On Tue, Sep 28 2021 at 05:19:29 PM +1000, Ian Wienand <iwienand at redhat.com> wrote: > On Tue, Sep 28, 2021 at 03:27:23PM +1000, Ian Wienand wrote: >> The recent security update @ >> >> https://launchpad.net/ubuntu/focal/+source/apache2/+changelog >> >> does a lot of stuff. > > frickler was actually onto this before me; see [1]. > > In short, it looks like we have found an issue with our ProxyPass > config and the way it uses trailing slashes. See [2] > > We can either do > > ProxyPass "/placement/" > "unix:/var/run/uwsgi/placement-api.socket|uwsgi://uwsgi-uds-placement-api/" > retry=0 > > (note "placement/" and then "uwsgi://uwsgi-uds-placement-api/") or > > ProxyPass "/placement" > "unix:/var/run/uwsgi/placement-api.socket|uwsgi://uwsgi-uds-placement-api" > retry=0 > > both appear to work. I'm not sure which is better? We could enforce > either in the function. As of right now 811303 is still testing, but > it's looking good. Thank you all for troubleshooting and finding the solution. I think we need to use the '/placement' variant to allow GET http://<ip>/placement to be routed to the placement app. As far as I see if we use '/placement/' variant then /placement is not routed and that would be a breaking API change. Cheers, gibi > > -i > > [1] > https://meetings.opendev.org/irclogs/%23openstack-qa/%23openstack-qa.2021-09-28.log.html#t2021-09-28T03:54:49 > [2] https://review.opendev.org/c/openstack/devstack/+/811303 > >