OpenStack Compute (nova)

Placment API client doesn't honor insecure nor cafile parameters

Bug #1666936 reported by György Szombathelyi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Medium
Sean Dague
Ocata
Fix Committed
Medium
Sean Dague

Bug Description

The connection to the Placement API from Nova doesn't allow to specify an insecure nor a cafile parameter. This could be a problem if those are used in the Keystone or Neutron clients, for example, then it is expected to use them in the Placement client, too.

Tags: api placement
Sylvain Bauza (sylvain-bauza)
Changed in nova:
importance: Undecided → Medium
status: New → Confirmed
tags: added: api placement
OpenStack Infra (hudson-openstack)
Changed in nova:
assignee: nobody → György Szombathelyi (gyurco)
status: Confirmed → In Progress
Revision history for this message
Sylvain Bauza (sylvain-bauza) wrote :

Patch is up https://review.openstack.org/#/c/436475/

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/437123

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/437156

Changed in nova:
assignee: György Szombathelyi (gyurco) → Sean Dague (sdague)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/437157

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/436475
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=a377fc5988e9a6057bd14617879a7cbcc3c8bb81
Submitter: Jenkins
Branch: master

commit a377fc5988e9a6057bd14617879a7cbcc3c8bb81
Author: Gyorgy Szombathelyi <email address hidden>
Date: Tue Feb 21 15:04:13 2017 +0100

    Use the keystone session loader in the placement reporting

    Using load_session_from_conf_options has the advantage that it honors
    session settings like cafile and insecure, to make use of non-system TLS
    certificates (or disable certificate checks at all). Also client
    certificates and timeout values can be specified, too.

    Closes-Bug: #1666936
    Change-Id: I510a2683958fc8c3aaca9293b4280f325b9551fc

Changed in nova:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/437156
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=adbf28f8194f901cd99a49da0376475986993f88
Submitter: Jenkins
Branch: master

commit adbf28f8194f901cd99a49da0376475986993f88
Author: Sean Dague <email address hidden>
Date: Wed Feb 22 16:43:51 2017 -0500

    Allow nova-status to work with custom ca for placement

    Change-Id: I9f8b840f5a99d11dd5b688c4bf364315846ecc51
    Closes-Bug: #1666936

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (stable/ocata)

Reviewed: https://review.openstack.org/437123
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=2bb632ac888703e0a91e14abcede31dc6e46b84e
Submitter: Jenkins
Branch: stable/ocata

commit 2bb632ac888703e0a91e14abcede31dc6e46b84e
Author: Gyorgy Szombathelyi <email address hidden>
Date: Tue Feb 21 15:04:13 2017 +0100

    Use the keystone session loader in the placement reporting

    Using load_session_from_conf_options has the advantage that it honors
    session settings like cafile and insecure, to make use of non-system TLS
    certificates (or disable certificate checks at all). Also client
    certificates and timeout values can be specified, too.

    Closes-Bug: #1666936
    Change-Id: I510a2683958fc8c3aaca9293b4280f325b9551fc
    (cherry picked from commit a377fc5988e9a6057bd14617879a7cbcc3c8bb81)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/437157
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=b9335a49e6386ff338cbc80b8e05d0c296284e85
Submitter: Jenkins
Branch: stable/ocata

commit b9335a49e6386ff338cbc80b8e05d0c296284e85
Author: Sean Dague <email address hidden>
Date: Wed Feb 22 16:43:51 2017 -0500

    Allow nova-status to work with custom ca for placement

    Change-Id: I9f8b840f5a99d11dd5b688c4bf364315846ecc51
    Closes-Bug: #1666936
    (cherry picked from commit adbf28f8194f901cd99a49da0376475986993f88)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/nova 15.0.1

This issue was fixed in the openstack/nova 15.0.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/nova 16.0.0.0b1

This issue was fixed in the openstack/nova 16.0.0.0b1 development milestone.

Revision history for this message
Tom Carroll (h-thomas-carroll) wrote :

Is it possible to get this patch backported to Newton?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.