OpenStack DBaaS (Trove)

allow an operator to provide a CA Cert for Trove Controller: support self-signed certificates on the openstack controller

Bug #1539182 reported by Amrith Kumar on 2016-01-28

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack DBaaS (Trove)	New	Undecided	Unassigned

Bug Description

Currently there's no way to provide the cacert to trove controller (and guest) so that self-signed certificates can be used.

Revision history for this message

Amrith Kumar (amrith) wrote on 2016-01-28:

Consider a scenario where an operator uses a self-signed certificate for their Nova, Cinder, Swift, Glance, ... service end points.

Then, if a client wants to connect to them on https:// and verify the identity etc as SSL requires, then they would need a CA Cert. Currently Trove controller has no way to use this, and it isn't just the 3 trove services but also the guest.

A blueprint on this will be forthcoming.

Revision history for this message

György Szombathelyi (gyurco) wrote on 2016-01-28:

I did something similar for cinder (keystoneclient in this case, but other clients have the cacert option, too):
https://review.openstack.org/#/c/272437/

Revision history for this message

Amrith Kumar (amrith) wrote on 2016-01-28:

@György there's a little bit more complexity in Trove because of the guest agent. Hence the BP.

Revision history for this message

György Szombathelyi (gyurco) wrote on 2016-01-29:

Yes, you're right, I forgot about it.

Amrith Kumar (amrith) on 2017-09-28

Changed in trove:
assignee:	Amrith Kumar (amrith) → nobody

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.