ssl-ca is not being installed as a system cert
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Nova Cell Controller Charm |
New
|
Undecided
|
Unassigned |
Bug Description
When ssl_ca is supplied and the keystone endpoint is ssl enabled, we're getting a connection error in the nova-conductor.log:
2020-09-14 23:53:32.512 14614 CRITICAL nova [-] Unhandled error: keystoneauth1.
2020-09-14 23:53:32.512 14614 ERROR nova Traceback (most recent call last):
2020-09-14 23:53:32.512 14614 ERROR nova File "/usr/bin/
2020-09-14 23:53:32.512 14614 ERROR nova sys.exit(main())
2020-09-14 23:53:32.512 14614 ERROR nova File "/usr/lib/
2020-09-14 23:53:32.512 14614 ERROR nova topic=rpcapi.
2020-09-14 23:53:32.512 14614 ERROR nova File "/usr/lib/
2020-09-14 23:53:32.512 14614 ERROR nova periodic_
2020-09-14 23:53:32.512 14614 ERROR nova File "/usr/lib/
2020-09-14 23:53:32.512 14614 ERROR nova self.manager = manager_
2020-09-14 23:53:32.512 14614 ERROR nova File "/usr/lib/
2020-09-14 23:53:32.512 14614 ERROR nova self.compute_
2020-09-14 23:53:32.512 14614 ERROR nova File "/usr/lib/
2020-09-14 23:53:32.512 14614 ERROR nova self.report_client = report.
2020-09-14 23:53:32.512 14614 ERROR nova File "/usr/lib/
2020-09-14 23:53:32.512 14614 ERROR nova self._client = self._create_
2020-09-14 23:53:32.512 14614 ERROR nova File "/usr/lib/
2020-09-14 23:53:32.512 14614 ERROR nova client = self._adapter or utils.get_
2020-09-14 23:53:32.512 14614 ERROR nova File "/usr/lib/
2020-09-14 23:53:32.512 14614 ERROR nova return getattr(conn, service_type)
2020-09-14 23:53:32.512 14614 ERROR nova File "/usr/lib/
2020-09-14 23:53:32.512 14614 ERROR nova endpoint = proxy_mod.
2020-09-14 23:53:32.512 14614 ERROR nova File "/usr/lib/
2020-09-14 23:53:32.512 14614 ERROR nova return self.session.
2020-09-14 23:53:32.512 14614 ERROR nova File "/usr/lib/
2020-09-14 23:53:32.512 14614 ERROR nova auth = self._auth_
2020-09-14 23:53:32.512 14614 ERROR nova File "/usr/lib/
2020-09-14 23:53:32.512 14614 ERROR nova raise exceptions.
2020-09-14 23:53:32.512 14614 ERROR nova keystoneauth1.
2020-09-14 23:53:32.512 14614 ERROR nova
If I copy the cacert in and update certs, this error goes away:
$ juju scp secrets/
$ juju ssh nova-cell-
I can work around this issue by adding the cacert to cloudinit userdata:
cloudinit-userdata: |
ca-certs:
trusted:
- |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----