horizon_external_ssl: false causes horizon endpoint to fail with redirect error
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack-Ansible |
Confirmed
|
Medium
|
Unassigned | ||
Bug Description
According to the release notes:
" - In previous releases connections to Horizon originally terminated SSL
at the Horizon container. While that is still an option, SSL is now
assumed to be terminated at the load balancer. If you wish to terminate
SSL at the horizon node change the ``horizon_
**false**. "
I tried setting the horizon_
https:/
Using the web browser to access horizon resulted in an error message:
"The page isn’t redirecting properly".
I don't know a lot about what's causing this. I could be bad haproxy settings, or bad apache configurations. Please let me know if you need any more info.
| Changed in openstack-ansible: | |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
| Jesse Pretorius (jesse-pretorius) wrote | #1 |
| Travis Truman (travis-truman) wrote | #2 |
| summary: |
- horizon_external_ssl: flase causes horizon endpoint to fail with + horizon_external_ssl: false causes horizon endpoint to fail with redirect error |
It appears to me that it's not an option any more to terminate SSL at the horizon container. There is only the external_ssl option. So either we need to consider this a bug and patch it up to make it optional, or we need to add a known issue release note.
Considering that end-to-end SSL is a likely requirement (ie SSL to the LB, and SSL to the container) I think that catering for SSL at the container *and* SSL at the LB should ideally be possible.
To resolve this bug though, the simpler implementation of just one or the other would be fine. I think we have this implemented for the Keystone role, so it would be worth looking at that for prior art.