Running novnc proxy behind haproxy with SSL result an error :
client -- SSL --> haproxy 6080 -- TCP --> proxy 6080 -- TCP --> compute 59xx
9109: TRACE nova.console.websocketproxy Traceback (most recent call last):
9109: TRACE nova.console.websocketproxy File "/usr/lib/python2.7/site-packages/websockify/websocket.py", line 874, in top_new_client
9109: TRACE nova.console.websocketproxy client = self.do_handshake(startsock, address)
9109: TRACE nova.console.websocketproxy File "/usr/lib/python2.7/site-packages/websockify/websocket.py", line 809, in do_handshake
9109: TRACE nova.console.websocketproxy self.RequestHandlerClass(retsock, address, self)
9109: TRACE nova.console.websocketproxy File "/usr/lib/python2.7/site-packages/nova/console/websocketproxy.py", line 150, in __init__
9109: TRACE nova.console.websocketproxy websockify.ProxyRequestHandler.__init__(self, *args, **kwargs)
9109: TRACE nova.console.websocketproxy File "/usr/lib/python2.7/site-packages/websockify/websocket.py", line 112, in __init__
9109: TRACE nova.console.websocketproxy SimpleHTTPRequestHandler.__init__(self, req, addr, server)
9109: TRACE nova.console.websocketproxy File "/usr/lib64/python2.7/SocketServer.py", line 649, in __init__
9109: TRACE nova.console.websocketproxy self.handle()
9109: TRACE nova.console.websocketproxy File "/usr/lib/python2.7/site-packages/websockify/websocket.py", line 540, in handle
9109: TRACE nova.console.websocketproxy SimpleHTTPRequestHandler.handle(self)
9109: TRACE nova.console.websocketproxy File "/usr/lib64/python2.7/BaseHTTPServer.py", line 340, in handle
9109: TRACE nova.console.websocketproxy self.handle_one_request()
9109: TRACE nova.console.websocketproxy File "/usr/lib64/python2.7/BaseHTTPServer.py", line 328, in handle_one_request
9109: TRACE nova.console.websocketproxy method()
9109: TRACE nova.console.websocketproxy File "/usr/lib/python2.7/site-packages/websockify/websocket.py", line 506, in do_GET
9109: TRACE nova.console.websocketproxy if not self.handle_websocket():
9109: TRACE nova.console.websocketproxy File "/usr/lib/python2.7/site-packages/websockify/websocket.py", line 494, in handle_websocket
9109: TRACE nova.console.websocketproxy self.new_websocket_client()
9109: TRACE nova.console.websocketproxy File "/usr/lib/python2.7/site-packages/nova/console/websocketproxy.py", line 108, in new_websocket_client
9109: TRACE nova.console.websocketproxy raise exception.ValidationError(detail=detail)
9109: TRACE nova.console.websocketproxy ValidationError: Origin header protocol does not match this host.
9109: TRACE nova.console.websocketproxy
This is due to the fix of a CVE push to nova https://bugs.launchpad.net/nova/+bug/1409142
We need now to configure novncproxy_base_url on the controller nodes with the same value we have on the compute nodes because the default value is http://127.0.0.1:6080/vnc_auto.html
https://bugs.launchpad.net/puppet-nova/+bug/1436969
A simple fix should be to use nova::vncproxy::common on the controller nodes :
https://github.com/stackforge/puppet-nova/blob/master/manifests/vncproxy/common.pp
This bug affects J.1.1.0 and above
The problem only occurs when cloud:: compute: :consoleproxy and cloud:: compute: :hypervisor are not on the same node. compute: :hypervisor.
Because novncproxy_base_url is configured by nova::compute in cloud::