devstack

OS_CACERT is not exported after sourcing openrc

Bug #1760901 reported by Dr. Jens Harbott
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
devstack
Fix Released
High
Dr. Jens Harbott

Bug Description

The usual step to set up a proper authentication environment is to run

    . openrc user project

and it contains a section that is meant to set the OS_CACERT variable properly:

    # Set OS_CACERT to a default CA certificate chain if it exists.
    if [[ ! -v OS_CACERT ]] ; then
        DEFAULT_OS_CACERT=$INT_CA_DIR/ca-chain.pem
        # If the file does not exist, this may confuse preflight sanity checks
        if [ -e $DEFAULT_OS_CACERT ] ; then
            export OS_CACERT=$DEFAULT_OS_CACERT
        fi
    fi

However, OS_CACERT is contained in the list of variables to be saved into the .stackenv file, STACK_ENV_VARS. So since openrc sources .stackenv before the above block is executed, OS_CACERT is always set at that point, but will not get exported.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to devstack (master)

Fix proposed to branch: master
Review: https://review.openstack.org/558734

Changed in devstack:
assignee: nobody → Dr. Jens Harbott (j-harbott)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to devstack (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/573665

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to devstack (master)

Reviewed: https://review.openstack.org/558734
Committed: https://git.openstack.org/cgit/openstack-dev/devstack/commit/?id=87c0de5240d33cf053815d90ba8e766958f412bb
Submitter: Zuul
Branch: master

commit 87c0de5240d33cf053815d90ba8e766958f412bb
Author: Jens Harbott <email address hidden>
Date: Tue Apr 3 15:16:30 2018 +0000

    Export OS_CACERT after sourcing .stackenv file

    This makes sure that it is available to subprocesses like the other
    authentication data.

    Change-Id: I513b7c2620b171ce20a1ceb5536226f3a69f2b82
    Closes-Bug: 1760901

Changed in devstack:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to devstack (stable/pike)

Reviewed: https://review.openstack.org/573665
Committed: https://git.openstack.org/cgit/openstack-dev/devstack/commit/?id=0e80624191d3dde98858f93e7e34a29d6b83a948
Submitter: Zuul
Branch: stable/pike

commit 0e80624191d3dde98858f93e7e34a29d6b83a948
Author: Jens Harbott <email address hidden>
Date: Tue Apr 3 15:16:30 2018 +0000

    Export OS_CACERT after sourcing .stackenv file

    This makes sure that it is available to subprocesses like the other
    authentication data.

    Change-Id: I513b7c2620b171ce20a1ceb5536226f3a69f2b82
    Closes-Bug: 1760901

tags: added: in-stable-pike
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.