[Openstack-security] [Bug 1384626] Re: SSL certification verification failed when Heat calls Glanceclient with ca cert
Alan Pevec
1384626 at bugs.launchpad.net
Thu Dec 4 22:10:31 UTC 2014
** Changed in: heat/juno
Milestone: None => 2014.2.1
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1384626
Title:
SSL certification verification failed when Heat calls Glanceclient
with ca cert
Status in Orchestration API (Heat):
Fix Committed
Status in heat juno series:
Fix Committed
Bug description:
Glance server is configured Https.
Configured Heat with heat.conf
[clients_glance]
ca_file=<ca file path>
insecure=<false>
When trying to create stack, heat will raise exception during heat to load image data.
[Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
The root cause is that: ca_file as below is a wrong argument to
initialize the glance client, it should be cacert which is supported
arguments by glanceclient.
class GlanceClientPlugin(client_plugin.ClientPlugin):
exceptions_module = exc
def _create(self):
con = self.context
endpoint_type = self._get_client_option('glance', 'endpoint_type')
endpoint = self.url_for(service_type='image',
endpoint_type=endpoint_type)
args = {
'auth_url': con.auth_url,
'service_type': 'image',
'project_id': con.tenant,
'token': self.auth_token,
'endpoint_type': endpoint_type,
'ca_file': self._get_client_option('glance', 'ca_file'),
'cert_file': self._get_client_option('glance', 'cert_file'),
'key_file': self._get_client_option('glance', 'key_file'),
'insecure': self._get_client_option('glance', 'insecure')
To manage notifications about this bug go to:
https://bugs.launchpad.net/heat/+bug/1384626/+subscriptions
More information about the Openstack-security
mailing list