Horizon variable uses missing file horizon_cacert_pem

Bug #1655167 reported by Andrey Grebennikov on 2017-01-09
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Andrey Grebennikov

Bug Description

Horizon role uses horizon_cacert_pem to specify OPENSTACK_SSL_CACERT in the config.
At the same time the file specified in user_variables file under this variable is never been copied over to the container.

Copy task should be added to the playbook and the path to the file in the container must as well.

Changed in openstack-ansible:
assignee: nobody → Andrey Grebennikov (agrebennikov)

That's true.
We could also assume that the cacert is located at {{ horizon_ssl_ca_cert }}, which is uploaded if user provided, from deploy node path {{ horizon_user_ssl_ca_cert }}.

I think it's safe to assume it's gonna be the same CA chain :p

Changed in openstack-ansible:
status: New → In Progress
importance: Undecided → Low

Also I think it's safe to assume we won't check for OSA generated certificates.

It is not necessarily true.
In general case horizon endpoint may be different from keystone pub endpoing.
Say, Horizon access is provided at "https://cloud.domain.tld", while keystone is at "https://keystone.domain.tld".
In this case there may be 2 different CA certs issued with the servers certificates.

Yes, that's the case I was afraid to reach. I thought in general not many users would have 2 different CAs though.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers