← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1612644] [NEW] not use ssl key and ca when connect to glance

 

Public bug reported:


had those errors when on compute node and set ssl_cert_file and ssl_key_file to a file name in nova.conf but it doesn't exist, https clinet should not use those , only ssl_ca_file is enough 
like 
https://github.com/openstack/nova/blob/master/nova/api/metadata/vendordata_dynamic.py#L69 - #L76

2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 3077, in _snapshot_instance
2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher     update_task_state)
2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/virt/zvm/driver.py", line 825, in snapshot
2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher     image_meta = image_service.show(context, image_href)
2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/image/glance.py", line 311, in show
2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher     _reraise_translated_image_exception(image_id)
2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/image/glance.py", line 607, in _reraise_translated_image_exception
2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher     six.reraise(new_exc, None, exc_trace)
2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/image/glance.py", line 309, in show
2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher     image = self._client.call(context, version, 'get', image_id)
2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/image/glance.py", line 228, in call
2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher     version)
2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/image/glance.py", line 209, in _create_onetime_client
2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher     self.use_ssl, version)
2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/image/glance.py", line 132, in _create_glance_client
2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher     sslutils.is_enabled(CONF)
2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/oslo_service/sslutils.py", line 44, in is_enabled
2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher     raise RuntimeError(_("Unable to find cert_file : %s") % cert_file)
2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher RuntimeError: Unable to find cert_file : /etc/nova/ssl/certs/nova.pem

** Affects: nova
     Importance: Low
     Assignee: jichenjc (jichenjc)
         Status: New

** Changed in: nova
     Assignee: (unassigned) => jichenjc (jichenjc)

** Changed in: nova
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1612644

Title:
  not use ssl key and ca when connect to glance

Status in OpenStack Compute (nova):
  New

Bug description:
  
  had those errors when on compute node and set ssl_cert_file and ssl_key_file to a file name in nova.conf but it doesn't exist, https clinet should not use those , only ssl_ca_file is enough 
  like 
  https://github.com/openstack/nova/blob/master/nova/api/metadata/vendordata_dynamic.py#L69 - #L76

  2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 3077, in _snapshot_instance
  2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher     update_task_state)
  2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/virt/zvm/driver.py", line 825, in snapshot
  2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher     image_meta = image_service.show(context, image_href)
  2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/image/glance.py", line 311, in show
  2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher     _reraise_translated_image_exception(image_id)
  2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/image/glance.py", line 607, in _reraise_translated_image_exception
  2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher     six.reraise(new_exc, None, exc_trace)
  2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/image/glance.py", line 309, in show
  2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher     image = self._client.call(context, version, 'get', image_id)
  2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/image/glance.py", line 228, in call
  2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher     version)
  2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/image/glance.py", line 209, in _create_onetime_client
  2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher     self.use_ssl, version)
  2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/nova/image/glance.py", line 132, in _create_glance_client
  2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher     sslutils.is_enabled(CONF)
  2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher   File "/usr/lib/python2.7/site-packages/oslo_service/sslutils.py", line 44, in is_enabled
  2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher     raise RuntimeError(_("Unable to find cert_file : %s") % cert_file)
  2016-08-11 10:53:19.924 11266 ERROR oslo_messaging.rpc.dispatcher RuntimeError: Unable to find cert_file : /etc/nova/ssl/certs/nova.pem

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1612644/+subscriptions


Follow ups