From cd55c8f4b22947348e6947ff93a6d66f836363a3 Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Wed, 22 Jul 2020 18:59:36 +0200 Subject: [PATCH] Fix some CloudKitty API responses when behind SSL Some CloudKitty API responses include a Location header using http instead of https. Seen with `openstack rating module enable hashmap`. Change-Id: I11158bbfd2006e3574e165b6afc9c223b018d4bc Closes-Bug: #1888544 --- ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 | 3 +++ .../notes/cloudkitty-proxy-headers-da4ea3297063e2e8.yaml | 5 +++++ 2 files changed, 8 insertions(+) create mode 100644 releasenotes/notes/cloudkitty-proxy-headers-da4ea3297063e2e8.yaml diff --git a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 index 2f377a681e..b450c7e46f 100644 --- a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 +++ b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 @@ -30,6 +30,9 @@ memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} +[oslo_middleware] +enable_proxy_headers_parsing = True + [oslo_concurrency] lock_path = /var/lib/cloudkitty/tmp diff --git a/releasenotes/notes/cloudkitty-proxy-headers-da4ea3297063e2e8.yaml b/releasenotes/notes/cloudkitty-proxy-headers-da4ea3297063e2e8.yaml new file mode 100644 index 0000000000..236bff141d --- /dev/null +++ b/releasenotes/notes/cloudkitty-proxy-headers-da4ea3297063e2e8.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes issues with some CloudKitty commands trying to connect to an external + TLS endpoint using HTTP. `LP#1888544 `__