Horizon is unable to retrieve Cinder API versions when it has a self-signed SSL certificate
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Confirmed
|
Medium
|
Unassigned |
Bug Description
With "OPENSTACK_
However, before communicating with the Cinder API, it first uses cinderclient to retrieve available API versions: https:/
The get_server_version method from cinderclient doesn't support an "insecure" or "verify" argument and the request it does to retrieve the API versions is currently always secure: https:/
Even with DEBUG logging enabled, it was not trivial to understand what was going on because the only thing that gets written to the logs is something that looks like this:
=====
DEBUG:urllib3.
Call to list enabled services failed. This is likely due to a problem communicating with the Cinder endpoint. Consistency Group panel will not be displayed.
DEBUG:urllib3.
Call to list enabled services failed. This is likely due to a problem communicating with the Cinder endpoint. Consistency Group Snapshot panel will not be displayed.
DEBUG:urllib3.
Call to list enabled services failed. This is likely due to a problem communicating with the Cinder endpoint. Volume Group panel will not be displayed.
DEBUG:urllib3.
Call to list enabled services failed. This is likely due to a problem communicating with the Cinder endpoint. Volume Group Snapshot panel will not be displayed.
=====
I had to manually add some tracing to get the actual exception:
=====
Traceback (most recent call last):
File "/openstack/
sort_
File "/openstack/
c_client = _cinderclient_
File "/openstack/
version = get_microversio
File "/openstack/
min_ver, max_ver = cinder_
File "/openstack/
response = requests.
File "/openstack/
return request('get', url, params=params, **kwargs)
File "/openstack/
return session.
File "/openstack/
resp = self.send(prep, **send_kwargs)
File "/openstack/
r = adapter.
File "/openstack/
raise SSLError(e, request=request)
SSLError: HTTPSConnection
=====
It seems like the fix would be to add an "insecure" parameter to cinderclient's get_server_version method and then use that parameter from Horizon's "get_microversion" method for the Cinder API.
Changed in horizon: | |
assignee: | Nikita Gerasimov (nikita-gerasimov) → nobody |
status: | In Progress → New |
Changed in horizon: | |
assignee: | nobody → Nikita Gerasimov (nikita-gerasimov) |
status: | New → In Progress |
Changed in horizon: | |
status: | In Progress → New |
assignee: | Nikita Gerasimov (nikita-gerasimov) → nobody |
Changed in horizon: | |
status: | New → In Progress |
importance: | Undecided → Medium |
Changed in horizon: | |
status: | In Progress → Confirmed |
There is a similar issue in Nova because it has it's own implementation of get_server_version: https:/ /github. com/openstack/ nova/blob/ 78d6aca9a6cfb25 ac180e28dc519fb 76d22a2314/ nova/volume/ cinder. py#L104- L146