serial console in Horizon is broken by origin header verification
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Compute (nova) |
Fix Released
|
High
|
Andrew Laski | ||
| OpenStack Dashboard (Horizon) |
Invalid
|
Undecided
|
Aaron Sahlin | ||
Bug Description
Issue
=====
The console tab in Horizon doesn't show the console of the instance
anymore if the "serial console" feature is enabled.
Steps to reproduce
==================
* Enable "serial console" feature in "nova.conf"
[Default]
vnc_enabled=False
[serial_console]
enabled=True
base_
* Launch an instance
* Open to the "console" tab of that instance
Expected behavior
=================
The login prompt from the instance is shown via serial console
connection.
Actual behavior
===============
* Black screen + "Status: Closed"
* The traceback shows a validation error [1].
* If "base_url" is NOT set in "nova.conf" the console will still not
connect, but nothing will be logged.
Possible root causes
-------
This validation logic was introduced with [2]. The unit seems to be
based on the assumption that the serial console uses "https" [3]. AFAIK
the supposed protocol is "ws".
Logs & Env.
===========
Manually added debug log:
/opt/stack/
DEBUG nova.console.
[req-fae1b332-
origin: http, expected: ws
verify_origin_proto /opt/stack/
Nova version
------------
/opt/stack/nova$ git log --oneline -n5
90ee915 Merge "Add api microvesion unit test case for wsgi.action"
7885b74 Merge "Remove db layer hard-code permission checks for [...]
416f310 Merge "Remove db layer hard-code permission checks for [...]
ecb306b Merge "Remove db layer hard-code permission checks for [...]
6efc8ad Merge "libvirt: don't allow to resize down the default [...]
References
==========
[1] Traceback; nova.console.
http://
[2] Gerrit; Websocket Proxy should verify Origin header
https:/
[3] test_websocketp
https:/
| Markus Zoeller (markus_z) (mzoeller) wrote | #1 |
| Markus Zoeller (markus_z) (mzoeller) wrote | #2 |
| Changed in nova: | |
| status: | New → Incomplete |
| Markus Zoeller (markus_z) (mzoeller) wrote | #3 |
| Aaron Sahlin (asahlin) wrote | #4 |
| Changed in horizon: | |
| assignee: | nobody → Aaron Sahlin (asahlin) |
| OpenStack Infra (hudson-openstack) wrote Fix proposed to nova (master) | #5 |
| Changed in nova: | |
| assignee: | nobody → Andrew Laski (alaski) |
| status: | Incomplete → In Progress |
| Tristan Cacqueray (tristan-cacqueray) wrote | #6 |
| Changed in nova: | |
| milestone: | none → kilo-rc1 |
| importance: | Undecided → High |
| Changed in horizon: | |
| status: | New → Invalid |
| OpenStack Infra (hudson-openstack) wrote Fix merged to nova (master) | #7 |
| Changed in nova: | |
| status: | In Progress → Fix Committed |
| Changed in nova: | |
| status: | Fix Committed → Fix Released |
| Changed in nova: | |
| milestone: | kilo-rc1 → 2015.1.0 |
I added Horizon as affected project because in review [1] was mentioned that a possible client of the exposed API has to set the header correctly.
[1] https:/