OpenStack Compute (nova)

Placment API client doesn't honor insecure nor cafile parameters

  1. Series ocata
  2. Bug #1666936
Bug #1666936 reported by György Szombathelyi on 2017-02-22
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Medium
Sean Dague
Ocata
Fix Committed
Medium
Sean Dague
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

The connection to the Placement API from Nova doesn't allow to specify an insecure nor a cafile parameter. This could be a problem if those are used in the Keystone or Neutron clients, for example, then it is expected to use them in the Placement client, too.

Sylvain Bauza (sylvain-bauza) on 2017-02-22
Changed in nova:
importance: Undecided → Medium
status: New → Confirmed
tags: added: api placement
OpenStack Infra (hudson-openstack) on 2017-02-22
Changed in nova:
assignee: nobody → György Szombathelyi (gyurco)
status: Confirmed → In Progress
Sylvain Bauza (sylvain-bauza) wrote :

Patch is up https://review.openstack.org/#/c/436475/

OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/437123

OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/437156

Changed in nova:
assignee: György Szombathelyi (gyurco) → Sean Dague (sdague)
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/437157

OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/436475
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=a377fc5988e9a6057bd14617879a7cbcc3c8bb81
Submitter: Jenkins
Branch: master

commit a377fc5988e9a6057bd14617879a7cbcc3c8bb81
Author: Gyorgy Szombathelyi <email address hidden>
Date: Tue Feb 21 15:04:13 2017 +0100

    Use the keystone session loader in the placement reporting

    Using load_session_from_conf_options has the advantage that it honors
    session settings like cafile and insecure, to make use of non-system TLS
    certificates (or disable certificate checks at all). Also client
    certificates and timeout values can be specified, too.

    Closes-Bug: #1666936
    Change-Id: I510a2683958fc8c3aaca9293b4280f325b9551fc

Changed in nova:
status: In Progress → Fix Released
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/437156
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=adbf28f8194f901cd99a49da0376475986993f88
Submitter: Jenkins
Branch: master

commit adbf28f8194f901cd99a49da0376475986993f88
Author: Sean Dague <email address hidden>
Date: Wed Feb 22 16:43:51 2017 -0500

    Allow nova-status to work with custom ca for placement

    Change-Id: I9f8b840f5a99d11dd5b688c4bf364315846ecc51
    Closes-Bug: #1666936

OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (stable/ocata)

Reviewed: https://review.openstack.org/437123
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=2bb632ac888703e0a91e14abcede31dc6e46b84e
Submitter: Jenkins
Branch: stable/ocata

commit 2bb632ac888703e0a91e14abcede31dc6e46b84e
Author: Gyorgy Szombathelyi <email address hidden>
Date: Tue Feb 21 15:04:13 2017 +0100

    Use the keystone session loader in the placement reporting

    Using load_session_from_conf_options has the advantage that it honors
    session settings like cafile and insecure, to make use of non-system TLS
    certificates (or disable certificate checks at all). Also client
    certificates and timeout values can be specified, too.

    Closes-Bug: #1666936
    Change-Id: I510a2683958fc8c3aaca9293b4280f325b9551fc
    (cherry picked from commit a377fc5988e9a6057bd14617879a7cbcc3c8bb81)

OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/437157
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=b9335a49e6386ff338cbc80b8e05d0c296284e85
Submitter: Jenkins
Branch: stable/ocata

commit b9335a49e6386ff338cbc80b8e05d0c296284e85
Author: Sean Dague <email address hidden>
Date: Wed Feb 22 16:43:51 2017 -0500

    Allow nova-status to work with custom ca for placement

    Change-Id: I9f8b840f5a99d11dd5b688c4bf364315846ecc51
    Closes-Bug: #1666936
    (cherry picked from commit adbf28f8194f901cd99a49da0376475986993f88)

OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/nova 15.0.1

This issue was fixed in the openstack/nova 15.0.1 release.

OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/nova 16.0.0.0b1

This issue was fixed in the openstack/nova 16.0.0.0b1 development milestone.

Tom Carroll (h-thomas-carroll) wrote :

Is it possible to get this patch backported to Newton?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.
Subscribing...

Other bug subscribers