neutron metadata ns proxy does not support ssl
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Medium
|
Vincent Untz |
Bug Description
When SSL is enabled in the neutron metadata agent the neutron metadata ns proxy isn't able to communicate to the neutron metadata agent via the unix domain socket and every request results in a BadStatusLine error:
2015-11-06 16:30:44.060 269669 INFO neutron.wsgi [-] 192.168.0.2 - - [06/Nov/2015 16:30:44] "GET /2009-04-
2015-11-06 16:30:56.064 269669 INFO neutron.wsgi [-] (269669) accepted ('192.168.0.2', 50879)
2015-11-06 16:30:56.071 269669 ERROR neutron.
2015-11-06 16:30:56.071 269669 ERROR neutron.
2015-11-06 16:30:56.071 269669 ERROR neutron.
2015-11-06 16:30:56.071 269669 ERROR neutron.
2015-11-06 16:30:56.071 269669 ERROR neutron.
2015-11-06 16:30:56.071 269669 ERROR neutron.
2015-11-06 16:30:56.071 269669 ERROR neutron.
2015-11-06 16:30:56.071 269669 ERROR neutron.
2015-11-06 16:30:56.071 269669 ERROR neutron.
2015-11-06 16:30:56.071 269669 ERROR neutron.
2015-11-06 16:30:56.071 269669 ERROR neutron.
2015-11-06 16:30:56.071 269669 ERROR neutron.
2015-11-06 16:30:56.071 269669 ERROR neutron.
2015-11-06 16:30:56.071 269669 ERROR neutron.
2015-11-06 16:30:56.071 269669 ERROR neutron.
2015-11-06 16:30:56.071 269669 ERROR neutron.
2015-11-06 16:30:56.071 269669 ERROR neutron.
2015-11-06 16:30:56.071 269669 ERROR neutron.
2015-11-06 16:30:56.071 269669 ERROR neutron.
2015-11-06 16:30:56.071 269669 ERROR neutron.
It seems that the neutron metadata ns proxy does not support SSL for the communication.
Changed in neutron: | |
importance: | Undecided → Medium |
status: | New → Confirmed |
tags: | added: l3-ipam-dhcp |
Changed in neutron: | |
assignee: | nobody → Cedric Brandily (cbrandily) |
tags: | added: neutron-proactive-backport-potential |
tags: | removed: neutron-proactive-backport-potential |
Fixed this issue patching the /usr/lib/ python2. 7/dist- packages/ neutron/ agent/linux/ utils.py file, enabling always SSL:
* changed super class of UnixDomainHTTPC onnection from HTTPConnection to HTTPSConnection
* wrapped unix domain socket into a SSL socket