Not possible to install a new Openstack certificate when "https_enabled=False"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Low
|
João Victor Portal |
Bug Description
Brief Description
-----------------
When trying to install a new Openstack certificate with "https_
Severity
--------
Minor
Steps to Reproduce
------------------
Ensure your system has the property "https_enabled" set to False using "system show".
Try to install a Openstack certificate in the system: "system certificate-install -m openstack myCertAndKey.pem"
Expected Behavior
------------------
System should be able to install the certificate that will be used later when https_enabled is finally set to True.
Actual Behavior
----------------
System does not install the certificate. If the Openstack application is present, when "https_enabled" is set to True, Openstack reapply will try to use a certificate, but it will fail as it doesn't exist.
Reproducibility
---------------
Reproducible
System Configuration
-------
AIO-SX
Branch/Pull Time/Commit
-------
N/A
Last Pass
---------
N/A
Timestamp/Logs
--------------
N/A
Test Activity
-------------
Developer Testing
Workaround
----------
Set https_enabled=True before installing the certificate, although it won't avoid the Openstack reapply from failing.
Changed in starlingx: | |
assignee: | nobody → João Victor Portal (jvictorp) |
status: | New → In Progress |
tags: | added: stx.distro.openstack stx.security |
Changed in starlingx: | |
importance: | Undecided → Low |
tags: | added: stx.6.0 |
Reviewed: https:/ /review. opendev. org/c/starlingx /config/ +/819381 /opendev. org/starlingx/ config/ commit/ adc0556df919f98 ab83e6b1ecfd538 31d10bf2f8
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit adc0556df919f98 ab83e6b1ecfd538 31d10bf2f8
Author: Joao Victor Portal <email address hidden>
Date: Thu Nov 25 19:04:26 2021 -0300
Allow certificate install when HTTPS is false
The removal of this limitation is needed to enable HTTPS on Openstack
without errors when it's already present in the system (avoid app
reapply errors).
The limitation was also removed for other certificates besides
"openstack" and "openstack_ca" because there is no reason to keep this
limitation.
The following tests were executed on AIO-SX created from StarlingX dev install" command.
ISO containing the changes in this commit. The installation of
certificates is done through "system certificate-
Test Plan:
PASS: Successfully install "openstack", "openstack_ca", "ssl_ca", registry" and "ssl" certificates while system attribute registry" and "ssl" certificates.
"docker_
"https_enabled" is "False", then set "https_enabled" to "True" with no
errors.
PASS: Set "https_enabled" to "True" with no errors and then
successfully install "openstack", "openstack_ca", "ssl_ca",
"docker_
Closes-Bug: 1952360 1dcc9aacb45e18a 231f0747074
Signed-off-by: Joao Victor Portal <email address hidden>
Change-Id: I9c56e6efa49a98