Doesn't deal with configured certfile parameter correctly.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Sahara |
Fix Released
|
High
|
Andrew Lazarev |
Bug Description
When running sahara cluster-list behind a mitm proxy, ssl certs aren't handled appropriately by the server.
I get this error in sahara.log:
NetworkError: Unable to communicate with keystone
This also occurs when running sahara cluster-create, when sahara encounters errors communicating with nova.
I was able to workaround this by modifying sahara/main.py and /sahara/
I added the line "cafile=
Also, I added the line "cacert=ca_file" here in order to pass the cacert parameter into novaclient:
https:/
For me, this allowed the sahara-api server to correctly use the cacert file when making queries to keystone or nova.
What is the intended way to use a cacert file? Is this a bug, or am I missing the correct way to configure sahara?
Changed in sahara: | |
milestone: | none → kilo-2 |
status: | Confirmed → Triaged |
Changed in sahara: | |
milestone: | kilo-2 → kilo-3 |
milestone: | kilo-3 → none |
milestone: | none → kilo-2 |
Changed in sahara: | |
status: | Fix Committed → Fix Released |
Changed in sahara: | |
milestone: | kilo-2 → 2015.1.0 |
It looks like this is a bug. Other projects pass cacert to all clients.