OpenStack Nova Cloud Controller Charm

Ocata - Placement API template does not support serving queries via HTTPS

Bug #1691818 reported by Ryan Beisner on 2017-05-18

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Nova Cloud Controller Charm	Fix Released	High	Unassigned	OpenStack Nova Cloud Controller Charm 17.08

Bug Description

Ocata placement api is not terminating an ssl endpoint in the stable/17.02 charm. A fix already exists at master. Proposing a cherry pick stable update.

See related:
https://review.openstack.org/#/c/431569
https://review.openstack.org/#/c/437685

Tags:

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-05-18: Fix proposed to charm-nova-cloud-controller (stable/17.02)

Fix proposed to branch: stable/17.02
Review: https://review.openstack.org/466073

Ryan Beisner (1chb1n) on 2017-05-18

Changed in charm-nova-cloud-controller:
importance:	Undecided → High
status:	New → Confirmed
milestone:	none → 17.08

Revision history for this message

James Hebden (ec0) wrote on 2017-05-18: Re: ocata placement api not terminating an ssl endpoint

Ideally we would like this to be sensitive to whether or not TLS is enabled and enable on the nova-placement-api vhost if enabled. Looking at the attached reviews, it seems that these changes move the placement-api vhost to being rendered via a context instead of a template, which will make it easier to do this, but I couldn't see specific code which enabled TLS on those vhost.

I have attached a quick and dirty modification that enables TLS, and I'd expect this to represent the end state of the nova placement API vhost config when the charm was configured with TLS enabled, but should not be configured this way if TLS certificates are not enabled.

tags:

added: canonical-bootstack

Ryan Beisner (1chb1n) on 2017-05-18

tags:

added: field
removed: canonical-bootstack

James Hebden (ec0) on 2017-05-18

summary:

- ocata placement api not terminating an ssl endpoint
+ Ocata - Placement API template does not support serving queries via
+ HTTPS

Ryan Beisner (1chb1n) on 2017-05-30

tags:

added: canonical-bootstack
removed: field

Ryan Beisner (1chb1n) on 2017-05-30

tags:

added: adrastea

Revision history for this message

David Ames (thedac) wrote on 2017-05-31:

Just to make this clear, the fix for this bug is in master and is in the process of being backported:

https://review.openstack.org/#/c/431569
https://review.openstack.org/#/c/437685

Changed in charm-nova-cloud-controller:
status:	Confirmed → In Progress
status:	In Progress → Fix Committed

James Page (james-page) on 2017-09-12

Changed in charm-nova-cloud-controller:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1691863

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.