OpenStack Heat

Can not install ca cert for instance using userdata

Bug #1643739 reported by huangtianhua on 2016-11-22

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Heat	Fix Released	Medium	huangtianhua	OpenStack Heat ocata-2

Bug Description

According the guidelines cloud-init supports to configure the trusted ca certificate for instance when booting: https://cloudinit.readthedocs.io/en/latest/topics/examples.html#configure-an-instances-trusted-ca-certificates

1. Create a stack with nova server (with an ubuntu image):
   #######################
   resources:
     my_server:
       type: OS::Nova::Server
       properties:
         ...
         user_data_format: SOFTWARE_CONFIG
         user_data: {get_file: ca.yaml}
    #######################
the snippet of ca.yaml:
    #cloud-config
    ca-certs:
      trusted:
      - |
        -----BEGIN CERTIFICATE-----
        ......
        -----END CERTIFICATE-----
2. the server is in active, login and found that the ca cert has not been installed.

Although we can figure it out by passing MultipartMime config to userdata, but for single userdata it's not easy to use.

huangtianhua (huangtianhua) on 2016-11-22

Changed in heat:
assignee:	nobody → huangtianhua (huangtianhua)
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-11-22: Fix proposed to heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/400464

Changed in heat:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-12-15: Fix merged to heat (master)

Reviewed: https://review.openstack.org/400464
Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=16be8bae3574b4ab331da7d66a3b1bac6737c19c
Submitter: Jenkins
Branch: master

commit 16be8bae3574b4ab331da7d66a3b1bac6737c19c
Author: huangtianhua <email address hidden>
Date: Mon Nov 21 16:09:50 2016 +0800

Do not set the mime-type for userdata

    We set the mime-type to 'x-shellscript' for all
    single userdata when user_data_format='SOFTWARE_CONFIG',
    it's incorrect, for example, if user create a server
    with a cloud-config userdata, we will set the mime-type to
    'x-shellscript', then cloud-init will consume the userdata
    as a shellscript and fail to execute.

    This change will improve this by not setting the mime-type
    and letting cloud-init figure it out from the first line
    in the file.

Closes-Bug: #1643739
Change-Id: If026884a95c58bb81a0f04ab415909011b1a5414

Changed in heat:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-12-15: Fix included in openstack/heat 8.0.0.0b2

This issue was fixed in the openstack/heat 8.0.0.0b2 development milestone.

huangtianhua (huangtianhua) on 2016-12-16

Changed in heat:
milestone:	none → ocata-2

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.