OpenStack DBaaS (Trove)

Trove not working when OpenStack uses "insecure" SSL certificates

Bug #1535895 reported by Vincent Untz on 2016-01-19

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack DBaaS (Trove)	Fix Released	Low	Tomasz	OpenStack DBaaS (Trove) next

Bug Description

If any of keystone, nova, cinder, heat, swift (any OpenStack component trove connects to) is using SSL but with certificates that cannot be verified (aka "insecure" certificates), then trove doesn't work.

There's no option to specify this in trove.conf.

I also quickly checked the code, and when we create the clients, we never pass the insecure flag.

Revision history for this message

Amrith Kumar (amrith) wrote on 2016-01-20:

Vincent, I've assigned to myself as the bug is unassigned. I've looked at this area recently and am happy to fix.

Changed in trove:
assignee:	nobody → Amrith (amrith)

Amrith Kumar (amrith) on 2016-01-26

Changed in trove:
milestone:	none → next
status:	New → Confirmed
importance:	Undecided → Low

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-01-26: Fix proposed to trove (master)

Fix proposed to branch: master
Review: https://review.openstack.org/272686

Changed in trove:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-04-04: Change abandoned on trove (master)

Change abandoned by amrith (<email address hidden>) on branch: master
Review: https://review.openstack.org/272686

OpenStack Infra (hudson-openstack) on 2016-12-14

Changed in trove:
assignee:	Amrith Kumar (amrith) → Thomas Bechtold (toabctl)

Revision history for this message

Thomas Bechtold (toabctl) wrote on 2016-12-14:

For Master, changeset is now https://review.openstack.org/#/c/410348/

OpenStack Infra (hudson-openstack) on 2017-11-06

Changed in trove:
assignee:	Thomas Bechtold (toabctl) → Tomasz (nowak2000)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-11-09: Fix merged to trove (master)

Reviewed: https://review.openstack.org/410348
Committed: https://git.openstack.org/cgit/openstack/trove/commit/?id=e155ba93b5249770890a34f021a93eef83a73d4c
Submitter: Zuul
Branch: master

commit e155ba93b5249770890a34f021a93eef83a73d4c
Author: Thomas Bechtold <email address hidden>
Date: Tue Dec 13 19:05:24 2016 +0100

Support insecure SSL when talking to services

    The certificates may not be known to Trove when doing requests
    to the different services so support insecure requests. This
    can be configured via the new config options

    - nova_api_insecure
    - cinder_api_insecure
    - neutron_api_insecure
    - swift_api_insecure

All new config parameters default to 'False' so nothing changes
if not explicitly configured.

This is useful if the services use SSL adn Trove wants to talk to theses
services without configuring the different certs.

Change-Id: Ib59abd1500baad132e5c9f53895fd1eca18ac4d7
Closes-Bug: #1535895

Changed in trove:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-01-25: Fix included in openstack/trove 9.0.0.0b3

This issue was fixed in the openstack/trove 9.0.0.0b3 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1649645

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.