ssl_setup fails due to extra character in days value
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
When running keystone-manage ssl_setup, the openssl command generated has an extra "d" character after the days value that causes openssl command to fail with an error.
ex:keystone-manage ssl_setup --keystone-user keystone --keystone-group keystone --rebuild
2018-06-01 10:17:52.833 69002 WARNING keystone.cmd.cli [-] keystone-manage ssl_setup is not recommended for production use.
2018-06-01 10:17:52.841 69002 INFO keystone.
2018-06-01 10:17:53.020 69002 INFO keystone.
2018-06-01 10:17:53.029 69002 INFO keystone.
2018-06-01 10:17:53.132 69002 INFO keystone.
2018-06-01 10:17:53.141 69002 INFO keystone.
2018-06-01 10:17:53.146 69002 ERROR keystone.
ca: Non-positive number "3650d" for -days
ca: Use -help for summary.
2018-06-01 10:17:53.148 69002 CRITICAL keystone [-] CalledProcessError: Command '['openssl', 'ca', '-batch', '-out', '/etc/keystone/
2018-06-01 10:17:53.148 69002 ERROR keystone Traceback (most recent call last):
2018-06-01 10:17:53.148 69002 ERROR keystone File "/usr/bin/
2018-06-01 10:17:53.148 69002 ERROR keystone sys.exit(main())
2018-06-01 10:17:53.148 69002 ERROR keystone File "/usr/lib/
2018-06-01 10:17:53.148 69002 ERROR keystone cli.main(
2018-06-01 10:17:53.148 69002 ERROR keystone File "/usr/lib/
2018-06-01 10:17:53.148 69002 ERROR keystone CONF.command.
2018-06-01 10:17:53.148 69002 ERROR keystone File "/usr/lib/
2018-06-01 10:17:53.148 69002 ERROR keystone conf_ssl.run()
2018-06-01 10:17:53.148 69002 ERROR keystone File "/usr/lib/
2018-06-01 10:17:53.148 69002 ERROR keystone self.build_
2018-06-01 10:17:53.148 69002 ERROR keystone File "/usr/lib/
2018-06-01 10:17:53.148 69002 ERROR keystone '-infiles', '%(request_
2018-06-01 10:17:53.148 69002 ERROR keystone File "/usr/lib/
2018-06-01 10:17:53.148 69002 ERROR keystone raise e
2018-06-01 10:17:53.148 69002 ERROR keystone CalledProcessError: Command '['openssl', 'ca', '-batch', '-out', '/etc/keystone/
2018-06-01 10:17:53.148 69002 ERROR keystone
The offending code is in keystone/
'-days', '%(valid_days)dd',
I realize that openssl is deprecated, but perhaps this fix could be made available for distros that still use the 9.3 versions in their stable releases (Ubuntu 16.04, for example).
Wyllys,
The `keystone-manage ssl_setup` command has been removed in the Newton release since we removed the possiblity of running Keystone through it's internal eventlet web server. Please use an HTTP server such as Apache HTTPD for running Keystone and for performing the SSL termination.
Mitaka, the last release supporting this command, is EOL therefore we can't push or accept a fix for this.