[Openstack] Novaclient redirect endpoint https into http
Nguyễn Trọng Tấn
nguyentrongtan124 at gmail.com
Thu Jul 5 01:54:59 UTC 2018
Thank you Juan Antonio Osorio!
With you response, I had fixed this error. I must add more config in nova.conf.
Here:
[oslo_middleware]
secure_proxy_ssl_header = X-Forwarded-Proto
enable_proxy_headers_parsing = true
Now, I can use nova command normally.
http://prntscr.com/k2oq7o
Thank you very much.
Thanks and Best Regards!
Nguyen Trong Tan
Openstack group user VietNam.
From: Juan Antonio Osorio [mailto:jaosorior at gmail.com]
Sent: Thursday, July 5, 2018 8:37 AM
To: Nguyễn Trọng Tấn <nguyentrongtan124 at gmail.com>
Cc: Bogdan Katynski <bogdan.katynski at workday.com>; openstack at lists.openstack.org; Lê Quang Long (VDC-IT) <longlq.uct at gmail.com>
Subject: Re: [Openstack] Novaclient redirect endpoint https into http
Are you using http_to_wsgi_middleware? Gotta enable that in the nova config and make sure its in your paste config.
On Wed, 4 Jul 2018, 20:22 Nguyễn Trọng Tấn, <nguyentrongtan124 at gmail.com <mailto:nguyentrongtan124 at gmail.com> > wrote:
Thanks you katynski for response.
But, I had config Haproxy correctly. Here is my config: http://prntscr.com/k2ofwv
And, when I use openstack command, that is successful. Here: http://prntscr.com/k2ogau
I don’t think I config wrong. I can create, delete, list, show any VM with openstack command successfully.
Thanks and Best Regards!
Nguyen Trong Tan
Openstack group user VietNam.
-----Original Message-----
From: Bogdan Katynski [mailto:bogdan.katynski at workday.com <mailto:bogdan.katynski at workday.com> ]
Sent: Wednesday, July 4, 2018 9:50 PM
To: Nguyễn Trọng Tấn <nguyentrongtan124 at gmail.com <mailto:nguyentrongtan124 at gmail.com> >
Cc: openstack-operators at lists.openstack.org <mailto:openstack-operators at lists.openstack.org> ; openstack at lists.openstack.org <mailto:openstack at lists.openstack.org> ; Lê Quang Long (VDC-IT) <longlq.uct at gmail.com <mailto:longlq.uct at gmail.com> >
Subject: Re: [Openstack] Novaclient redirect endpoint https into http
>
> But, I can not use nova command, endpoint nova have been redirected from https to http. Here: http://prntscr.com/k2e8s6 (command: nova –insecure service list)
First of all, it seems that the nova client is hitting /v2.1 instead of /v2.1/ URI and this seems to be triggering the redirect.
Since openstack CLI works, I presume it must be using the correct URL and hence it’s not getting redirected.
>
> And this is error log: Unable to establish connection to http://192.168.30.70:8774/v2.1/: ('Connection aborted.', BadStatusLine("''",))
>
Looks to me that nova-api does a redirect to an absolute URL. I suspect SSL is terminated on the HAProxy and nova-api itself is configured without SSL so it redirects to an http URL.
In my opinion, nova would be more load-balancer friendly if it used a relative URI in the redirect but that’s outside of the scope of this question and since I don’t know the context behind choosing the absolute URL, I could be wrong on that.
I had a similar problem with heat-api running behind an Apache reverse proxy, and managed to resolve it by applying the workaround from this bug report:
https://bugs.launchpad.net/python-heatclient/+bug/1420907
Setting
X-Forwarded-Proto: https
before forwarding the request to heat-api fixed the issue for me.
--
Bogdan Katyński
freenode: bodgix
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack at lists.openstack.org <mailto:openstack at lists.openstack.org>
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20180705/75ec912f/attachment.html>
More information about the Openstack
mailing list