diff -Nru nova-13.1.4/debian/changelog nova-13.1.4/debian/changelog --- nova-13.1.4/debian/changelog 2017-10-06 05:04:40.000000000 -0700 +++ nova-13.1.4/debian/changelog 2017-11-20 16:51:09.000000000 -0800 @@ -1,3 +1,11 @@ +nova (2:13.1.4-0ubuntu4.2~cloud0) trusty-mitaka; urgency=medium + + * Add supporting http_proxy_to_wsgi to api-paste.ini (LP: #1573766) + - d/p/0001-Add-http_proxy_to_wsgi-to-api-paste.patch + - d/p/0002-Add-proxy-middleware-to-application-pipeline.patch + + -- Seyeong Kim Mon, 20 Nov 2017 16:50:20 -0800 + nova (2:13.1.4-0ubuntu4.1~cloud0) trusty-mitaka; urgency=medium * New update for the Ubuntu Cloud Archive. diff -Nru nova-13.1.4/debian/patches/0001-Add-http_proxy_to_wsgi-to-api-paste.patch nova-13.1.4/debian/patches/0001-Add-http_proxy_to_wsgi-to-api-paste.patch --- nova-13.1.4/debian/patches/0001-Add-http_proxy_to_wsgi-to-api-paste.patch 1969-12-31 16:00:00.000000000 -0800 +++ nova-13.1.4/debian/patches/0001-Add-http_proxy_to_wsgi-to-api-paste.patch 2017-11-20 16:49:58.000000000 -0800 @@ -0,0 +1,50 @@ +From 09410e8705f528dd4bdb86930bf0597ebbb47c02 Mon Sep 17 00:00:00 2001 +From: Juan Antonio Osorio Robles +Date: Thu, 19 May 2016 15:10:22 +0300 +Subject: [PATCH 1/2] Add http_proxy_to_wsgi to api-paste + +This sets up the HTTPProxyToWSGI middleware in front of Nova-API. The +purpose of thise middleware is to set up the request URL correctly in +case there is a proxy (For instance, a loadbalancer such as HAProxy) +in front of Nova. + +So, for instance, when TLS connections are being terminated in the +proxy, and one tries to get the versions from the / resource of +Nova, one will notice that the protocol is incorrect; It will show +'http' instead of 'https'. So this middleware handles such cases. +Thus helping Keystone discovery work correctly. + +The HTTPProxyToWSGI is off by default and needs to be enabled via a +configuration value. + +Change-Id: Ia78f73e96585ab33a379a0b0be6d9682f7fbd810 +Closes-Bug: #1573766 +--- + etc/nova/api-paste.ini | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +Origin: upstream, https://git.openstack.org/cgit/openstack/nova/commit/?id=b609a3b32ee8e68cef7e66fabff07ca8ad6d4649 +Bug-Ubuntu: https://bugs.launchpad.net/nova/+bug/1573766 +Index: nova-13.1.4/etc/nova/api-paste.ini +=================================================================== +--- nova-13.1.4.orig/etc/nova/api-paste.ini ++++ nova-13.1.4/etc/nova/api-paste.ini +@@ -70,6 +70,9 @@ paste.filter_factory = nova.api.openstac + [filter:sizelimit] + paste.filter_factory = oslo_middleware:RequestBodySizeLimiter.factory + ++[filter:http_proxy_to_wsgi] ++paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory ++ + [filter:legacy_v2_compatible] + paste.filter_factory = nova.api.openstack:LegacyV2CompatibleWrapper.factory + +@@ -80,7 +83,7 @@ paste.app_factory = nova.api.openstack.c + paste.app_factory = nova.api.openstack.compute:APIRouterV21.factory + + [pipeline:oscomputeversions] +-pipeline = faultwrap oscomputeversionapp ++pipeline = faultwrap http_proxy_to_wsgi oscomputeversionapp + + [app:oscomputeversionapp] + paste.app_factory = nova.api.openstack.compute.versions:Versions.factory diff -Nru nova-13.1.4/debian/patches/0002-Add-proxy-middleware-to-application-pipeline.patch nova-13.1.4/debian/patches/0002-Add-proxy-middleware-to-application-pipeline.patch --- nova-13.1.4/debian/patches/0002-Add-proxy-middleware-to-application-pipeline.patch 1969-12-31 16:00:00.000000000 -0800 +++ nova-13.1.4/debian/patches/0002-Add-proxy-middleware-to-application-pipeline.patch 2017-11-20 16:50:16.000000000 -0800 @@ -0,0 +1,44 @@ +From 45bfee8dddd046df8c833d9fcfab9789bf88c932 Mon Sep 17 00:00:00 2001 +From: Juan Antonio Osorio Robles +Date: Mon, 30 May 2016 08:12:20 +0300 +Subject: [PATCH 2/2] Add proxy middleware to application pipeline + +Recently the http_proxy_to_wsgi middleware was added before the +versions resource; This correctly sets the URL scheme for keystone +version discovery, however, this is missing the URL schemes for +pagination URLs. So for this to work, the middleware needs to be +added to the application pipelines. Note that a similar commit +was done in cinder [1]. + +[1] If5aab9cc25a2e7c66a0bb13b5f7488a667b30309 + +Change-Id: I808469f24066d382decf55b9dad5312d6e068da7 +Closes-Bug: #1573766 +--- + etc/nova/api-paste.ini | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +Origin: upstream, https://git.openstack.org/cgit/openstack/nova/commit/?id=6051f30a7e61c32833667d3079744b2d4fd1ce7c +Bug-Ubuntu: https://bugs.launchpad.net/nova/+bug/1573766 +Index: nova-13.1.4/etc/nova/api-paste.ini +=================================================================== +--- nova-13.1.4.orig/etc/nova/api-paste.ini ++++ nova-13.1.4/etc/nova/api-paste.ini +@@ -44,13 +44,13 @@ keystone_nolimit = cors compute_req_id f + + [composite:openstack_compute_api_v21] + use = call:nova.api.auth:pipeline_factory_v21 +-noauth2 = cors compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21 +-keystone = cors compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21 ++noauth2 = cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21 ++keystone = cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21 + + [composite:openstack_compute_api_v21_legacy_v2_compatible] + use = call:nova.api.auth:pipeline_factory_v21 +-noauth2 = cors compute_req_id faultwrap sizelimit noauth2 legacy_v2_compatible osapi_compute_app_v21 +-keystone = cors compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_v2_compatible osapi_compute_app_v21 ++noauth2 = cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit noauth2 legacy_v2_compatible osapi_compute_app_v21 ++keystone = cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_v2_compatible osapi_compute_app_v21 + + [filter:request_id] + paste.filter_factory = oslo_middleware:RequestId.factory diff -Nru nova-13.1.4/debian/patches/series nova-13.1.4/debian/patches/series --- nova-13.1.4/debian/patches/series 2017-10-03 11:24:48.000000000 -0700 +++ nova-13.1.4/debian/patches/series 2017-11-20 16:48:12.000000000 -0800 @@ -13,3 +13,5 @@ libvirt-fix-incorrect-host-cpus-giving-to-emulator-t.patch make-sure-to-rebuild-claim-on-recreate.patch Send-events-to-all-relevant-hosts-if-migrating.patch +0001-Add-http_proxy_to_wsgi-to-api-paste.patch +0002-Add-proxy-middleware-to-application-pipeline.patch