python-ceilometerclient: Fail to load SSL certificate
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| python-ceilometerclient |
Triaged
|
High
|
Dina Belova | ||
Bug Description
Icehouse 2014.1.1 on Debian running Ceilometer
Client version: 1.0.9-1
HAproxy does binding between public world and internal network to secure API traffic only between clients & load balancers.
Ceilometer API servers run within internal network using HTTP.
HAproxy does SSL termination for Ceilometer binding to support SSL from public world <-> load-balancers.
When I run CLI, I face this error:
ceilometerclien
The SSL certificate IS NOT autosigned and is validated by a well-known CA.
All Keystone endpoints are set with HTTPS.
This environment works fine with other OpenStack services (i.e. Nova).
I can use the ceilometer CLI when specifying --insecure.
The .pem file in my HAproxy node contains the CRT, the KEY and the CA.
| Julien Danjou (jdanjou) wrote | #1 |
| Changed in ceilometer: | |
| status: | New → Triaged |
| importance: | Undecided → High |
| affects: | ceilometer → python-ceilometerclient |
| Changed in python-ceilometerclient: | |
| assignee: | nobody → Dina Belova (dbelova) |
| Martin Paulo (martin-paulo) wrote | #2 |
| Chris P (plockc) wrote | #3 |
Indeed,it works nice with curl. It's likely that httplib does not load any CA and therefore does not recognize the cert. We should switch to requests to fix that I guess.