sahara broken if SSL enabled
Bug #1650284 reported by
Roman Sokolkov
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fuel for OpenStack |
Fix Committed
|
Medium
|
Stanislaw Bogatkin |
Bug Description
Sahara has two flags "public_
But Fuel puts there whole PEM file with: Key, Cert and cert chain. which is wrong and breaks Sahara cluster deployment with following error
http://
Right solution: put only cert and chain in pem file.
Steps to reproduce:
1) Deploy MOS with Sahara and own certificate (Put Key, cert and chain)
2) Try to deploy Sahara cluster with http://
Expected result:
Sahara cluster will be deployed
Actual result:
Sahara cluster fails with error above
tags: | added: area-library |
Changed in fuel: | |
importance: | Undecided → Medium |
assignee: | nobody → Stanislaw Bogatkin (sbogatkin) |
milestone: | none → 11.0 |
Changed in fuel: | |
importance: | Medium → High |
importance: | High → Medium |
status: | New → Confirmed |
To post a comment you must log in.
>Right solution: put only cert and chain in pem file.
It looks right only when you don't know that haproxy needs both key and cert in pem file and we use haproxy everywhere, for each service in cluster. We also did this for sahara in our default installation, but this behavior was broken in https:/ /github. com/openstack/ fuel-library/ commit/ 8966ed1bf7cc9b5 f883458c33375e9 9ad57bfea6 and it needs to fixed.