Image uploads fail in Horizon if upload mode is set to direct if endpoint set to internal.

Add a note/warning in the horizon role docs.

deployed Openstack with OSA.
None of the proposed solutions are working for me.
Using legacy mode for HORIZON_IMAGES_UPLOAD_MODE:
- I see the upload of the file
Once it reach 100% I get a :

78eb25f826d5.js:1210 POST https://openstack.xxxxx.local/api/glance/images/ 500 (INTERNAL SERVER ERROR)(anonymous function) @ 78eb25f826d5.js:1210sendReq @ 78eb25f826d5.js:1196serverRequest @ 78eb25f826d5.js:1183processQueue @ 78eb25f826d5.js:1419(anonymous function) @ 78eb25f826d5.js:1420$eval @ 78eb25f826d5.js:1463$digest @ 78eb25f826d5.js:1458$apply @ 78eb25f826d5.js:1464(anonymous function) @ 78eb25f826d5.js:1688dispatch @ 78eb25f826d5.js:332elemData.handle @ 78eb25f826d5.js:305
78eb25f826d5.js:1285 TypeError: Cannot read property 'data' of undefined
    at onCreateImage (a9baf234598d.js:674)
    at processQueue (78eb25f826d5.js:1419)
    at 78eb25f826d5.js:1420
    at Scope.$eval (78eb25f826d5.js:1463)
    at Scope.$digest (78eb25f826d5.js:1458)
    at Scope.$apply (78eb25f826d5.js:1464)
    at done (78eb25f826d5.js:1199)
    at completeRequest (78eb25f826d5.js:1214)
    at XMLHttpRequest.requestLoaded (78eb25f826d5.js:1208)

Hi, shouldn't we let the OPENSTACK_ENDPOINT_TYPE to default which is publicURL and not internalURL ?

One other important bit...

If using HORIZON_IMAGES_UPLOAD_MODE='direct', in addition to setting OPENSTACK_ENDPOINT_TYPE='publicURL', Glance API needs to be properly configured for CORS support, or else your browser will not be able to make API requests directly to Glance.

In glance-api-paste.ini, under [filter:cors] ensure you have your Horizon host specified under `allowed_origin`. I also had to augment the `allow_headers`, which strangely, did not allow the ORIGIN header, which is needed to make this all work...

[filter:cors]
paste.filter_factory = oslo_middleware.cors:filter_factory
oslo_config_project = glance
oslo_config_program = glance-api
allowed_origin = https://1.2.3.4
allow_headers = CONTENT-MD5,X-IMAGE-META-CHECKSUM,X-STORAGE-TOKEN,ACCEPT-ENCODING,X-AUTH-TOKEN,X-IDENTITY-STATUS,X-ROLES,X-SERVICE-CATALOG,X-USER-ID,X-TENANT-ID,X-OPENSTACK-REQUEST-ID,ACCEPT,ACCEPT-LANGUAGE,CONTENT-TYPE,CACHE-CONTROL,CONTENT-LANGUAGE,EXPIRES,LAST-MODIFIED,PRAGMA,ORIGIN

Root cause is in Horizon, I think here https://github.com/openstack/horizon/blob/86bec0003e677753de8abf3eb43f989f3caef33f/openstack_dashboard/api/glance.py#L374 it never makes sense to get the internal endpoint. It should be changed to base.url_for(request, 'image', 'publicURL') so that the endpoint chosen is always public. I will submit a PR ASAP.

Besides that, one needs to enable CORS, as @byron-mccollum suggested. Here I'm doing:

glance_glance_api_conf_overrides:
  cors:
    allowed_origin: "https://{{ horizon_server_name }}"

As HORIZON_IMAGES_UPLOAD_MODE == 'direct' is the default, maybe it makes sense for OSA to add this allowed_origin to the glance_api.conf template by default.

P.S.:

@archifleks OPENSTACK_ENDPOINT_TYPE == 'publicURL' can cause some issues, see https://bugs.launchpad.net/openstack-ansible/+bug/1624791/comments/4

Fix proposed to branch: master
Review: https://review.openstack.org/417142

Reviewed: https://review.openstack.org/417142
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=446e5aefb4354c9092d1cbc5ff258ee74558e769
Submitter: Jenkins
Branch: master

commit 446e5aefb4354c9092d1cbc5ff258ee74558e769
Author: Paulo Matias <email address hidden>
Date: Thu Jan 5 17:26:05 2017 -0200

    Always pass the public endpoint to the client

    Even if Horizon is configured to use internal endpoints for requests
    made by its server side to other OpenStack services, the client side
    should not be restricted to run only in networks which have access to
    the internal endpoints.

    Change-Id: Ibdc663a133670e8f07530c0d7c5ed7df2d92b99b
    Closes-Bug: #1639080

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/443090

Reviewed: https://review.openstack.org/443090
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=7670ce095a7da2c762dc269ce886d786b2662532
Submitter: Jenkins
Branch: stable/ocata

commit 7670ce095a7da2c762dc269ce886d786b2662532
Author: Paulo Matias <email address hidden>
Date: Thu Jan 5 17:26:05 2017 -0200

    Always pass the public endpoint to the client

    Even if Horizon is configured to use internal endpoints for requests
    made by its server side to other OpenStack services, the client side
    should not be restricted to run only in networks which have access to
    the internal endpoints.

    Change-Id: Ibdc663a133670e8f07530c0d7c5ed7df2d92b99b
    Closes-Bug: #1639080
    (cherry picked from commit 446e5aefb4354c9092d1cbc5ff258ee74558e769)

This issue was fixed in the openstack/horizon 11.0.1 release.

This issue was fixed in the openstack/horizon 12.0.0.0b1 development milestone.

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/464001

Reviewed: https://review.openstack.org/464001
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=85c1415c76a6fca5a9c6a7e26e7abe121a669310
Submitter: Jenkins
Branch: stable/newton

commit 85c1415c76a6fca5a9c6a7e26e7abe121a669310
Author: Paulo Matias <email address hidden>
Date: Thu Jan 5 17:26:05 2017 -0200

    Always pass the public endpoint to the client

    Even if Horizon is configured to use internal endpoints for requests
    made by its server side to other OpenStack services, the client side
    should not be restricted to run only in networks which have access to
    the internal endpoints.

    Change-Id: Ibdc663a133670e8f07530c0d7c5ed7df2d92b99b
    Closes-Bug: #1639080
    (cherry picked from commit 446e5aefb4354c9092d1cbc5ff258ee74558e769)

This issue was fixed in the openstack/horizon 10.0.4 release.

This issue may have some things in common with (but it is NOT a duplicate) https://bugs.launchpad.net/openstack-ansible/+bug/1971179