glance_store

It's not possibile to pass the cacert to the swift store

Bug #1375857 reported by Andrea Rosa
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Fix Released
Wishlist
Ian Cordasco
Glance 2015.1.0 "kilo"
glance_store
Fix Released
Wishlist
Andrea Rosa
glance_store v0.1.11

Bug Description

The swift store device defined in the glance store doesn't allow to pass the ca cert file. When the driver creates a connection via the swift client it is not possible to pass that value.
That means that if we have swift running on TLS in some cases we have to set the insecure option equals to True as the client can't correctly complete the handshake as it fails on the verification of the cert.

The fix I'd like to propose is to add a new parameter to define the ca cert file and pass this value when we create the connection via the swift client.

Andrea Rosa (andrea-rosa-m)
Changed in glance:
assignee: nobody → Andrea Rosa (andrea-rosa-m)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to glance_store (master)

Fix proposed to branch: master
Review: https://review.openstack.org/125338

Changed in glance:
status: New → In Progress
Dolph Mathews (dolph)
tags: removed: swift
tags: added: security swift
Changed in glance:
importance: Undecided → Wishlist
Louis Taylor (kragniz)
affects: glance → glance-store
Ian Cordasco (icordasc)
Changed in glance:
status: New → Triaged
importance: Undecided → Wishlist
assignee: nobody → Ian Cordasco (icordasc)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to glance (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/145095

Ian Cordasco (icordasc)
Changed in glance:
status: Triaged → In Progress
Nikhil Komawar (nikhil-komawar)
Changed in glance-store:
milestone: none → v0.1.11
Changed in glance:
milestone: none → kilo-2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance_store (master)

Reviewed: https://review.openstack.org/125338
Committed: https://git.openstack.org/cgit/openstack/glance_store/commit/?id=6b2cdbf4e608e38a6471093c77e5dd5792ab8532
Submitter: Jenkins
Branch: master

commit 6b2cdbf4e608e38a6471093c77e5dd5792ab8532
Author: Andrea Rosa <email address hidden>
Date: Wed Oct 1 13:10:47 2014 +0100

    Define a new parameter to pass CA cert file

    This change adds a new parameter for the swift store driver that allows
    to speficy the name of the CA cert file to use in the SSL connections for
    verifying certificates. This parameter is passed to the swiftclient in
    the creation of the connection. The parameter is called "swift_store_cacert".
    This change corresponds to change
    I4cbfae3c1ac84d6c85875d34a58dd2a87ae85d6f in glance.

    Change-Id: I5b356170ec82d033204e22f79c862201400a0a31
    Closes-bug: 1375857
    DocImpact

Changed in glance:
status: In Progress → Fix Committed
Ian Cordasco (icordasc)
Changed in glance-store:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in glance:
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (master)

Reviewed: https://review.openstack.org/145095
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=4a78e854266e83f0a074e2447ce2837ee37393c5
Submitter: Jenkins
Branch: master

commit 4a78e854266e83f0a074e2447ce2837ee37393c5
Author: Ian Cordasco <email address hidden>
Date: Mon Jan 5 17:54:03 2015 -0600

    Add swift_store_cacert to config files and docs

    Change I5b356170ec82d033204e22f79c862201400a0a31 introduced a new
    swift_store configuration option. Prior to accepting that, it was
    determined that we needed to add it to the relevant configuration files
    and document the option.

    DocImpact

    Closes-bug: 1375857
    Change-Id: I4cbfae3c1ac84d6c85875d34a58dd2a87ae85d6f

Thierry Carrez (ttx)
Changed in glance:
milestone: kilo-2 → 2015.1.0
Doug Hellmann (doug-hellmann)
Changed in glance-store:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.