Nova doesn't allow for a cacert file to be specified when calling cinder (Issue when using self signed certs)

Bug #1179476 reported by Cian O'Driscoll on 2013-05-13
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Cian O'Driscoll

Bug Description


    c = cinder_client.Client(context.user_id,

Cinder client allows for a cacert arg to be passed to Client(). If a cacert file isn't passed to cinder client then the python-request library uses the cacert file in it's path "/usr/share/pyshared/requests/cacert.pem" rather then the system default of "/etc/ssl/certs /ca-certificates.crt". This causes an issue if you are using self signed certs with a custom ca authority.

Recommend(I will do the patch) to add a new flag to "nova/volume/" where a cacert file can be passed to cinder Client().

Cian O'Driscoll (dricco) on 2013-05-14
Changed in nova:
assignee: nobody → Cian O'Driscoll (dricco)

Fix proposed to branch: master

Changed in nova:
status: New → In Progress

Submitter: Jenkins
Branch: master

commit 5bc5fd8855f39638522304102e1f839484b9bf81
Author: Cian O'Driscoll <email address hidden>
Date: Wed May 15 15:14:01 2013 +0000

    Add ca cert file support to cinder client requests

    Allow for ca certificates file to be specified when doing cinder
    client requests. Needed when using custom ca authorities.

    Change-Id: Ib9aa15df2fc7d96cb8587c13769399e353c032c6
    Fixes: bug #1179476

Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2013-05-29
Changed in nova:
milestone: none → havana-1
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2013-10-17
Changed in nova:
milestone: havana-1 → 2013.2
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers