yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #79595
[Bug 1744670] Re: In pike ssl deployment horizon cnt retrieve volumes/snapshots and service data via cinderclient
** Also affects: horizon
Importance: Undecided
Status: New
** Changed in: horizon
Status: New => Confirmed
** Changed in: horizon
Assignee: (unassigned) => Ivan Kolodyazhny (e0ne)
** Changed in: horizon
Importance: Undecided => Medium
** Changed in: python-cinderclient
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1744670
Title:
In pike ssl deployment horizon cnt retrieve volumes/snapshots and
service data via cinderclient
Status in OpenStack Dashboard (Horizon):
Confirmed
Status in keystoneauth:
Incomplete
Status in python-cinderclient:
Confirmed
Bug description:
Ops packages versions:
openstack-cinder.noarch 11.0.1-1.el7
openstack-dashboard.noarch 12.0.1-1.el7
openstack-glance.noarch 15.0.0-2.el7
openstack-keystone.noarch 12.0.0-1.el7
openstack-neutron.noarch 11.0.2-2.el7
openstack-neutron-common.noarch 11.0.2-2.el7
openstack-neutron-ml2.noarch 11.0.2-2.el7
openstack-nova-api.noarch 16.0.3-2.el7
openstack-nova-common.noarch 16.0.3-2.el7
openstack-nova-conductor.noarch 16.0.3-2.el7
openstack-nova-console.noarch 16.0.3-2.el7
openstack-nova-novncproxy.noarch 16.0.3-2.el7
openstack-nova-placement-api.noarch 16.0.3-2.el7
openstack-nova-scheduler.noarch 16.0.3-2.el7
python2-cinderclient.noarch 3.1.0-1.el7
Only after applying hard-coded links to certificate in cinder-client
and keystone, the dashboard starts working:
/cinderclient/client.py
if self.timeout:
kwargs.setdefault('timeout', self.timeout)
self.http_log_req((url, method,), kwargs)
resp = requests.request(
method,
url,
+ cert = ("/etc/keystone/ssl/certs/signing_cert.pem",
"/etc/keystone/ssl/private/signing_key.pem"),
verify=self.verify_cert,
**kwargs)
self.http_log_resp(resp)
/keystoneauth1/session.py
def __init__(self, auth=None, session=None, original_ip=None, verify=True,
cert=None, timeout=None, user_agent=None,
redirect=_DEFAULT_REDIRECT_LIMIT, additional_headers=None,
app_name=None, app_version=None, additional_user_agent=None,
discovery_cache=None):
self.auth = auth
self.session = _construct_session(session)
self.original_ip = original_ip
self.verify = verify
- self.cert = cert
+ self.cert = ("/etc/keystone/ssl/certs/signing_cert.pem",
"/etc/keystone/ssl/private/signing_key.pem")
self.timeout = None
self.redirect = redirect
self.additional_headers = additional_headers or {}
self.app_name = app_name
self.app_version = app_version
self.additional_user_agent = additional_user_agent or []
self._determined_user_agent = None
if discovery_cache is None:
discovery_cache = {}
self._discovery_cache = discovery_cache
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1744670/+subscriptions