allow an operator to provide a CA Cert for Trove Controller: support self-signed certificates on the openstack controller

Bug #1539182 reported by Amrith Kumar
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack DBaaS (Trove)
New
Undecided
Unassigned

Bug Description

Currently there's no way to provide the cacert to trove controller (and guest) so that self-signed certificates can be used.

Revision history for this message
Amrith Kumar (amrith) wrote :

Consider a scenario where an operator uses a self-signed certificate for their Nova, Cinder, Swift, Glance, ... service end points.

Then, if a client wants to connect to them on https:// and verify the identity etc as SSL requires, then they would need a CA Cert. Currently Trove controller has no way to use this, and it isn't just the 3 trove services but also the guest.

A blueprint on this will be forthcoming.

Revision history for this message
György Szombathelyi (gyurco) wrote :

I did something similar for cinder (keystoneclient in this case, but other clients have the cacert option, too):
https://review.openstack.org/#/c/272437/

Revision history for this message
Amrith Kumar (amrith) wrote :

@György there's a little bit more complexity in Trove because of the guest agent. Hence the BP.

Revision history for this message
György Szombathelyi (gyurco) wrote :

Yes, you're right, I forgot about it.

Amrith Kumar (amrith)
Changed in trove:
assignee: Amrith Kumar (amrith) → nobody
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers