I updated the package from quantal-proposed successfully. I checked the contents of shell.py to ensure the patch had been applied and removed all *.pyc files from /usr/lib/python2.7/dist-packages/keystoneclient/ to ensure no files from the previous version remained.
Unfortunately, it seems the bug still persists. I cannot interact with keystone using SSL, unless I use the --insecure flag, or specify the default cacerts.txt file by hand. Please see below.
# dpkg -l python-keystoneclient
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Description
+++-====================================-====================================-========================================================================================
ii python-keystoneclient 1:0.1.3-0ubuntu1.1 Client libary for Openstack Keystone API
parser.add_argument('--os-cacert', metavar='<ca-certificate>', default=env('OS_CA_CERT', default=None), help='Defaults to env[OS_CACERT]')
# keystone service-list
No handlers could be found for logger "keystoneclient.client"
Unable to communicate with identity service: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed. (HTTP 400)
# keystone --insecure service-list
+----------------------------------+----------+--------------+------------------------------+
| id | name | type | description |
+----------------------------------+----------+--------------+------------------------------+
| 26b4ab0f46904930bc907ddf8204f09b | volume | volume | Nova Volume Service |
| 39d9a621022543c3aecc52734080725e | glance | image | Glance Image Service |
| 5b5d4d9edd2d45fab7a64a284349988c | swift | object-store | Swift Object Storage Service |
| 769f19f0d056482988558d6c611f2df8 | nova | compute | Nova Compute Service |
| a59de4515aae4e36b7a94ed2ad008fbe | ec2 | ec2 | EC2 Compatibility Layer |
| c77e502d8a8e42b18cfed9a6c4d35b9e | keystone | identity | Keystone Identity Service |
+----------------------------------+----------+--------------+------------------------------+
# keystone --os-cacert /usr/share/pyshared/httplib2/cacerts.txt service-list
+----------------------------------+----------+--------------+------------------------------+
| id | name | type | description |
+----------------------------------+----------+--------------+------------------------------+
| 26b4ab0f46904930bc907ddf8204f09b | volume | volume | Nova Volume Service |
| 39d9a621022543c3aecc52734080725e | glance | image | Glance Image Service |
| 5b5d4d9edd2d45fab7a64a284349988c | swift | object-store | Swift Object Storage Service |
| 769f19f0d056482988558d6c611f2df8 | nova | compute | Nova Compute Service |
| a59de4515aae4e36b7a94ed2ad008fbe | ec2 | ec2 | EC2 Compatibility Layer |
| c77e502d8a8e42b18cfed9a6c4d35b9e | keystone | identity | Keystone Identity Service |
+----------------------------------+----------+--------------+------------------------------+
I updated the package from quantal-proposed successfully. I checked the contents of shell.py to ensure the patch had been applied and removed all *.pyc files from /usr/lib/ python2. 7/dist- packages/ keystoneclient/ to ensure no files from the previous version remained.
Unfortunately, it seems the bug still persists. I cannot interact with keystone using SSL, unless I use the --insecure flag, or specify the default cacerts.txt file by hand. Please see below.
# dpkg -l python- keystoneclient Unknown/ Install/ Remove/ Purge/Hold Not/Inst/ Conf-files/ Unpacked/ halF-conf/ Half-inst/ trig-aWait/ Trig-pend /Reinst- required (Status,Err: uppercase=bad) ======= ======= ======= ======= =====-= ======= ======= ======= ======= ======= -====== ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ===== keystoneclient 1:0.1.3-0ubuntu1.1 Client libary for Openstack Keystone API
Desired=
| Status=
|/ Err?=(none)
||/ Name Version Description
+++-===
ii python-
# grep -B 4 CACERT /usr/share/ pyshared/ keystoneclient/ shell.py
# keystone service-list .client" SSL3_GET_ SERVER_ CERTIFICATE: certificate verify failed. (HTTP 400)
No handlers could be found for logger "keystoneclient
Unable to communicate with identity service: [Errno 1] _ssl.c:504: error:14090086:SSL routines:
# keystone --insecure service-list ------- ------- ------- ------- +------ ----+-- ------- -----+- ------- ------- ------- ------- -+ ------- ------- ------- ------- +------ ----+-- ------- -----+- ------- ------- ------- ------- -+ 0bc907ddf8204f0 9b | volume | volume | Nova Volume Service | 3aecc5273408072 5e | glance | image | Glance Image Service | ab7a64a28434998 8c | swift | object-store | Swift Object Storage Service | 988558d6c611f2d f8 | nova | compute | Nova Compute Service | 6b7a94ed2ad008f be | ec2 | ec2 | EC2 Compatibility Layer | 18cfed9a6c4d35b 9e | keystone | identity | Keystone Identity Service | ------- ------- ------- ------- +------ ----+-- ------- -----+- ------- ------- ------- ------- -+
+------
| id | name | type | description |
+------
| 26b4ab0f4690493
| 39d9a621022543c
| 5b5d4d9edd2d45f
| 769f19f0d056482
| a59de4515aae4e3
| c77e502d8a8e42b
+------
# keystone --os-cacert /usr/share/ pyshared/ httplib2/ cacerts. txt service-list ------- ------- ------- ------- +------ ----+-- ------- -----+- ------- ------- ------- ------- -+ ------- ------- ------- ------- +------ ----+-- ------- -----+- ------- ------- ------- ------- -+ 0bc907ddf8204f0 9b | volume | volume | Nova Volume Service | 3aecc5273408072 5e | glance | image | Glance Image Service | ab7a64a28434998 8c | swift | object-store | Swift Object Storage Service | 988558d6c611f2d f8 | nova | compute | Nova Compute Service | 6b7a94ed2ad008f be | ec2 | ec2 | EC2 Compatibility Layer | 18cfed9a6c4d35b 9e | keystone | identity | Keystone Identity Service | ------- ------- ------- ------- +------ ----+-- ------- -----+- ------- ------- ------- ------- -+
+------
| id | name | type | description |
+------
| 26b4ab0f4690493
| 39d9a621022543c
| 5b5d4d9edd2d45f
| 769f19f0d056482
| a59de4515aae4e3
| c77e502d8a8e42b
+------
# env | grep http /keystone. sy3.aptira. com:5000 /auth.aptira. com:35357/ v2.0
OS_AUTH_URL=https:/
SERVICE_ENDPOINT=https:/