yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #80748
[Bug 1744670] Re: In pike ssl deployment horizon cnt retrieve volumes/snapshots and service data via cinderclient
Reviewed: https://review.opendev.org/675894
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=285c51f7e1b27a786fa9684abdc489998285b4e2
Submitter: Zuul
Branch: master
commit 285c51f7e1b27a786fa9684abdc489998285b4e2
Author: Ivan Kolodyazhny <e0ne@xxxxxxxxx>
Date: Mon Aug 12 16:19:44 2019 +0300
Add custom SSL CA Cert support for api.cinder.get_microversion
api.cinder.get_microversion function now supports OPENSTACK_SSL_NO_VERIFY
and OPENSTACK_SSL_CACERT config options.
This depends on commit 4a3a2c3c9a89ccff4e64d3da96de5b0af4303840 in
python-cinderclient, so the minimum version of python-cinderclient
is bumped to 5.0.0.
NOTE(amotoki): The stretegy of backporting to stable branches needs
a discussion with the requirements team as we cannot bump the
minimum version (at least the major version bump is surprising).
Change-Id: I22c6c60e10d8e9328f7f1e0c24d6c74496ec1a71
Closes-Bug: 1744670
** Changed in: horizon
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1744670
Title:
In pike ssl deployment horizon cnt retrieve volumes/snapshots and
service data via cinderclient
Status in OpenStack Dashboard (Horizon):
Fix Released
Status in keystoneauth:
Incomplete
Status in python-cinderclient:
Confirmed
Bug description:
Ops packages versions:
openstack-cinder.noarch 11.0.1-1.el7
openstack-dashboard.noarch 12.0.1-1.el7
openstack-glance.noarch 15.0.0-2.el7
openstack-keystone.noarch 12.0.0-1.el7
openstack-neutron.noarch 11.0.2-2.el7
openstack-neutron-common.noarch 11.0.2-2.el7
openstack-neutron-ml2.noarch 11.0.2-2.el7
openstack-nova-api.noarch 16.0.3-2.el7
openstack-nova-common.noarch 16.0.3-2.el7
openstack-nova-conductor.noarch 16.0.3-2.el7
openstack-nova-console.noarch 16.0.3-2.el7
openstack-nova-novncproxy.noarch 16.0.3-2.el7
openstack-nova-placement-api.noarch 16.0.3-2.el7
openstack-nova-scheduler.noarch 16.0.3-2.el7
python2-cinderclient.noarch 3.1.0-1.el7
Only after applying hard-coded links to certificate in cinder-client
and keystone, the dashboard starts working:
/cinderclient/client.py
if self.timeout:
kwargs.setdefault('timeout', self.timeout)
self.http_log_req((url, method,), kwargs)
resp = requests.request(
method,
url,
+ cert = ("/etc/keystone/ssl/certs/signing_cert.pem",
"/etc/keystone/ssl/private/signing_key.pem"),
verify=self.verify_cert,
**kwargs)
self.http_log_resp(resp)
/keystoneauth1/session.py
def __init__(self, auth=None, session=None, original_ip=None, verify=True,
cert=None, timeout=None, user_agent=None,
redirect=_DEFAULT_REDIRECT_LIMIT, additional_headers=None,
app_name=None, app_version=None, additional_user_agent=None,
discovery_cache=None):
self.auth = auth
self.session = _construct_session(session)
self.original_ip = original_ip
self.verify = verify
- self.cert = cert
+ self.cert = ("/etc/keystone/ssl/certs/signing_cert.pem",
"/etc/keystone/ssl/private/signing_key.pem")
self.timeout = None
self.redirect = redirect
self.additional_headers = additional_headers or {}
self.app_name = app_name
self.app_version = app_version
self.additional_user_agent = additional_user_agent or []
self._determined_user_agent = None
if discovery_cache is None:
discovery_cache = {}
self._discovery_cache = discovery_cache
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1744670/+subscriptions
