OpenStack Heat

SSL parameters for clients

Bug #1213122 reported by Stan Lagun on 2013-08-16

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Heat	Fix Released	Medium	Stan Lagun	OpenStack Heat 2014.1 "icehouse"

Bug Description

When Heat creates different clients for Nova, Cinder and others it doesn't pass SSL-related options to clients' constructor. If Nova is configured to have SSL endpoints and self-signed certificates Heat will fail to create instances because there is no way to disable server certificate validation as there is no "insecure" flag passed etc.

Tags:

Steven Hardy (shardy) on 2013-08-28

Changed in heat:
milestone:	none → havana-rc1

Steve Baker (steve-stevebaker) on 2013-09-11

Changed in heat:
importance:	Undecided → Medium
status:	New → Triaged

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-09-16: Fix proposed to heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/46697

Changed in heat:
assignee:	nobody → Stan Lagun (slagun)
status:	Triaged → In Progress

Steven Hardy (shardy) on 2013-09-24

Changed in heat:
milestone:	havana-rc1 → icehouse-1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-10-31:

Fix proposed to branch: master
Review: https://review.openstack.org/54686

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-11-24: Fix merged to heat (master)

Reviewed: https://review.openstack.org/54686
Committed: http://github.com/openstack/heat/commit/838bdfc1589433e33d4862869765a010c7a857fd
Submitter: Jenkins
Branch: master

commit 838bdfc1589433e33d4862869765a010c7a857fd
Author: Stan Lagun <email address hidden>
Date: Thu Oct 31 12:46:12 2013 +0400

Adds ability to configure various clients used by the Heat

    This commit adds config sections [clients_nova], [clients_swift],
    [clients_neutron], [clients_cinder], [clients_ceilometer] and
    [clients_keystone]. These sections contain additional configuration
    options for corresponding OpenStack clients.
    Currently those are only SSL-related setting ca_file, cert_file,
    key_file and insecure. Note, than not every client library is
    currently capable of utilizing all of the SSL settings.

    There is also a plain [clients] section that holds shared client
    options. Each option searched first at specific group (clients_xxx)
    and if it not found there then the value from [clients] group
    are taken (or default values if there is no such setting in this
    group). This allows defining shared configuration that would be
    used by most (or all) clients without repeating the same settings
    for each and every client separately

Closes-Bug: #1213122
Implements: blueprint clients-ssl-options

Change-Id: Id9ccbffce0d5c266202fdb1cf24a9ffb63e507e6

Changed in heat:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2013-12-04

Changed in heat:
status:	Fix Committed → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-01-28: Related fix proposed to heat (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/69568

Thierry Carrez (ttx) on 2014-04-17

Changed in heat:
milestone:	icehouse-1 → 2014.1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.