yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1179476] Re: Nova doesn't allow for a cacert file to be specified when calling cinder (Issue when using self signed certs)

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 29 May 2013 10:35:14 -0000
Reply-to: Bug 1179476 <1179476@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: nova
       Status: Fix Committed => Fix Released

** Changed in: nova
    Milestone: None => havana-1

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1179476

Title:
  Nova doesn't allow for a cacert file to be specified when calling
  cinder  (Issue when using self signed certs)

Status in OpenStack Compute (Nova):
  Fix Released

Bug description:
  nova/volume/cinder.py

      c = cinder_client.Client(context.user_id,
                               context.auth_token,
                               project_id=context.project_id,
                               auth_url=url,
                               insecure=CONF.cinder_api_insecure,
                               retries=CONF.cinder_http_retries)

  Cinder client allows for a cacert arg to be passed to Client(). If a
  cacert file isn't passed to cinder client then the python-request
  library uses the cacert file in it's path
  "/usr/share/pyshared/requests/cacert.pem" rather then the system
  default of "/etc/ssl/certs /ca-certificates.crt". This causes an issue
  if you are using self signed certs with a custom ca authority.

  Recommend(I will do the patch) to add a new flag to
  "nova/volume/cinder.py" where a cacert file can be passed to cinder
  Client().

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1179476/+subscriptions