os-*-hostname + https-service-endpoints are not compatible (mismatch between apache config and cert/key filenames)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Keystone Charm |
Won't Fix
|
High
|
Unassigned |
Bug Description
I see other SSL bugs but none are exactly what I am experiencing. I am using JUJU 2.2.1 and keystone 267.
When you enable SSL (https-
clip from openstack_
SSLCertific
SSLCertific
SSLCertific
SSLCertific
SSLCertific
SSLCertific
files in the ssl directory
root@juju-
total 32
dr-xr-xr-x 2 root root 4096 Jul 10 19:21 ./
dr-xr-xr-x 3 root root 4096 Jul 10 19:20 ../
-r--r--r-- 1 root root 1147 Jul 10 20:00 cert_glanceadmi
-r--r--r-- 1 root root 1139 Jul 10 20:00 cert_glancepubl
-r--r--r-- 1 root root 1151 Jul 10 20:00 cert_glanceinte
-r--r--r-- 1 root root 1708 Jul 10 20:00 key_glanceadmin
-r--r--r-- 1 root root 1704 Jul 10 20:00 key_glancepubli
-r--r--r-- 1 root root 1704 Jul 10 20:00 key_glanceinter
I can manually alter the name of the file or the apache config and it will work but it does not survive a reboot. Maybe I am doing something wrong or this is a duplicate bug but I would like to help track it down, just let me know what I can do. I only use glance as an example. It impacts all other services as well like NCC, Cinder etc.
Related branches
- Alex Kavanagh (community): Approve
-
Diff: 111 lines (+51/-10)2 files modifiedcharmhelpers/contrib/openstack/context.py (+18/-8)
tests/contrib/openstack/test_os_contexts.py (+33/-2)
Changed in charm-keystone: | |
milestone: | 17.08 → 17.11 |
Changed in charm-keystone: | |
milestone: | 17.11 → 18.02 |
Changed in charm-keystone: | |
milestone: | 18.02 → 18.05 |
Changed in charm-keystone: | |
milestone: | 18.05 → 18.08 |
Hi Ben
I think I see what the issue is in the codebase but I need to know whether you're using the os-*-hostname configuration options on the glance charm - looking at the SSL certs and keys I think you are, and I also assume you're deployed in a HA configuration using VIP?
Marking 'Incomplete' pending your response.