Blazar

Internal TLS is not supported

Bug #2045281 reported by Pierre Riteau
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Blazar
Fix Released
High
Matt Crees
Blazar caracal-3

Bug Description

Blazar cannot be deployed on OpenStack clouds that are using internal/admin endpoints protected with HTTPS.

Pierre Riteau (priteau)
Changed in blazar:
status: New → Confirmed
importance: Undecided → High
assignee: nobody → Pierre Riteau (priteau)
OpenStack Infra (hudson-openstack)
Changed in blazar:
status: Confirmed → In Progress
Pierre Riteau (priteau)
Changed in blazar:
assignee: Pierre Riteau (priteau) → Matt Crees (mattcrees)
milestone: none → caracal-3
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to blazar (master)

Reviewed: https://review.opendev.org/c/openstack/blazar/+/903586
Committed: https://opendev.org/openstack/blazar/commit/0481ad4ad9d72b9d65d42ef2d489b653c9f76bed
Submitter: "Zuul (22348)"
Branch: master

commit 0481ad4ad9d72b9d65d42ef2d489b653c9f76bed
Author: Matt Crees <email address hidden>
Date: Wed Dec 13 11:48:16 2023 +0000

    Add support for specifying a custom CA bundle

    Adds the new config option ``cafile``, which is passed into the
    Session invocations for SSL verification.

    Partial-Bug: #2045281

    Change-Id: I2ec5bc7ac929534175d380d2e3e535a5e7abd962

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to blazar (stable/2023.2)

Fix proposed to branch: stable/2023.2
Review: https://review.opendev.org/c/openstack/blazar/+/907276

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to blazar (stable/2023.1)

Fix proposed to branch: stable/2023.1
Review: https://review.opendev.org/c/openstack/blazar/+/907277

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to blazar (stable/zed)

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/blazar/+/907278

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to blazar (stable/yoga)

Fix proposed to branch: stable/yoga
Review: https://review.opendev.org/c/openstack/blazar/+/907279

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to blazar (stable/2023.2)

Reviewed: https://review.opendev.org/c/openstack/blazar/+/907276
Committed: https://opendev.org/openstack/blazar/commit/ff6b1f14d887253dc0bbca9712c91cfefba93270
Submitter: "Zuul (22348)"
Branch: stable/2023.2

commit ff6b1f14d887253dc0bbca9712c91cfefba93270
Author: Matt Crees <email address hidden>
Date: Wed Dec 13 11:48:16 2023 +0000

    Add support for specifying a custom CA bundle

    Adds the new config option ``cafile``, which is passed into the
    Session invocations for SSL verification.

    Partial-Bug: #2045281

    Change-Id: I2ec5bc7ac929534175d380d2e3e535a5e7abd962
    (cherry picked from commit 0481ad4ad9d72b9d65d42ef2d489b653c9f76bed)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to blazar (stable/2023.1)

Reviewed: https://review.opendev.org/c/openstack/blazar/+/907277
Committed: https://opendev.org/openstack/blazar/commit/aa2451eee9d125c188de758fcae980cc29c860a5
Submitter: "Zuul (22348)"
Branch: stable/2023.1

commit aa2451eee9d125c188de758fcae980cc29c860a5
Author: Matt Crees <email address hidden>
Date: Wed Dec 13 11:48:16 2023 +0000

    Add support for specifying a custom CA bundle

    Adds the new config option ``cafile``, which is passed into the
    Session invocations for SSL verification.

    Partial-Bug: #2045281

    Change-Id: I2ec5bc7ac929534175d380d2e3e535a5e7abd962
    (cherry picked from commit 0481ad4ad9d72b9d65d42ef2d489b653c9f76bed)

tags: added: in-stable-zed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to blazar (stable/zed)

Reviewed: https://review.opendev.org/c/openstack/blazar/+/907278
Committed: https://opendev.org/openstack/blazar/commit/b826d6dcf72948bdf8ede9c246014b8e60e6c169
Submitter: "Zuul (22348)"
Branch: stable/zed

commit b826d6dcf72948bdf8ede9c246014b8e60e6c169
Author: Matt Crees <email address hidden>
Date: Wed Dec 13 11:48:16 2023 +0000

    Add support for specifying a custom CA bundle

    Adds the new config option ``cafile``, which is passed into the
    Session invocations for SSL verification.

    Partial-Bug: #2045281

    Change-Id: I2ec5bc7ac929534175d380d2e3e535a5e7abd962
    (cherry picked from commit 0481ad4ad9d72b9d65d42ef2d489b653c9f76bed)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to blazar (stable/yoga)

Reviewed: https://review.opendev.org/c/openstack/blazar/+/907279
Committed: https://opendev.org/openstack/blazar/commit/f1f40a51c1686df5569a23ba23d8161cb14c500e
Submitter: "Zuul (22348)"
Branch: stable/yoga

commit f1f40a51c1686df5569a23ba23d8161cb14c500e
Author: Matt Crees <email address hidden>
Date: Wed Dec 13 11:48:16 2023 +0000

    Add support for specifying a custom CA bundle

    Adds the new config option ``cafile``, which is passed into the
    Session invocations for SSL verification.

    Partial-Bug: #2045281

    Change-Id: I2ec5bc7ac929534175d380d2e3e535a5e7abd962
    (cherry picked from commit 0481ad4ad9d72b9d65d42ef2d489b653c9f76bed)

tags: added: in-stable-yoga
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to blazar-dashboard (master)

Reviewed: https://review.opendev.org/c/openstack/blazar-dashboard/+/908567
Committed: https://opendev.org/openstack/blazar-dashboard/commit/86f5b9012e99fee05ab52ed606e4348324715afc
Submitter: "Zuul (22348)"
Branch: master

commit 86f5b9012e99fee05ab52ed606e4348324715afc
Author: Matt Crees <email address hidden>
Date: Fri Feb 9 10:33:15 2024 +0000

    Support SSL verification in creating Blazar client

    Adds support for SSL verification when ``OPENSTACK_SSL_CACERT`` is set.
    Explicitly skips verification if ``OPENSTACK_SSL_NO_VERIFY`` is set.

    This also switches to Session-based instantiation for the Blazar client,
    away from the deprecated url+token method.

    Closes-Bug: #2045281

    Change-Id: I94aad7590b1e42ddfa1a20fdb184ca4d73587cd6

Changed in blazar:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to blazar-dashboard (stable/2023.2)

Fix proposed to branch: stable/2023.2
Review: https://review.opendev.org/c/openstack/blazar-dashboard/+/908924

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to blazar-dashboard (stable/2023.1)

Fix proposed to branch: stable/2023.1
Review: https://review.opendev.org/c/openstack/blazar-dashboard/+/908925

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to blazar-dashboard (stable/zed)

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/blazar-dashboard/+/908926

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to blazar-dashboard (stable/2023.2)

Reviewed: https://review.opendev.org/c/openstack/blazar-dashboard/+/908924
Committed: https://opendev.org/openstack/blazar-dashboard/commit/5e1793d28d8940923eb11afc858a6c09f9e52c3e
Submitter: "Zuul (22348)"
Branch: stable/2023.2

commit 5e1793d28d8940923eb11afc858a6c09f9e52c3e
Author: Matt Crees <email address hidden>
Date: Fri Feb 9 10:33:15 2024 +0000

    Support SSL verification in creating Blazar client

    Adds support for SSL verification when ``OPENSTACK_SSL_CACERT`` is set.
    Explicitly skips verification if ``OPENSTACK_SSL_NO_VERIFY`` is set.

    This also switches to Session-based instantiation for the Blazar client,
    away from the deprecated url+token method.

    Closes-Bug: #2045281

    Change-Id: I94aad7590b1e42ddfa1a20fdb184ca4d73587cd6
    (cherry picked from commit 86f5b9012e99fee05ab52ed606e4348324715afc)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to blazar-dashboard (stable/2023.1)

Reviewed: https://review.opendev.org/c/openstack/blazar-dashboard/+/908925
Committed: https://opendev.org/openstack/blazar-dashboard/commit/5a04368c1e3c05afc46db521442bef4686eb18f2
Submitter: "Zuul (22348)"
Branch: stable/2023.1

commit 5a04368c1e3c05afc46db521442bef4686eb18f2
Author: Matt Crees <email address hidden>
Date: Fri Feb 9 10:33:15 2024 +0000

    Support SSL verification in creating Blazar client

    Adds support for SSL verification when ``OPENSTACK_SSL_CACERT`` is set.
    Explicitly skips verification if ``OPENSTACK_SSL_NO_VERIFY`` is set.

    This also switches to Session-based instantiation for the Blazar client,
    away from the deprecated url+token method.

    Closes-Bug: #2045281

    Change-Id: I94aad7590b1e42ddfa1a20fdb184ca4d73587cd6
    (cherry picked from commit 86f5b9012e99fee05ab52ed606e4348324715afc)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to blazar-dashboard (stable/zed)

Reviewed: https://review.opendev.org/c/openstack/blazar-dashboard/+/908926
Committed: https://opendev.org/openstack/blazar-dashboard/commit/ac7151a20837fb3d3595b134bb8e2448f092f933
Submitter: "Zuul (22348)"
Branch: stable/zed

commit ac7151a20837fb3d3595b134bb8e2448f092f933
Author: Matt Crees <email address hidden>
Date: Fri Feb 9 10:33:15 2024 +0000

    Support SSL verification in creating Blazar client

    Adds support for SSL verification when ``OPENSTACK_SSL_CACERT`` is set.
    Explicitly skips verification if ``OPENSTACK_SSL_NO_VERIFY`` is set.

    This also switches to Session-based instantiation for the Blazar client,
    away from the deprecated url+token method.

    Closes-Bug: #2045281

    Change-Id: I94aad7590b1e42ddfa1a20fdb184ca4d73587cd6
    (cherry picked from commit 86f5b9012e99fee05ab52ed606e4348324715afc)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/blazar-dashboard 11.0.0.0rc1

This issue was fixed in the openstack/blazar-dashboard 11.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.