tripleo

Construction of websocket URL is incorrect if SSL is enabled on Undercloud

Bug #1621639 reported by Dan Trainor
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
Honza Pokorny

Bug Description

When SSL is enabled on the Undercloud, logic handling the encrypted Zaqar websocket URL generates an unusable uri. The URI becomes wss:// to indicate a secure websocket connection, but there is no way to change the port number. Instead, the UI defaults to using a URI of wss://<undercloud host>:<port UI is running on>.

This was discovered by running the UI on a virtual host that Apahce is proxying with mod_proxy. In this case, mod_proxy is proxying port 3005 to the UI's gulp server, which listens on port 3000. In this case, the websocket URL should not be wss://<undercloud host>:3500, but in fact, wss://<undercloud host>:9000.

In addition, under these same conditions, the zaqar_websocket_url value as defined in dist/js/tripleo_ui_config.js does not get used.

Tags: ui
Revision history for this message
Jiri Tomasek (jtomasek) wrote :

Currently the GUI uses zaqar websocket url from tripleo_ui_config.js and if it is not specified there it defaults to ws://${location.hostname}:9000 so it should never try to connect to GUI app port.

GUI needs to update it's code to use websocket url from keystone auth response since that url is now available in endpoints list.

Jason E. Rist (jason-rist)
Changed in tripleo:
importance: Undecided → High
status: New → Triaged
Honza Pokorny (hpokorny)
Changed in tripleo:
assignee: nobody → Honza Pokorny (hpokorny)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-ui (master)

Fix proposed to branch: master
Review: https://review.openstack.org/372499

Changed in tripleo:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-ui (master)

Reviewed: https://review.openstack.org/372499
Committed: https://git.openstack.org/cgit/openstack/tripleo-ui/commit/?id=e9765d8b5608990acc6d1b234ece1ea6704c5a8d
Submitter: Jenkins
Branch: master

commit e9765d8b5608990acc6d1b234ece1ea6704c5a8d
Author: Honza Pokorny <email address hidden>
Date: Mon Sep 19 10:36:08 2016 -0300

    Retrieve zaqar websocket url from keystone

    Instead of hardcoding a value, let's try and retrieve it from keystone.
    This will ensure that we're using the correct url in an SSL-enabled
    scenario.

    Furthermore, this brings the zaqar API service to a consistent state
    with the other services.

    Change-Id: I70f0056688b8f3a6fa2e5bb508b13c9af953b489
    Closes-bug: #1621639

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-ui 1.0.3

This issue was fixed in the openstack/tripleo-ui 1.0.3 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.