Ceilometer

SSL verification failures some special deployments

Bug #1194046 reported by Ulrich Schwickerath
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Ceilometer
Fix Released
Medium
Julien Danjou
Ceilometer 2013.2 "havana"

Bug Description

Ceilometer currently does not seem to accept or pass the cacert argument to keystone-client. This results in some deployments (like ours) authentications with keystone to fail with SSL errors.

I'd like to propose the attached patch against ceilometer 2013.1.2 to cure this problem.

Revision history for this message
Ulrich Schwickerath (ulrich-schwickerath) wrote :
Julien Danjou (jdanjou)
Changed in ceilometer:
assignee: nobody → Julien Danjou (jdanjou)
importance: Undecided → Medium
status: New → Triaged
Julien Danjou (jdanjou)
Changed in ceilometer:
milestone: none → havana-3
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to ceilometer (master)

Fix proposed to branch: master
Review: https://review.openstack.org/38448

Changed in ceilometer:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ceilometer (master)

Reviewed: https://review.openstack.org/38448
Committed: http://github.com/openstack/ceilometer/commit/ede3cc0a70d39ec85e511095b82bc2ab54b27bd8
Submitter: Jenkins
Branch: master

commit ede3cc0a70d39ec85e511095b82bc2ab54b27bd8
Author: Julien Danjou <email address hidden>
Date: Wed Jul 24 12:26:15 2013 +0200

    Add support for CA authentication in Keystone

    Change-Id: Ida2240b5217509cbd4116b4d468848760354be18
    Fixes: bug #1194046

Changed in ceilometer:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in ceilometer:
status: Fix Committed → Fix Released
Revision history for this message
Julian Sternberg (jules-i) wrote :

This fix commit seems to bring another problem.

Let's asume you commet out os_cacert if you dont need ssl,
the SSL auth against keystone will be used anyways as default and fails against it because of no cert and throws this error message:

2013-09-28 01:12:50.328 8621 ERROR keystoneclient.middleware.auth_token [-] HTTP connection exception: [Errno 1] _ssl.c:504: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
2013-09-28 01:12:50.328 8621 WARNING keystoneclient.middleware.auth_token [-] Authorization failed for token <function <lambda> at 0x7fc0bf96fde8>
2013-09-28 01:12:50.328 8621 INFO keystoneclient.middleware.auth_token [-] Invalid user token - rejecting request

Revision history for this message
Julien Danjou (jdanjou) wrote :

I suggest you open a new bug report in this case Jules, otherwise we might miss this.

Revision history for this message
Julian Sternberg (jules-i) wrote :

Published a new bug report: bug #1232437

Thierry Carrez (ttx)
Changed in ceilometer:
milestone: havana-3 → 2013.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.