configure_system_https can report wrong error on fail
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| StarlingX |
Fix Released
|
Low
|
Marcelo de Castro Loebens | ||
Bug Description
Brief Description
-----------------
I have only seen this error once. The purpose of this bug is to show where the problem is, and explain the fix.
I setup a STD system (only controller-0) and then ran the following:
system modify --https_enabled true
Remote error: FileNotFoundError [Errno 2] No such file or directory: '/etc/ssl/
['Traceback (most recent call last):\n', ' File "/usr/lib/
I was able to run the command a short time later without issue.
The code is located here and I will explain the problem
https:/
Here is the snippet
try:
with open(os.devnull, "w") as fnull:
except subprocess.
msg = "Fail to generate self-signed certificate to enable https."
raise exception.
with open(certificat
subprocess.
the openssl command is failing, but the 'sync' command called afterward is passing.
This means that the check_call is reporting 'success' and not reporting "Fail to generate self-signed certificate to enable https."
However the file was not actually created, so the following 'open' fails with the FileNotFound
In my opinion, we should call the sync on its own, if the first openssl call succeeds
Severity
--------
Minor
Steps to Reproduce
------------------
setup STD controller-0 (bootstrap, unlock)
source /etc/platform/
system modify --https_enabled true
Expected Behavior
------------------
It should have reported success
HTTPS enabled with a self-signed certificate.
This should be changed to a CA-signed certificate with 'system certificate-
Actual Behavior
----------------
It reported a weird file not found error.
Reproducibility
---------------
Seen Once
System Configuration
-------
STD
Branch/Pull Time/Commit
-------
Nov 3, 2022
Last Pass
---------
Never saw this problem before
Timestamp/Logs
--------------
Remote error: FileNotFoundError [Errno 2] No such file or directory: '/etc/ssl/
['Traceback (most recent call last):\n', ' File "/usr/lib/
Test Activity
-------------
Developer Testing
Workaround
----------
Run the command a second time.
| Changed in starlingx: | |
| status: | New → Triaged |
| importance: | Undecided → Low |
| tags: | added: stx.security |
| Changed in starlingx: | |
| status: | Triaged → In Progress |
| assignee: | nobody → Marcelo de Castro Loebens (mdecastr) |
| OpenStack Infra (hudson-openstack) wrote Fix merged to config (master) | #1 |
| Changed in starlingx: | |
| status: | In Progress → Fix Released |
| tags: | added: stx.8.0 |
Reviewed: https:/
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 313f2769554f5e8
Author: Marcelo de Castro Loebens <email address hidden>
Date: Mon Nov 14 13:28:30 2022 -0400
Avoid masking err while creating self-signed cert
Modified shell command to avoid succeeding in case of an error in
the creation of self-signed certificate for HTTPS, which leads into
a posterior failure to open the certificate and gives no precise way
for debugging.
Test Plan:
PASS: Enable https for the first time in the system. The command
should exhibit the system info with https_enabled set to "True",
plus a message "HTTPS enabled with a self-signed certificate.
This should be changed to a CA-signed certificate with 'system
Closes-Bug: 1995633
Signed-off-by: Marcelo de Castro Loebens <email address hidden>
Change-Id: Id54e9187b65c71