OpenStack Compute (nova)

Nova doesn't allow for a cacert file to be specified when calling cinder (Issue when using self signed certs)

Bug #1179476 reported by Cian O'Driscoll on 2013-05-13

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Fix Released	Undecided	Cian O'Driscoll	OpenStack Compute (nova) 2013.2 "havana"

Bug Description

nova/volume/cinder.py

    c = cinder_client.Client(context.user_id,
                             context.auth_token,
                             project_id=context.project_id,
                             auth_url=url,
                             insecure=CONF.cinder_api_insecure,
                             retries=CONF.cinder_http_retries)

Cinder client allows for a cacert arg to be passed to Client(). If a cacert file isn't passed to cinder client then the python-request library uses the cacert file in it's path "/usr/share/pyshared/requests/cacert.pem" rather then the system default of "/etc/ssl/certs /ca-certificates.crt". This causes an issue if you are using self signed certs with a custom ca authority.

Recommend(I will do the patch) to add a new flag to "nova/volume/cinder.py" where a cacert file can be passed to cinder Client().

Cian O'Driscoll (dricco) on 2013-05-14

Changed in nova:
assignee:	nobody → Cian O'Driscoll (dricco)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-05-15: Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/29246

Changed in nova:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-05-16: Fix merged to nova (master)

Reviewed: https://review.openstack.org/29246
Committed: http://github.com/openstack/nova/commit/5bc5fd8855f39638522304102e1f839484b9bf81
Submitter: Jenkins
Branch: master

commit 5bc5fd8855f39638522304102e1f839484b9bf81
Author: Cian O'Driscoll <email address hidden>
Date: Wed May 15 15:14:01 2013 +0000

Add ca cert file support to cinder client requests

Allow for ca certificates file to be specified when doing cinder
client requests. Needed when using custom ca authorities.

Change-Id: Ib9aa15df2fc7d96cb8587c13769399e353c032c6
Fixes: bug #1179476

Changed in nova:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2013-05-29

Changed in nova:
milestone:	none → havana-1
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-10-17

Changed in nova:
milestone:	havana-1 → 2013.2

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.