stsstack-bundles

lack of secure client connection

Bug #1893630 reported by Hua Zhang
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
stsstack-bundles
Fix Released
Undecided
Unassigned

Bug Description

After setting up an SSL env with the following command

./generate-bundle.sh -s xenial -r queens --create-model --name ssl:stsstack --num-compute 1 --ssl --nova-console --run

then we can run 'REQUESTS_CA_BUNDLE=/home/ubuntu/stsstack-bundles/openstack/ssl/openstack-ssl/results/cacert.pem openstack server list' and 'openstack --insecure server list', but we can't run 'openstack server list' directly.

$ REQUESTS_CA_BUNDLE=/home/ubuntu/stsstack-bundles/openstack/ssl/openstack-ssl/results/cacert.pem openstack server list

$ openstack --insecure server list

$ openstack server list
Failed to discover available identity versions when contacting https://10.5.100.2:5000/v3. Attempting to parse version from URL.
SSL exception connecting to https://10.5.100.2:5000/v3/auth/tokens: HTTPSConnectionPool(host='10.5.100.2', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

Related branches

~zhhuabj/stsstack-bundles:novarc_ssl
Edward Hope-Morley: Pending requested
Jolly Bundlers: Pending requested
Diff: 73 lines (+15/-3)
5 files modified
openstack/bin/neutron-ext-net-ksv3 (+4/-1)
openstack/bin/neutron-tenant-net-ksv3 (+4/-1)
openstack/bin/post-deploy-config (+5/-1)
openstack/novarc (+1/-0)
openstack/novarcv3_domain (+1/-0)
Edward Hope-Morley (hopem)
Changed in stsstack-bundles:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.