Packstack

RFE: Allow SSL configuration in mysql and client connectors

Bug #1214606 reported by Rob Crittenden on 2013-08-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Packstack	Won't Fix	Undecided	Unassigned
	puppet-openstack	Fix Released	Medium	Rob Crittenden	puppet-openstack 3.0.0-rc1 "3.0.0-rc1"

Bug Description

The underlying mysql module allows SSL to be configured but the openstack/db/mysql module does not provide any way to enable it.

Options are needed to be able to pass in X.509 certs and keys to configure the server for SSL and configure the connectors in keystone, glance and nova to use it.

Rob Crittenden (rcritten) on 2013-08-21

Changed in packstack:
assignee:	nobody → Rob Crittenden (rcritten)
Changed in puppet-openstack:
assignee:	nobody → Rob Crittenden (rcritten)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-08-21: Fix proposed to puppet-openstack (master)

Fix proposed to branch: master
Review: https://review.openstack.org/43139

Changed in puppet-openstack:
status:	New → In Progress

Mathieu Gagné (mgagne) on 2013-08-29

Changed in puppet-openstack:
importance:	Undecided → Medium

Mathieu Gagné (mgagne) on 2013-09-19

Changed in puppet-openstack:
milestone:	none → 3.0.0

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-10-02: Fix merged to puppet-openstack (master)

Reviewed: https://review.openstack.org/43139
Committed: http://github.com/stackforge/puppet-openstack/commit/9dd67378633df8355c62c79fc783c751dda1151b
Submitter: Jenkins
Branch: master

commit 9dd67378633df8355c62c79fc783c751dda1151b
Author: Rob Crittenden <email address hidden>
Date: Wed Sep 11 17:38:28 2013 -0400

Options to configure MySQL for SSL and glance, keystone and nova clients.

    The mysql module supports SSL but it wasn't accessible since the
    arguments to configure it were unused. Add options to pass in the
    CA, cert and private key paths to enable SSL in MySQL.

    The second part of the patch reconfigures the connection line in the
    glance, keystone and nova clients to use SSL by adding the ssl_ca
    option.

Change-Id: I1f748fd7cfac110fc3170b235175623abfc9317b
Fixes: bug #1214606

Changed in puppet-openstack:
status:	In Progress → Fix Committed

Mathieu Gagné (mgagne) on 2014-01-16

Changed in puppet-openstack:
milestone:	3.0.0 → 3.0.0-rc1
status:	Fix Committed → Fix Released

Revision history for this message

Ivan Chavero (imcsk8) (ichavero-ichavero) wrote on 2016-07-26: Cleanup EOL bug report

This is an automated cleanup. This bug report got closed because it
is older than 18 months and there is no open code change to fix this.
After this time it is unlikely that the circumstances which lead to
the observed issue can be reproduced.

If you can reproduce it, please:
* reopen the bug report (set to status "New")
* AND add the steps to reproduce the issue (if applicable)
* AND leave a comment "CONFIRMED FOR: <RELEASE_NAME>"
Only still supported release names are valid (TRUNK, TRUNK).
Valid example: CONFIRMED FOR: TRUNK

Changed in packstack:
assignee:	Rob Crittenden (rcritten) → nobody
status:	New → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.