[Openstack-security] [Bug 1284242] Re: apache2 image element requires ssl-certs on ubuntu

Robert Collins 1284242 at bugs.launchpad.net
Wed Feb 26 12:16:49 UTC 2014 

Actually, I'd argue the bug is that we're trying to make snakeoil
certificates. We should pass in the certificate needed to the machines
that need it, as snakeoil is never the right production answer. Tests
can make snakeoil certs on the jenkins slave.

** Changed in: tripleo
       Status: New => Triaged

** Changed in: tripleo
   Importance: Undecided => High

** Tags added: security ssl

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1284242

Title:
  apache2 image element requires ssl-certs on ubuntu

Status in tripleo - openstack on openstack:
  Triaged

Bug description:
  From os-collect-config log file on an image booted from devtest:

  'make-ssl-cert: command not found'

  $ dpkg -S /usr/sbin/make-ssl-cert
  ssl-cert: /usr/sbin/make-ssl-cert

  [2014-02-24 17:47:49,629] (os-refresh-config) [INFO] Starting phase post-configure
  dib-run-parts Mon Feb 24 17:47:49 UTC 2014 Running /opt/stack/os-config-refresh/post-configure.d/15-apache2
  + '[' -f /etc/debian_version ']'
  + openssl_cmd=openssl
  + cert_create_cmd='make-ssl-cert generate-default-snakeoil --force-overwrite'
  + snakeoil_pem_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
  + '[' -f /etc/ssl/certs/ssl-cert-snakeoil.pem ']'
  + cert_chk_cmd='openssl x509 -noout -in /etc/ssl/certs/ssl-cert-snakeoil.pem'
  + exit_error=0
  ++ openssl x509 -noout -in /etc/ssl/certs/ssl-cert-snakeoil.pem
  unable to load certificate
  3073526024:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
  + cmd_run=
  + exit_error=1
  + '[' 1 -ne 0 ']'
  + exit_error=0
  ++ make-ssl-cert generate-default-snakeoil --force-overwrite
  /opt/stack/os-config-refresh/post-configure.d/15-apache2: line 16: make-ssl-cert: command not found
  + cmd_run=
  + exit_error=1
  + '[' 1 -eq 0 ']'
  + '[' 1 -ne 0 ']'
  + echo 'Error encountered setting up SSL (exit_error=1)'
  Error encountered setting up SSL (exit_error=1)
  + '[' -f /etc/debian_version ']'
  + service apache2 reload
   * Reloading web server apache2       ^[[80G  ^[[31m*^[[39;49m
   ^[[33m*^[[39;49m Apache2 is not running

To manage notifications about this bug go to:
https://bugs.launchpad.net/tripleo/+bug/1284242/+subscriptions

More information about the Openstack-security mailing list