OpenStack DBaaS (Trove)

Trove doesn't work with Keystone that accepts HTTPS connections

Bug #1293826 reported by Giuseppe Galeota on 2014-03-17

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack DBaaS (Trove)	In Progress	Low	Unassigned

Bug Description

If Keystone accepts only HTTPS connections, the trove-taskmanager provides the following error while validate the CA_file.pem:

WARNING keystoneclient.middleware.auth_token [-] Retrying on HTTP connection exception:[Errno 1] _ssl.c:504:error:14090086:SSLroutines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

In order to validate CA_file.pem of Keystone, we should modify:

* the $TROVE_PATH/trove/trove/common/remote.py file into rows 45 (NOVA) and 65 (CINDER), adding the cacert="/path/to/your/file.pem" ad last parameter in the .Client() function:

client = Client(context.user, context.auth_token, project_id=context.tenant,auth_url=PROXY_AUTH_URL,cacert="/path/to/your/file.pem")

* the /usr/local/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py in the rows 720 and 725:

720: print('#####self.ssl_ca_file', self.ssl_ca_file)
725: kwargs['verify'] = '/path/to/your/file.pem'

See original description

Giuseppe Galeota (giuseppegaleota) on 2014-03-17

description:

updated

Giuseppe Galeota (giuseppegaleota) on 2014-03-17

description:

updated

Revision history for this message

Michael Basnight (hubcap) wrote on 2014-03-18:

The description has the info needed to fix this. thx giuseppe!

Changed in trove:
importance:	Undecided → Low
status:	New → Triaged

sai krishna (krishna1256) on 2014-03-19

Changed in trove:
assignee:	nobody → sai krishna (krishna1256)
status:	Triaged → In Progress

Denis M. (dmakogon) on 2014-03-26

description:

updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-04-01: Fix proposed to trove (master)

Fix proposed to branch: master
Review: https://review.openstack.org/84484

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-05-29: Change abandoned on trove (master)

Change abandoned by Nikhil Manchanda (<email address hidden>) on branch: master
Review: https://review.openstack.org/84484
Reason: Review clean up.

Abandoning since the last update > 5 weeks ago.

Please restore if patch is still in progress.

sai krishna (krishna1256) on 2015-02-01

Changed in trove:
assignee:	sai krishna (krishna1256) → nobody

Revision history for this message

Matthew Taylor (matthew-taylor-f) wrote on 2015-07-07:

Is this still being looked after? It is still an issue in Kilo with SSL enabled on services.

Revision history for this message

Amrith Kumar (amrith) wrote on 2015-11-13:

To check if this is still an issue

Changed in trove:
assignee:	nobody → Amrith (amrith)

Amrith Kumar (amrith) on 2017-09-28

Changed in trove:
assignee:	Amrith Kumar (amrith) → nobody

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.