[Openstack-operators] Kilo upgrade challenges
Clark Boylan
cboylan at sapwetik.org
Thu Nov 12 18:32:56 UTC 2015
On Thu, Nov 12, 2015, at 07:54 AM, Mike Dorman wrote:
> We’ve run into this, too, and it’s been a frustration for a while. No
> way to tell python-requests to use a different cacert file (that I know
> of), and (at least in the packaging we use), the packaged cacert.pem file
> isn’t marked as a configuration file, meaning that it gets overwritten
> any time the package is upgraded.
>
After a quick chat on IRC with one of the requests devs [0] I found you
can set CURL_CA_BUNDLE and REQUESTS_CA_BUNDLE environment variables to
set a non default path. That is documented at [1].
It was also mentioned that if writing the code yourself you can pass the
bundle in directly. If OpenStack projects don't currently accept this as
a config option it probably makes sense to file bugs and/or add one for
this (yay another config option).
[0]
http://eavesdrop.openstack.org/irclogs/%23openstack-infra/%23openstack-infra.2015-11-12.log.html#t2015-11-12T18:20:05
[1]
http://docs.python-requests.org/en/latest/user/advanced/?highlight=ca_bundle#ssl-cert-verification
Hope this helps,
Clark
More information about the OpenStack-operators
mailing list