tripleo

undercloud endpoints are not set to https on if cert is not given but autogenerate is

Bug #1595402 reported by Juan Antonio Osorio Robles
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
Juan Antonio Osorio Robles
tripleo newton-3 "newton-3"

Bug Description

If we give the option to autogenerate certificates in the undercloud, but don't specify a service_certificate, the keystone public endpoints are not set to https. One thing to note is that the service certificate is not necessarily used if generate_certificate is set.

See original description
Juan Antonio Osorio Robles (juan-osorio-robles)
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to instack-undercloud (master)

Fix proposed to branch: master
Review: https://review.openstack.org/333121

Changed in tripleo:
assignee: nobody → Juan Antonio Osorio Robles (juan-osorio-robles)
status: New → In Progress
Swapnil Kulkarni (coolsvap-deactivatedaccount)
Changed in tripleo:
importance: Undecided → High
milestone: none → newton-2
OpenStack Infra (hudson-openstack)
Changed in tripleo:
assignee: Juan Antonio Osorio Robles (juan-osorio-robles) → Ben Nemec (bnemec)
Revision history for this message
Steven Hardy (shardy) wrote :

This is blocked on https://review.openstack.org/#/c/337736/ landing, deferring to n-3

Changed in tripleo:
milestone: newton-2 → newton-3
OpenStack Infra (hudson-openstack)
Changed in tripleo:
assignee: Ben Nemec (bnemec) → Juan Antonio Osorio Robles (juan-osorio-robles)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to instack-undercloud (master)

Reviewed: https://review.openstack.org/333121
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=7a0d831e6d382dd137ad645aa4b595abcf4f3335
Submitter: Jenkins
Branch: master

commit 7a0d831e6d382dd137ad645aa4b595abcf4f3335
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Thu Jun 23 09:07:06 2016 +0300

    Generate TLS endpoints if autogenerate cert is set

    If we set the certificate/key autogeneration flag, we don't
    necessarily use the undercloud_service_certificate from the
    configuration. So we need to take this into account when generating
    the keystone endpoints, as there are cases where they are http only
    even if we enable TLS.

    Change-Id: I9b30a39c441a728155c299fe2a1cec2328a8e1c5
    Closes-Bug: #1595402
    Depends-On: I3ee6b5838f4703e3b8b1b6632dd45c94057b2202

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to instack-undercloud (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/355432

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to instack-undercloud (stable/liberty)

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/355433

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on instack-undercloud (stable/mitaka)

Change abandoned by Juan Antonio Osorio Robles (<email address hidden>) on branch: stable/mitaka
Review: https://review.openstack.org/355432

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on instack-undercloud (stable/liberty)

Change abandoned by Juan Antonio Osorio Robles (<email address hidden>) on branch: stable/liberty
Review: https://review.openstack.org/355433

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/instack-undercloud 5.0.0.0b3

This issue was fixed in the openstack/instack-undercloud 5.0.0.0b3 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.