Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / nova / d96a099eba266cbf891fbbe8ac1f844d8f5f2a27^! / .
commitd96a099eba266cbf891fbbe8ac1f844d8f5f2a27[log] [tgz]
authorOleksandr Shyshko <oshyshko@mirantis.com>Fri Mar 29 11:18:25 2019 +0000
committeroshyshko <oshyshko@mirantis.com>Mon Apr 01 16:27:41 2019 +0000
treef3faa328fbd3e9d60ed66bd2527212834bd4c8b1
parent047b3b1637b7e80f5d9e32f80cc064736ada24a8 [diff]
Added secure_proxy_ssl_header to nova.conf

  * The HTTP Header that will be used to determine what the
    original request protocol scheme was, even if it was hidden
    by a SSL termination proxy.

Change-Id: Ide2e0362b7c8fc056bc41c62a227e0537c08f0ba
Related-PROD: PROD-28987

diff --git a/README.rst b/README.rst
index 7bb9581..4a3b7ac 100644
--- a/README.rst
+++ b/README.rst

@@ -1231,6 +1231,18 @@
 You can read more about it here:
     https://docs.openstack.org/security-guide/databases/database-access-control.html
 
+Define config option which allows to use nova-api service behind proxy.(Only Mitaka)
+---------------------
+The HTTP Header that will be used to determine what the original request protocol
+scheme was, even if it was hidden by a SSL termination proxy.
+
+  nova:
+    controller:
+      secure_proxy_ssl_header: HTTP_X_FORWARDED_PROTO
+
+You can read more about it here:
+    https://docs.openstack.org/mitaka/config-reference/compute/config-options.html
+
 Nova database connection setup:
 ========
 
@@ -1278,8 +1290,6 @@
          username: nova
          password: pswd
 
-
-
 Upgrades
 ========
 

diff --git a/nova/files/mitaka/nova-controller.conf.Debian b/nova/files/mitaka/nova-controller.conf.Debian
index fb95af9..e42449e 100644
--- a/nova/files/mitaka/nova-controller.conf.Debian
+++ b/nova/files/mitaka/nova-controller.conf.Debian

@@ -1,5 +1,6 @@
 {%- from "nova/map.jinja" import controller with context %}
 [DEFAULT]
+secure_proxy_ssl_header = {{ controller.get('secure_proxy_ssl_header', 'HTTP_X_FORWARDED_PROTO') }}
 verbose = True
 log-dir = /var/log/nova
 {%- if controller.debug %}

diff --git a/tests/pillar/control_cluster.sls b/tests/pillar/control_cluster.sls
index cc88269..beccee3 100644
--- a/tests/pillar/control_cluster.sls
+++ b/tests/pillar/control_cluster.sls

@@ -13,6 +13,7 @@
     disk_allocation_ratio: 1.0
     workers: 8
     instance_build_timeout: 600
+    secure_proxy_ssl_header: HTTP_X_FORWARDED_PROTO
     bind:
       private_address: 127.0.0.1
       public_address: 127.0.0.1

diff --git a/tests/pillar/control_single.sls b/tests/pillar/control_single.sls
index 467d4b0..42300f4 100644
--- a/tests/pillar/control_single.sls
+++ b/tests/pillar/control_single.sls

@@ -26,6 +26,7 @@
     disk_allocation_ratio: 1.0
     workers: 8
     nfs_mount_options: 'vers=3,lookupcache=pos'
+    secure_proxy_ssl_header: HTTP_X_FORWARDED_PROTO
     bind:
       private_address: 127.0.0.1
       public_address: 127.0.0.1