juju-core

Loading state on bootstrap ignores ssl-hostname-verification setting

Bug #1268913 reported by Martin Packman
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
juju-core
Fix Released
High
Martin Packman
juju-core 1.17.4
1.16
Fix Released
High
Martin Packman
juju-core 1.16.6
juju-core (Ubuntu)
Fix Released
Undecided
Unassigned
Saucy
Won't Fix
High
Unassigned

Bug Description

[Impact]
Users of private cloud deployments with self-signed SSL certs can't use Juju

[Test Case]
#Requires cloud with swift storage using self-signed cert
juju bootstrap --debug
#fail

[Regression Potential]
Minimal code change in direct path only.

[Original Bug Report]
In a private openstack cloud setup, using self-signed certs, juju fails to bootstrap even with ssl-hostname-verification configured as true. This appears to be because loading the provider-state date from swift during cloud-init setup on machine 0 fails due to the swift endpoint not having a valid certificate:

+ echo https://10.1.27.194:8080/v1/AUTH_74406d06ca654bf4804003942b2f3f7c/juju-3a596bb8224878b427a7728fd83b7886/provider-state
+ /var/lib/juju/tools/1.16.5-precise-amd64/jujud bootstrap-state --data-dir /var/lib/juju --env-config ... --constraints mem=1024M --debug
2014-01-13 07:05:33 DEBUG juju.agent agent.go:237 Reading agent config, format: format 1.16
2014-01-13 07:05:33 DEBUG juju.agent agent.go:464 initializing address [localhost:37017]
2014-01-13 07:05:33 INFO juju.state open.go:68 opening state; mongo addresses: ["localhost:37017"]; entity ""
2014-01-13 07:05:33 INFO juju.state open.go:106 connection established
2014-01-13 07:05:34 INFO juju.state open.go:136 initializing environment
2014-01-13 07:05:35 DEBUG juju.agent agent.go:474 state initialized
2014-01-13 07:05:35 DEBUG juju.agent agent.go:486 adding admin user
2014-01-13 07:05:37 DEBUG juju.agent agent.go:497 setting password hash for admin user
2014-01-13 07:05:39 ERROR juju supercommand.go:282 cannot load state from URL "https://10.1.27.194:8080/v1/AUTH_74406d06ca654bf4804003942b2f3f7c/juju-3a596bb8224878b427a7728fd83b7886/provider-state" (read from "/tmp/provider-state-url"): Get https://10.1.27.194:8080/v1/AUTH_74406d06ca654bf4804003942b2f3f7c/juju-3a596bb8224878b427a7728fd83b7886/provider-state: x509: certificate signed by unknown authority
failed: /var/lib/cloud/instance/scripts/runcmd [1]

See original description

Related branches

lp:~gz/juju-core/1.16_ssl_verification_bootstrap_state_1268913
Juju Engineering: Pending requested
Diff: 183 lines (+63/-16)
5 files modified
cmd/jujud/bootstrap.go (+1/-1)
environs/httpstorage/storage.go (+4/-1)
provider/common/bootstrap_test.go (+1/-1)
provider/common/state.go (+11/-2)
provider/common/state_test.go (+46/-11)
Curtis Hovey (sinzui)
Changed in juju-core:
importance: Undecided → High
status: New → In Progress
milestone: none → 1.17.1
John A Meinel (jameinel)
Changed in juju-core:
assignee: nobody → Martin Packman (gz)
Martin Packman (gz)
Changed in juju-core:
milestone: 1.17.1 → 1.18.0
James Page (james-page)
Changed in juju-core (Ubuntu):
status: New → Fix Released
Changed in juju-core (Ubuntu Saucy):
importance: Undecided → High
status: New → Triaged
Revision history for this message
Curtis Hovey (sinzui) wrote :

Hi Martin. Should the status of this bug be fix committed in trunk? Do we need to merge the branch in trunk?

Revision history for this message
Martin Packman (gz) wrote :

Now merged in Curtis, thanks.

Changed in juju-core:
milestone: 1.18.0 → 1.17.4
status: In Progress → Fix Committed
Curtis Hovey (sinzui)
Changed in juju-core:
status: Fix Committed → Fix Released
James Page (james-page)
description: updated
Revision history for this message
Rolf Leggewie (r0lf) wrote :

saucy has seen the end of its life and is no longer receiving any updates. Marking the saucy task for this ticket as "Won't Fix".

Changed in juju-core (Ubuntu Saucy):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.