keystone charm does not use ssl_cert, ssl_key for configured SSL

Bug #1351401 reported by David Ames
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
keystone (Juju Charms Collection)
Fix Released
High
Edward Hope-Morley

Bug Description

The keystone charm does not use ssl_cert, ssl_key and ssl_ca for configured SSL. Although these are in config.yaml.
Also it is unable to set a specific common name.

get_cert_and_key() uses the locally created CA and never checks the configured values for SSL.

charmhelpers contrib ha apache's get_cert() does the right thing

The goal is to be able to use an SSL cert (say from GoDaddy) and specify the domain (keystone.mycloud.example.com)

Related branches

tags: added: openstack
affects: charms → keystone (Juju Charms Collection)
James Troup (elmo)
tags: added: is-bootstack
JuanJo Ciarlante (jjo)
tags: added: canonical-bootstack
removed: is-bootstack
Ante Karamatić (ivoks)
tags: added: cts
Revision history for this message
James Page (james-page) wrote :

Hi David

Right now provision for using specific common names is not present in the charm; any provided certificate would need to match the IP address of either the server itself, or the VIP if configured for HA.

Marking Confirmed for ignorance of configuration options - that does need fixing.

Changed in keystone (Juju Charms Collection):
status: New → Triaged
importance: Undecided → High
James Page (james-page)
Changed in keystone (Juju Charms Collection):
milestone: none → 15.04
Liang Chen (cbjchen)
Changed in keystone (Juju Charms Collection):
assignee: nobody → Liang Chen (cbjchen)
Changed in keystone (Juju Charms Collection):
assignee: Liang Chen (cbjchen) → Edward Hope-Morley (hopem)
Changed in keystone (Juju Charms Collection):
assignee: Edward Hope-Morley (hopem) → Liang Chen (cbjchen)
tags: added: backport-potential
Liang Chen (cbjchen)
Changed in keystone (Juju Charms Collection):
status: Triaged → In Progress
Changed in keystone (Juju Charms Collection):
assignee: Liang Chen (cbjchen) → Edward Hope-Morley (hopem)
Changed in keystone (Juju Charms Collection):
status: In Progress → Fix Committed
Changed in keystone (Juju Charms Collection):
status: Fix Committed → Fix Released
Changed in keystone (Juju Charms Collection):
milestone: 15.04 → 15.01
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.