yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1424549] Re: enlisting of nodes: seed_random fails due to self signed certificate

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Mike Pontillo <mike.pontillo@xxxxxxxxxxxxx>
Date: Mon, 19 Oct 2015 20:14:27 -0000
Reply-to: Bug 1424549 <1424549@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Actually, I'll go ahead and mark this "Triaged"; it *is* a real bug, it
just isn't as critical as we assumed.

To fix this bug, we should configure cloud-init to NOT call pollinate
during enlistment (to avoid this spurious error).

As a follow-on fix, it might be a good idea for cloud-init to fall back
to 'insecure" mode (or simply use the public CA roots in /etc/ssl/certs
rather than a pinned chain) and log this as a warning, if the pinned
certificate could not be validated.

** Also affects: cloud-init
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1424549

Title:
  enlisting of nodes: seed_random fails due to self signed certificate

Status in cloud-init:
  New
Status in MAAS:
  Triaged

Bug description:
  Using Maas 1.7.1 on trusty, the following error message in the MAAS
  provided ephemeral image for the step pollinate is executed:

  curl: SSL certificate problem: self signed certificate in certificate
  chain.

  This way random number generator is not initialized correctly.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1424549/+subscriptions