Ssl verify error in heat -> keystone communication
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack-Ansible |
Fix Released
|
Undecided
|
Kamil Madac |
Bug Description
In 18.1.3 with self-signed https enabled on haproxy, 'openstack stack list -vvvv' ends up with following Internal Server Error:
SSL exception connecting to https:/
The reason is that self-signed certificate is not distributed to heat containers. As a workaround I added certificate /etc/ssl/
The correct way how to solve the bug would be to add self signed certificate to /etc/ssl/
Changed in openstack-ansible: | |
status: | In Progress → Fix Released |
Here is the patch we did in our Rocky OSA deployment to solve the bug:
http:// paste.openstack .org/show/ 744947/
It basicaly adds env. variable REQUESTS_ CA_BUNDLE= /etc/ssl/ certs/ca- certificates. crt to heat systemd services.