[Openstack] Novaclient redirect endpoint https into http

Nguyễn Trọng Tấn nguyentrongtan124 at gmail.com
Thu Jul 5 01:12:39 UTC 2018 

Thanks you katynski for response.

But, I had config Haproxy correctly. Here is my config: http://prntscr.com/k2ofwv

And, when I use openstack command, that is successful. Here: http://prntscr.com/k2ogau

I don’t think I config wrong. I can create, delete, list, show any VM with openstack command successfully.



Thanks and Best Regards!

Nguyen Trong Tan

Openstack group user VietNam.



-----Original Message-----
From: Bogdan Katynski [mailto:bogdan.katynski at workday.com] 
Sent: Wednesday, July 4, 2018 9:50 PM
To: Nguyễn Trọng Tấn <nguyentrongtan124 at gmail.com>
Cc: openstack-operators at lists.openstack.org; openstack at lists.openstack.org; Lê Quang Long (VDC-IT) <longlq.uct at gmail.com>
Subject: Re: [Openstack] Novaclient redirect endpoint https into http


>  
> But, I can not use nova command, endpoint nova have been redirected from https to http. Here: http://prntscr.com/k2e8s6 (command: nova –insecure service list)

First of all, it seems that the nova client is hitting /v2.1 instead of /v2.1/ URI and this seems to be triggering the redirect.

Since openstack CLI works, I presume it must be using the correct URL and hence it’s not getting redirected.

>  
> And this is error log: Unable to establish connection to http://192.168.30.70:8774/v2.1/: ('Connection aborted.', BadStatusLine("''",))
>  

Looks to me that nova-api does a redirect to an absolute URL. I suspect SSL is terminated on the HAProxy and nova-api itself is configured without SSL so it redirects to an http URL.

In my opinion, nova would be more load-balancer friendly if it used a relative URI in the redirect but that’s outside of the scope of this question and since I don’t know the context behind choosing the absolute URL, I could be wrong on that.

I had a similar problem with heat-api running behind an Apache reverse proxy, and managed to resolve it by applying the workaround from this bug report:

https://bugs.launchpad.net/python-heatclient/+bug/1420907

Setting

X-Forwarded-Proto: https 

before forwarding the request to heat-api fixed the issue for me.

-- 
Bogdan Katyński
freenode: bodgix

More information about the Openstack mailing list