

 

http://prntscr.com/k2oq7o

 

Thank you very much.

 

 

Thanks and Best Regards!

 

Nguyen Trong Tan

 

Openstack group user VietNam.

 

 

 

From: Juan Antonio Osorio [mailto:jaosorior at gmail.com] 
Sent: Thursday, July 5, 2018 8:37 AM
To: Nguyễn Trọng Tấn <nguyentrongtan124 at gmail.com>
Cc: Bogdan Katynski <bogdan.katynski at workday.com>; openstack at lists.openstack.org; Lê Quang Long (VDC-IT) <longlq.uct at gmail.com>
Subject: Re: [Openstack] Novaclient redirect endpoint https into http

 

Are you using http_to_wsgi_middleware? Gotta enable that in the nova config and make sure its in your paste config.

 

On Wed, 4 Jul 2018, 20:22 Nguyễn Trọng Tấn, <nguyentrongtan124 at gmail.com <mailto:nguyentrongtan124 at gmail.com> > wrote:

Thanks you katynski for response.

But, I had config Haproxy correctly. Here is my config: http://prntscr.com/k2ofwv

And, when I use openstack command, that is successful. Here: http://prntscr.com/k2ogau

I don’t think I config wrong. I can create, delete, list, show any VM with openstack command successfully.



Thanks and Best Regards!

Nguyen Trong Tan

Openstack group user VietNam.



-----Original Message-----
From: Bogdan Katynski [mailto:bogdan.katynski at workday.com <mailto:bogdan.katynski at workday.com> ] 
Sent: Wednesday, July 4, 2018 9:50 PM
To: Nguyễn Trọng Tấn <nguyentrongtan124 at gmail.com <mailto:nguyentrongtan124 at gmail.com> >
Cc: openstack-operators at lists.openstack.org <mailto:openstack-operators at lists.openstack.org> ; openstack at lists.openstack.org <mailto:openstack at lists.openstack.org> ; Lê Quang Long (VDC-IT) <longlq.uct at gmail.com <mailto:longlq.uct at gmail.com> >
Subject: Re: [Openstack] Novaclient redirect endpoint https into http


>  
> But, I can not use nova command, endpoint nova have been redirected from https to http. Here: http://prntscr.com/k2e8s6 (command: nova –insecure service list)

First of all, it seems that the nova client is hitting /v2.1 instead of /v2.1/ URI and this seems to be triggering the redirect.

Since openstack CLI works, I presume it must be using the correct URL and hence it’s not getting redirected.

>  
> And this is error log: Unable to establish connection to http://192.168.30.70:8774/v2.1/: ('Connection aborted.', BadStatusLine("''",))
>  

Looks to me that nova-api does a redirect to an absolute URL. I suspect SSL is terminated on the HAProxy and nova-api itself is configured without SSL so it redirects to an http URL.

In my opinion, nova would be more load-balancer friendly if it used a relative URI in the redirect but that’s outside of the scope of this question and since I don’t know the context behind choosing the absolute URL, I could be wrong on that.

I had a similar problem with heat-api running behind an Apache reverse proxy, and managed to resolve it by applying the workaround from this bug report:

https://bugs.launchpad.net/python-heatclient/+bug/1420907

Setting

X-Forwarded-Proto: https 

before forwarding the request to heat-api fixed the issue for me.

-- 
Bogdan Katyński
freenode: bodgix







_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack at lists.openstack.org <mailto:openstack at lists.openstack.org> 
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20180705/75ec912f/attachment.html>