add-cloud and bootstrap fails when using an Openstack with a self-signed certificate
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Fix Released
|
High
|
Heather Lanigan | ||
2.3 |
Won't Fix
|
High
|
Unassigned | ||
2.4 |
Won't Fix
|
High
|
Unassigned |
Bug Description
I ran into this issue when attempting to add a private Openstack cloud with a self-signed certificate.
juju add-cloud fails when run in interactive mode, claiming that an Openstack isn't running at the given address. A build of juju with more debugging turned on yields the following error (I've changed the ip address and port, to anonymize the error):
-------
Enter the API endpoint url for the cloud: https:/
request available auth options: failed executing the request https:/
caused by: Get https:/
caused by: Get https:/
19:23:22 DEBUG juju.provider.
caused by: request available auth options: failed executing the request https:/
caused by: Get https:/
Can't validate endpoint: No Openstack server running at https:/
-------
Googling for the "IP SANs" error suggests that this is a Go error that happens when the CN is not set properly. The server in question returns a subject line for the cert with "CN=10.12.12.120". Something might be getting clobbered before being passed to the Go code that tries to verify the cert.
This error does not occur when adding the cloud with a config.yaml file. The cert has been added to the CA for the machine running juju, and curl and wget commands to https:/
description: | updated |
Changed in juju: | |
milestone: | none → 2.4.1 |
Changed in juju: | |
importance: | Undecided → High |
Changed in juju: | |
assignee: | nobody → Heather Lanigan (hmlanigan) |
tags: | added: openstack-provider |
Changed in juju: | |
status: | Triaged → In Progress |
Changed in juju: | |
milestone: | 2.4.1 → none |
Changed in juju: | |
milestone: | none → 2.4.2 |
Changed in juju: | |
milestone: | 2.4.2 → 2.5-beta1 |
summary: |
- add-cloud fails when adding an Openstack with a self-signed certificate + add-cloud and bootstrap fails when using an Openstack with a self-signed + certificate |
Changed in juju: | |
status: | In Progress → Fix Committed |
Changed in juju: | |
status: | Fix Committed → Fix Released |
The novarc file contained a env var that juju doesn't use currently:
OS_CACERT= /home/user/ openstack. crt