Swift backend does not support insecure Keystone v3 with SSL

Bug #1744494 reported by Chris Hoge on 2018-01-20
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Low
Unassigned
glance_store
Low
Unassigned

Bug Description

The swift glance_store client does not create an insecure auth client when using Keystone v3 with an unsigned cert delivering Swift service endpoints. With keystone authtoken insecure=true and swift_store_auth_insecure=true, Glance returns the following error when uploading a new image:

http://paste.openstack.org/show/648868/

glance-api_1 | 2018-01-20 19:50:43.409 208 ERROR glance.common.wsgi BackendException: Cannot find swift service endpoint : Unable to establish connection to https://192.168.1.44:35357/v3/auth/tokens: HTTPSConnectionPool(host='192.168.1.44', port=35357): Max retries exceeded with url: /v3/auth/tokens (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))

Erno Kuvaja (jokke) on 2018-04-20
Changed in glance:
importance: Undecided → Low
Changed in glance-store:
importance: Undecided → Low
Changed in glance:
status: New → Triaged
Changed in glance-store:
status: New → Triaged

We were encountering the same issue recently in openstack-ansible queens. Looks like it was fixed in https://bugs.launchpad.net/glance-store/+bug/1606268 in master and rocky.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers