cannot import CA from vault
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Ceilometer Charm |
Fix Released
|
High
|
Frode Nordahl |
Bug Description
In deployments that use vault as a data store for certificates, charms are expected to be able to consume a 'tls-certificates' relation in order to receive CA certificates.
$ juju status --relations vault | grep cert
vault:certificates aodh:certificates tls-certificates regular
vault:certificates ceph-radosgw:
vault:certificates cinder:certificates tls-certificates regular
vault:certificates designate:
vault:certificates glance:certificates tls-certificates regular
vault:certificates gnocchi:
vault:certificates heat:certificates tls-certificates regular
vault:certificates keystone:
vault:certificates neutron-
vault:certificates nova-cloud-
vault:certificates openstack-
The ceilometer charm does not implement such a relation, and is thus unable to validate the keystone certificate.
The workaround is to explicitly set ssl_ca in the ceilometer charm for now.
tags: | added: cpe-onsite |
Changed in charm-ceilometer: | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → James Page (james-page) |
Changed in charm-ceilometer: | |
assignee: | James Page (james-page) → Frode Nordahl (fnordahl) |
Changed in charm-ceilometer: | |
milestone: | none → 19.04 |
Changed in charm-ceilometer: | |
status: | Fix Committed → Fix Released |
Subscribing field-high, this affects all new deployments using vault