Placment API client doesn't honor insecure nor cafile parameters

Bug #1666936 reported by György Szombathelyi on 2017-02-22
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Medium
Sean Dague
Ocata
Medium
Sean Dague

Bug Description

The connection to the Placement API from Nova doesn't allow to specify an insecure nor a cafile parameter. This could be a problem if those are used in the Keystone or Neutron clients, for example, then it is expected to use them in the Placement client, too.

Changed in nova:
importance: Undecided → Medium
status: New → Confirmed
tags: added: api placement
Changed in nova:
assignee: nobody → György Szombathelyi (gyurco)
status: Confirmed → In Progress

Fix proposed to branch: master
Review: https://review.openstack.org/437156

Changed in nova:
assignee: György Szombathelyi (gyurco) → Sean Dague (sdague)

Reviewed: https://review.openstack.org/436475
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=a377fc5988e9a6057bd14617879a7cbcc3c8bb81
Submitter: Jenkins
Branch: master

commit a377fc5988e9a6057bd14617879a7cbcc3c8bb81
Author: Gyorgy Szombathelyi <email address hidden>
Date: Tue Feb 21 15:04:13 2017 +0100

    Use the keystone session loader in the placement reporting

    Using load_session_from_conf_options has the advantage that it honors
    session settings like cafile and insecure, to make use of non-system TLS
    certificates (or disable certificate checks at all). Also client
    certificates and timeout values can be specified, too.

    Closes-Bug: #1666936
    Change-Id: I510a2683958fc8c3aaca9293b4280f325b9551fc

Changed in nova:
status: In Progress → Fix Released

Reviewed: https://review.openstack.org/437156
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=adbf28f8194f901cd99a49da0376475986993f88
Submitter: Jenkins
Branch: master

commit adbf28f8194f901cd99a49da0376475986993f88
Author: Sean Dague <email address hidden>
Date: Wed Feb 22 16:43:51 2017 -0500

    Allow nova-status to work with custom ca for placement

    Change-Id: I9f8b840f5a99d11dd5b688c4bf364315846ecc51
    Closes-Bug: #1666936

Reviewed: https://review.openstack.org/437123
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=2bb632ac888703e0a91e14abcede31dc6e46b84e
Submitter: Jenkins
Branch: stable/ocata

commit 2bb632ac888703e0a91e14abcede31dc6e46b84e
Author: Gyorgy Szombathelyi <email address hidden>
Date: Tue Feb 21 15:04:13 2017 +0100

    Use the keystone session loader in the placement reporting

    Using load_session_from_conf_options has the advantage that it honors
    session settings like cafile and insecure, to make use of non-system TLS
    certificates (or disable certificate checks at all). Also client
    certificates and timeout values can be specified, too.

    Closes-Bug: #1666936
    Change-Id: I510a2683958fc8c3aaca9293b4280f325b9551fc
    (cherry picked from commit a377fc5988e9a6057bd14617879a7cbcc3c8bb81)

Reviewed: https://review.openstack.org/437157
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=b9335a49e6386ff338cbc80b8e05d0c296284e85
Submitter: Jenkins
Branch: stable/ocata

commit b9335a49e6386ff338cbc80b8e05d0c296284e85
Author: Sean Dague <email address hidden>
Date: Wed Feb 22 16:43:51 2017 -0500

    Allow nova-status to work with custom ca for placement

    Change-Id: I9f8b840f5a99d11dd5b688c4bf364315846ecc51
    Closes-Bug: #1666936
    (cherry picked from commit adbf28f8194f901cd99a49da0376475986993f88)

This issue was fixed in the openstack/nova 15.0.1 release.

This issue was fixed in the openstack/nova 16.0.0.0b1 development milestone.

Tom Carroll (h-thomas-carroll) wrote :

Is it possible to get this patch backported to Newton?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers