SSL parameters for clients

Bug #1213122 reported by Stan Lagun on 2013-08-16
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Heat
Fix Released
Medium
Stan Lagun

Bug Description

When Heat creates different clients for Nova, Cinder and others it doesn't pass SSL-related options to clients' constructor. If Nova is configured to have SSL endpoints and self-signed certificates Heat will fail to create instances because there is no way to disable server certificate validation as there is no "insecure" flag passed etc.

Tags: ssl Edit Tag help
Steven Hardy (shardy) on 2013-08-28
Changed in heat:
milestone: none → havana-rc1
Changed in heat:
importance: Undecided → Medium
status: New → Triaged

Fix proposed to branch: master
Review: https://review.openstack.org/46697

Changed in heat:
assignee: nobody → Stan Lagun (slagun)
status: Triaged → In Progress
Steven Hardy (shardy) on 2013-09-24
Changed in heat:
milestone: havana-rc1 → icehouse-1

Fix proposed to branch: master
Review: https://review.openstack.org/54686

Reviewed: https://review.openstack.org/54686
Committed: http://github.com/openstack/heat/commit/838bdfc1589433e33d4862869765a010c7a857fd
Submitter: Jenkins
Branch: master

commit 838bdfc1589433e33d4862869765a010c7a857fd
Author: Stan Lagun <email address hidden>
Date: Thu Oct 31 12:46:12 2013 +0400

    Adds ability to configure various clients used by the Heat

    This commit adds config sections [clients_nova], [clients_swift],
    [clients_neutron], [clients_cinder], [clients_ceilometer] and
    [clients_keystone]. These sections contain additional configuration
    options for corresponding OpenStack clients.
    Currently those are only SSL-related setting ca_file, cert_file,
    key_file and insecure. Note, than not every client library is
    currently capable of utilizing all of the SSL settings.

    There is also a plain [clients] section that holds shared client
    options. Each option searched first at specific group (clients_xxx)
    and if it not found there then the value from [clients] group
    are taken (or default values if there is no such setting in this
    group). This allows defining shared configuration that would be
    used by most (or all) clients without repeating the same settings
    for each and every client separately

    Closes-Bug: #1213122
    Implements: blueprint clients-ssl-options

    Change-Id: Id9ccbffce0d5c266202fdb1cf24a9ffb63e507e6

Changed in heat:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2013-12-04
Changed in heat:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2014-04-17
Changed in heat:
milestone: icehouse-1 → 2014.1
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers