apache2 image element requires ssl-certs on ubuntu
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| tripleo |
Won't Fix
|
High
|
Unassigned | ||
Bug Description
From os-collect-config log file on an image booted from devtest:
'make-ssl-cert: command not found'
$ dpkg -S /usr/sbin/
ssl-cert: /usr/sbin/
[2014-02-24 17:47:49,629] (os-refresh-config) [INFO] Starting phase post-configure
dib-run-parts Mon Feb 24 17:47:49 UTC 2014 Running /opt/stack/
+ '[' -f /etc/debian_version ']'
+ openssl_cmd=openssl
+ cert_create_
+ snakeoil_
+ '[' -f /etc/ssl/
+ cert_chk_
+ exit_error=0
++ openssl x509 -noout -in /etc/ssl/
unable to load certificate
3073526024:
+ cmd_run=
+ exit_error=1
+ '[' 1 -ne 0 ']'
+ exit_error=0
++ make-ssl-cert generate-
/opt/stack/
+ cmd_run=
+ exit_error=1
+ '[' 1 -eq 0 ']'
+ '[' 1 -ne 0 ']'
+ echo 'Error encountered setting up SSL (exit_error=1)'
Error encountered setting up SSL (exit_error=1)
+ '[' -f /etc/debian_version ']'
+ service apache2 reload
* Reloading web server apache2 ^[[80G ^[[31m*^[[39;49m
^[[33m*^[[39;49m Apache2 is not running
| Robert Collins (lifeless) wrote | #1 |
| Changed in tripleo: | |
| status: | New → Triaged |
| importance: | Undecided → High |
| tags: | added: security ssl |
| Ben Nemec (bnemec) wrote | #2 |
| Changed in tripleo: | |
| status: | Triaged → Won't Fix |
Actually, I'd argue the bug is that we're trying to make snakeoil certificates. We should pass in the certificate needed to the machines that need it, as snakeoil is never the right production answer. Tests can make snakeoil certs on the jenkins slave.