zaqar websocket SSL cert name is hardcoded
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Juan Antonio Osorio Robles |
Bug Description
in bug 1791970 / https:/
Per https:/
However, when I go to introspect nodes, I get the stack trace described in bug 1791970:
Could not establish a connection to the Zaqar websocket. The command was sent but the answer could not be read.
# ...
File "/usr/lib64/
self.
SSLError: [SSL: CERTIFICATE_
to repair this, I just copy the undercloud-
[root@undercloud-0 ~]# cd /etc/pki/
[root@undercloud-0 anchors]# ls
cm-local-ca.pem undercloud-
[root@undercloud-0 anchors]# cp cm-local-ca.pem cm-local-
[root@undercloud-0 anchors]# cp undercloud-
cp: overwrite ‘cm-local-ca.pem’? y
I'm not sure how this should work, if tripleo is doing the wrong thing or if infrared is but it seems one side or the other needs to be changed.
Changed in tripleo: | |
status: | New → Triaged |
importance: | Undecided → High |
milestone: | none → stein-3 |
tags: | added: queens-backport-potential |
It seems like a new parameter undercloud_ service_ ca_certificate should be created to allow an operator to change the CA cert path (here infrared).