keystone under https incorrectly advertises an http public endpoint
Bug #1371795 reported by
James Page
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
keystone (Juju Charms Collection) |
Fix Released
|
High
|
James Page |
Bug Description
Although the catalog entry is https, internally keystone appears to think its still running under http, so neutron and glance clients try to auth using http instead of https; this data is configured using the public_endpoint configuration option. Probably also makes sense to set admin_endpoint as well.
Appears to impact >= icehouse.
Related branches
lp:~james-page/charms/trusty/keystone/bug-1371795
- OpenStack Charmers: Pending requested
-
Diff: 103 lines (+33/-22)3 files modifiedhooks/keystone_context.py (+15/-1)
hooks/keystone_utils.py (+12/-17)
templates/icehouse/keystone.conf (+6/-4)
description: | updated |
Changed in keystone (Juju Charms Collection): | |
assignee: | nobody → James Page (james-page) |
status: | Confirmed → In Progress |
tags: | added: openstack |
Changed in keystone (Juju Charms Collection): | |
status: | In Progress → Fix Released |
To post a comment you must log in.
I was hoping that setting X-Forwarded-Scheme https would resolve this, however eventlets wsgi will only set scheme to https if eventlet is actually doing the SSL.
This is probably a bug in eventlet; the fix in the charm is to set the publc and admin endpoints in keystone.conf