OpenStack Identity (keystone)

keystone-all crashes when ca_certs is not defined in conf

Bug #1459828 reported by kio
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Expired
Critical
Unassigned
Icehouse
Won't Fix
Undecided
Unassigned

Bug Description

When [ssl] ca_certs parameter is commented on keystone.conf, ssl module try to load the default ca_cert file (/etc/keystone/ssl/certs/ca.pem) and raises an IOError exception because it didn't find the file.

This happens running on Python 2.7.9.

I have a keystone cluster running on Python 2.7.7, with the very same keystone.conf file, and that crash doesn't happen.

If any further information is required, don't hesitate in contacting me.

Revision history for this message
Morgan Fainberg (mdrnstm) wrote :

Which version of Keystone (OpenStack) are you seeing this with? (e.g. Icehouse, Juno, Kilo, Master)? And how was Keystone installed? (e.g. via pip, from an apt repository, RDO, etc)

Which distribution are you using? (Ubuntu, Fedora, RHEL, etc) And which release?

Are there other settings in the

Revision history for this message
Morgan Fainberg (mdrnstm) wrote :

Please mark this bug as "new" when you respond with the answers to my above questions.

thanks!

Changed in keystone:
status: New → Incomplete
Revision history for this message
kio (caiobrentano) wrote :

Sorry for the missing information. I'm not used to report bugs! :)

The Keystone version is Github 2014.1 release. It was cloned from github and installed via pip from an internal repository.

The OS distribution is Red Hat Enterprise Linux Server release 6.5 (Santiago)

Changed in keystone:
status: Incomplete → New
Revision history for this message
Morgan Fainberg (mdrnstm) wrote :

Don't worry about the incomplete bug report, it's why I asked the questions :). This gives me enough information to start looking at it now and/or how to duplicate it. There are many variations and sometimes duplication is hard with so many variations.

Thanks!

Revision history for this message
Dolph Mathews (dolph) wrote :

If this can be reproduced against 2014.1 icehouse, I would consider it to be a critical issue for our core use case (default SSL configuration w/ apache httpd).

Changed in keystone:
importance: Undecided → Critical
Revision history for this message
Morgan Fainberg (mdrnstm) wrote :

I have been unable to duplicate this bug. Is it possible to get more information on how to duplicate this?

Please set this bug back to "New" once you've answered the question(s)

Changed in keystone:
status: New → Incomplete
Adam Young (ayoung)
Changed in keystone:
status: Incomplete → Opinion
status: Opinion → Incomplete
Revision history for this message
Brant Knudson (blk-u) wrote :

icehouse is now eol, so I don't see any need to spend more time on this.

Revision history for this message
David Stanek (dstanek) wrote :

I just quickly tried to reproduce and failed. Is there any reason not to mark this as invalid?

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for Keystone because there has been no activity for 60 days.]

Changed in keystone:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.