Murano

Murano does not support SSL with cert for engine<>agent communication

Series mitaka
Bug #1568172

Bug #1568172 reported by Serg Melikyan on 2016-04-08

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Murano	Fix Released	High	Konstantin	Murano newton-1 "n1"
Kilo	Won't Fix	Undecided	Unassigned
Liberty	New	Undecided	Unassigned
Mitaka	Fix Committed	High	Konstantin	Murano 2.0.x "2.0.x"
Newton	Fix Released	High	Konstantin	Murano newton-1 "n1"

Bug Description

Detailed bug description:
Murano does support specifying certificate for SSL connectivity between murano-engine and murano-agent, but this value (along side with certificate) is not passed to the murano-agent during first VM boot through cloud-init.

Steps to reproduce:
1. Configure SSL for Murano RabbitMQ
2. Configure SSL in Murano:
    vi /etc/murano/murano.conf
    [rabbitmq]
    ...
    ssl=True
    ca_certs=<path-to-cert>
3. Deploy any application

Expected results:
Environment with application deployed successfully

Actual result:
Environment with application hangs during deployment, murano-agent configuration of VM does not anything related to cert configured

Reproducibility:
Always

Workaround:
Update core-library, example for stable/kilo - https://review.openstack.org/301365

Impact:
Murano does not work on any environment which requires certificates used for SSL connectivity

Tags:

Serg Melikyan (smelikyan) on 2016-04-08

tags:

added: kilo-backport-potential liberty-backport-potential mitaka-backport-potential

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-04-18: Fix proposed to murano (master)

Fix proposed to branch: master
Review: https://review.openstack.org/307349

Changed in murano:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-05-04: Fix merged to murano (master)

Reviewed: https://review.openstack.org/307349
Committed: https://git.openstack.org/cgit/openstack/murano/commit/?id=21e877c22d2b5303a7c0d07602f84d36754425b1
Submitter: Jenkins
Branch: master

commit 21e877c22d2b5303a7c0d07602f84d36754425b1
Author: Konstantin Snihyr <email address hidden>
Date: Mon Apr 18 18:33:56 2016 +0300

Pass [rabbitmq]/ca_certs file to murano-spawned instance

Change-Id: I0d7a66b66d47c5996df8047225dcd9323d328412
Closes-Bug: #1568172

Changed in murano:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-05-10: Fix proposed to murano (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/314474

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-05-11: Fix merged to murano (stable/mitaka)

Reviewed: https://review.openstack.org/314474
Committed: https://git.openstack.org/cgit/openstack/murano/commit/?id=f1614d728c5704464d4931bee532cec7bb6edd49
Submitter: Jenkins
Branch: stable/mitaka

commit f1614d728c5704464d4931bee532cec7bb6edd49
Author: Konstantin Snihyr <email address hidden>
Date: Mon Apr 18 18:33:56 2016 +0300

Pass [rabbitmq]/ca_certs file to murano-spawned instance

    Change-Id: I0d7a66b66d47c5996df8047225dcd9323d328412
    Closes-Bug: #1568172
    (cherry picked from commit 21e877c22d2b5303a7c0d07602f84d36754425b1)

Kirill Zaitsev (kzaitsev) on 2016-05-24

tags:

added: in-stable-mitaka

Revision history for this message

Doug Hellmann (doug-hellmann) wrote on 2016-06-03: Fix included in openstack/murano 3.0.0.0b1

This issue was fixed in the openstack/murano 3.0.0.0b1 development milestone.

Revision history for this message

Doug Hellmann (doug-hellmann) wrote on 2016-06-27: Fix included in openstack/murano 2.0.1

This issue was fixed in the openstack/murano 2.0.1 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.