[SRU] switch to requests breaks HTTPS support
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance Client |
Fix Released
|
High
|
Flavio Percoco | ||
Ubuntu Cloud Archive |
Fix Released
|
Undecided
|
Edward Hope-Morley |
Bug Description
[Impact]
Fix glanceclient breakage in Nova when using https glance endpoint in Juno.
[Test Case]
1. Deploy Openstack juno (incl. this fix) with https endpoints and
create an instance.
2. Check that instance deployed successfully.
[Regression Potential]
None.
Since the switching to using the requests library in the client, nova boot fails when the glance server is using SSL.
The error reported by nova is:
2014-07-22 16:20:57.569 ^[[00;32mDEBUG glanceclient.
2014-07-22 16:20:57.571 ^[[01;31mERROR nova.api.openstack [^[[01;
Once seen, all subsequent commands to the nova server fail similarly.
This is fairly easily reproduced with my SSL patches in https:/
With an SSL-everywhere server this can be seen by installing in devstack and doing things like:
These work.
$ nova flavor-list
$ glance image-list
$ nova net-list
Have nova hit glance:
$ nova image-list
ERROR (Unauthorized): Unauthorized (HTTP 401) (Request-ID: req-ee964e9a-
All subsequent requests will fail similarly:
$ nova list
ERROR (Unauthorized): Unauthorized (HTTP 401) (Request-ID: req-f670db83-
Note that if you start nova and the first thing you do is an image-list it works. I'm guessing this is because the only connection in the pool is a glance connection object which has insecure defined.
Changed in python-glanceclient: | |
assignee: | nobody → Flavio Percoco (flaper87) |
importance: | Undecided → High |
Changed in python-glanceclient: | |
status: | New → In Progress |
Changed in python-glanceclient: | |
status: | Fix Committed → Fix Released |
description: | updated |
summary: |
- switch to requests breaks HTTPS support + [SRU] switch to requests breaks HTTPS support |
Changed in cloud-archive: | |
assignee: | nobody → Edward Hope-Morley (hopem) |
status: | New → In Progress |
Changed in cloud-archive: | |
status: | In Progress → Invalid |
no longer affects: | python-glanceclient/juno |
Changed in cloud-archive: | |
status: | Invalid → In Progress |
My workaround is to change the scheme name:
diff --git a/glanceclient/ common/ https.py b/glanceclient/ common/ https.py common/ https.py common/ https.py adapters. HTTPAdapter) : pool_classes_ by_scheme[ "https" ] = HTTPSConnectionPool pool_classes_ by_scheme[ "glance+ https"] = HTTPSConnectionPoo
super( HTTPSAdapter, self)._ _init__ (*args, **kwargs)
index 93c6e6a..9e470cd 100644
--- a/glanceclient/
+++ b/glanceclient/
@@ -72,7 +72,7 @@ class HTTPSAdapter(
def __init__(self, *args, **kwargs):
# NOTE(flaper87): This line forces poolmanager to use
# glanceclient HTTPSConnection
- poolmanager.
+ poolmanager.
def cert_verify(self, conn, url, verify, cert): Pool(connection pool.HTTPSConne ctionPool) : compression.
@@ -92,7 +92,7 @@ class HTTPSConnection
be used just when the user sets --no-ssl-
"""
- scheme = 'https'
+ scheme = 'glance+https'
def _new_conn(self):
self. num_connections += 1