OpenStack Glance Charm

Support of custom CA to verify S3 HTTPS endpoint

Bug #1936217 reported by Nobuto Murata on 2021-07-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Glance Charm	New	Undecided	Unassigned

Bug Description

Now we can use an external S3 backend for Glance as follows:
https://opendev.org/openstack/charm-glance#external-s3

However, when the S3 compatible storage's HTTPS endpoint is signed by a custom CA and if it's not the same custom CA with other OpenStack endpoints, then Glance will fail to connect to the storage with cert verification error.

An additional option to specify the custom CA for the S3 endpoint is required to support that scenario like other charms:
https://jaas.ai/gnocchi#charm-config-trusted-external-ca-cert
https://jaas.ai/u/openstack-charmers/trilio-data-mover#charm-config-tv-s3-ssl-cert

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.