[openstack-dev] [containers][magnum] Make certs insecure in magnum drivers

Adrian Otto adrian.otto at rackspace.com
Fri Feb 10 21:46:36 UTC 2017


What I’d like to see in this case is to use secure connections by default, and to make workarounds for self signed certificates or other optional workarounds for those who need them. I would have voted against patch set 383493. It’s also not linked to a bug ticket, which we normally require prior to merge. I’ll see if I can track down the author to see about fixing this properly, or if there is a volunteer to do this better, I’m open to that too.

Adrian

> On Feb 10, 2017, at 2:05 AM, Kevin Lefevre <lefevre.kevin at gmail.com> wrote:
> 
> Hi,
> 
> This change (https://review.openstack.org/#/c/383493/) makes certificates request to magnum_api insecure since is a common use case.
> 
> In swarm drivers, the make-cert.py script is in python whereas in K8s for CoreOS and Atomic, it is a shell script.
> 
> I wanted to make the change (https://review.openstack.org/#/c/430755/) but it gets flagged by bandit because of python requests pacakage insecure TLS.
> 
> I know that we should supports Custom CA in the futur but if right now (and according to the previous merged change) insecure request are by default, what should we do ?
> 
> Do we disable bandit for the the swarm drivers ? Or do you use the same scripts (and keep it as simple as possible) for all the drivers, possibly without python as it is not included in CoreOS.
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



More information about the OpenStack-dev mailing list