nova list failure when quantum_url points to HTTPS endpoint

Bug #1206330 reported by John Dewey
28
This bug affects 6 people
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Undecided
Yaguang Tang

Bug Description

We are using the standard UEC grizzly packages with Ubuntu 12.04, and using keystone v3, nova v2, and quantom v2 APIs.
All of our endpoints have HTTPS urls, which are offloaded to a load balancer with standard Verisign certs.

We are able to query quantum via the CLI, however, when we attempt a `nova list`, we end up with the following error.

http://paste.openstack.org/show/42553/

When changing nova.conf's quantum_url from an offloaded HTTPs url to a standard HTTP url, all works as expected.

Again, we are not using self signed certs, and all works as expected when using the quauntum client CLI, but nova.conf's quantum_url does not work
when pointed to HTTPS.

ii python-quantumclient 1:2.2.0-0ubuntu1~cloud0 client - Quantum is a virtual network service for Openstack
ii python-keystoneclient 1:0.2.3-0ubuntu2.2~cloud0 Client library for OpenStack Identity API
ii python-novaclient 1:2.13.0-0ubuntu1~cloud0 client library for OpenStack Compute API

Revision history for this message
John Dewey (retr0h) wrote :
Revision history for this message
Yaguang Tang (heut2008) wrote :

it's a pity that neutron (quantum ) client doesn't support TLS currently.

Revision history for this message
Jay Pipes (jaypipes) wrote :

This is a serious issue. Hoping we can get some eyes on this...

John Dewey (retr0h)
description: updated
Revision history for this message
Yaguang Tang (heut2008) wrote :

python-neutronclient now supports ssl , I think we just need a small fix on nova side to support https.

Changed in nova:
assignee: nobody → Yaguang Tang (heut2008)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/39651

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/39651
Committed: http://github.com/openstack/nova/commit/cdfd5fb27d3d35e52c56d83290fc5d2c07c48865
Submitter: Jenkins
Branch: master

commit cdfd5fb27d3d35e52c56d83290fc5d2c07c48865
Author: Yaguang Tang <email address hidden>
Date: Thu Aug 1 16:10:40 2013 +0800

    Add support for Neutron https endpoint

    This patch adds a parameter to specify Neutronclient ca certificate file
    location to support Neutron https endpoint.

    Fix bug #1206330

    Change-Id: I9ecdd24cf0efcb5ef895e529e516d248214592c1

Revision history for this message
Matt Riedemann (mriedem) wrote :

I'm not sure why launchpad didn't mark this as in progress when the patch was submitted or fix committed when the patch was merged. I've been seeing some flakiness in launchpad tracking status lately.

tags: added: api network
Changed in nova:
status: New → Fix Committed
Thierry Carrez (ttx)
Changed in nova:
milestone: none → havana-3
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in nova:
milestone: havana-3 → 2013.2
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers