serial console in Horizon is broken by origin header verification
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
High
|
Andrew Laski | ||
OpenStack Dashboard (Horizon) |
Invalid
|
Undecided
|
Aaron Sahlin |
Bug Description
Issue
=====
The console tab in Horizon doesn't show the console of the instance
anymore if the "serial console" feature is enabled.
Steps to reproduce
==================
* Enable "serial console" feature in "nova.conf"
[Default]
vnc_enabled=False
[serial_console]
enabled=True
base_
* Launch an instance
* Open to the "console" tab of that instance
Expected behavior
=================
The login prompt from the instance is shown via serial console
connection.
Actual behavior
===============
* Black screen + "Status: Closed"
* The traceback shows a validation error [1].
* If "base_url" is NOT set in "nova.conf" the console will still not
connect, but nothing will be logged.
Possible root causes
-------
This validation logic was introduced with [2]. The unit seems to be
based on the assumption that the serial console uses "https" [3]. AFAIK
the supposed protocol is "ws".
Logs & Env.
===========
Manually added debug log:
/opt/stack/
DEBUG nova.console.
[req-fae1b332-
origin: http, expected: ws
verify_origin_proto /opt/stack/
Nova version
------------
/opt/stack/nova$ git log --oneline -n5
90ee915 Merge "Add api microvesion unit test case for wsgi.action"
7885b74 Merge "Remove db layer hard-code permission checks for [...]
416f310 Merge "Remove db layer hard-code permission checks for [...]
ecb306b Merge "Remove db layer hard-code permission checks for [...]
6efc8ad Merge "libvirt: don't allow to resize down the default [...]
References
==========
[1] Traceback; nova.console.
http://
[2] Gerrit; Websocket Proxy should verify Origin header
https:/
[3] test_websocketp
https:/
Changed in nova: | |
status: | New → Incomplete |
Changed in nova: | |
milestone: | none → kilo-rc1 |
importance: | Undecided → High |
Changed in horizon: | |
status: | New → Invalid |
Changed in nova: | |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | kilo-rc1 → 2015.1.0 |
I added Horizon as affected project because in review [1] was mentioned that a possible client of the exposed API has to set the header correctly.
[1] https:/ /review. openstack. org/#/c/ 163033/ 6