← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1744670] Re: In pike ssl deployment horizon cnt retrieve volumes/snapshots and service data via cinderclient

 

** Also affects: horizon
   Importance: Undecided
       Status: New

** Changed in: horizon
       Status: New => Confirmed

** Changed in: horizon
     Assignee: (unassigned) => Ivan Kolodyazhny (e0ne)

** Changed in: horizon
   Importance: Undecided => Medium

** Changed in: python-cinderclient
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1744670

Title:
  In pike ssl deployment horizon cnt retrieve volumes/snapshots and
  service data via cinderclient

Status in OpenStack Dashboard (Horizon):
  Confirmed
Status in keystoneauth:
  Incomplete
Status in python-cinderclient:
  Confirmed

Bug description:
  Ops packages versions:
  openstack-cinder.noarch             11.0.1-1.el7
  openstack-dashboard.noarch          12.0.1-1.el7
  openstack-glance.noarch             15.0.0-2.el7
  openstack-keystone.noarch           12.0.0-1.el7
  openstack-neutron.noarch            11.0.2-2.el7
  openstack-neutron-common.noarch     11.0.2-2.el7
  openstack-neutron-ml2.noarch        11.0.2-2.el7
  openstack-nova-api.noarch           16.0.3-2.el7
  openstack-nova-common.noarch        16.0.3-2.el7
  openstack-nova-conductor.noarch     16.0.3-2.el7
  openstack-nova-console.noarch       16.0.3-2.el7
  openstack-nova-novncproxy.noarch    16.0.3-2.el7
  openstack-nova-placement-api.noarch 16.0.3-2.el7
  openstack-nova-scheduler.noarch     16.0.3-2.el7
  python2-cinderclient.noarch         3.1.0-1.el7

  Only after applying hard-coded links to certificate in cinder-client
  and keystone, the dashboard starts working:

  /cinderclient/client.py

          if self.timeout:
              kwargs.setdefault('timeout', self.timeout)
          self.http_log_req((url, method,), kwargs)
          resp = requests.request(
              method,
              url,
  +           cert = ("/etc/keystone/ssl/certs/signing_cert.pem",
              "/etc/keystone/ssl/private/signing_key.pem"),
              verify=self.verify_cert,
              **kwargs)
          self.http_log_resp(resp)

  /keystoneauth1/session.py

      def __init__(self, auth=None, session=None, original_ip=None, verify=True,
                   cert=None, timeout=None, user_agent=None,
                   redirect=_DEFAULT_REDIRECT_LIMIT, additional_headers=None,
                   app_name=None, app_version=None, additional_user_agent=None,
                   discovery_cache=None):

          self.auth = auth
          self.session = _construct_session(session)
          self.original_ip = original_ip
          self.verify = verify
  -       self.cert = cert
  +       self.cert = ("/etc/keystone/ssl/certs/signing_cert.pem",
          "/etc/keystone/ssl/private/signing_key.pem")
          self.timeout = None
          self.redirect = redirect
          self.additional_headers = additional_headers or {}
          self.app_name = app_name
          self.app_version = app_version
          self.additional_user_agent = additional_user_agent or []
          self._determined_user_agent = None
          if discovery_cache is None:
              discovery_cache = {}
          self._discovery_cache = discovery_cache

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1744670/+subscriptions