yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1744494] Re: Swift backend does not support insecure Keystone v3 with SSL

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Erno Kuvaja <jokke@xxxxxx>
Date: Fri, 20 Apr 2018 09:40:20 -0000
Reply-to: Bug 1744494 <1744494@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: glance-store
   Importance: Undecided
       Status: New

** Changed in: glance
   Importance: Undecided => Low

** Changed in: glance-store
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1744494

Title:
  Swift backend does not support insecure Keystone v3 with SSL

Status in Glance:
  New
Status in glance_store:
  New

Bug description:
  The swift glance_store client does not create an insecure auth client
  when using Keystone v3 with an unsigned cert delivering Swift service
  endpoints. With keystone authtoken insecure=true and
  swift_store_auth_insecure=true, Glance returns the following error
  when uploading a new image:

  http://paste.openstack.org/show/648868/

  glance-api_1 | 2018-01-20 19:50:43.409 208 ERROR glance.common.wsgi
  BackendException: Cannot find swift service endpoint : Unable to
  establish connection to https://192.168.1.44:35357/v3/auth/tokens:
  HTTPSConnectionPool(host='192.168.1.44', port=35357): Max retries
  exceeded with url: /v3/auth/tokens (Caused by SSLError(SSLError("bad
  handshake: Error([('SSL routines', 'tls_process_server_certificate',
  'certificate verify failed')],)",),))

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1744494/+subscriptions

References

[Bug 1744494] [NEW] Swift backend does not support insecure Keystone v3 with SSL
From: Chris Hoge, 2018-01-20