[Openstack-operators] Kilo upgrade challenges

Clark Boylan cboylan at sapwetik.org
Thu Nov 12 18:32:56 UTC 2015

On Thu, Nov 12, 2015, at 07:54 AM, Mike Dorman wrote:
> We’ve run into this, too, and it’s been a frustration for a while.  No
> way to tell python-requests to use a different cacert file (that I know
> of), and (at least in the packaging we use), the packaged cacert.pem file
> isn’t marked as a configuration file, meaning that it gets overwritten
> any time the package is upgraded.
After a quick chat on IRC with one of the requests devs [0] I found you
can set CURL_CA_BUNDLE and REQUESTS_CA_BUNDLE environment variables to
set a non default path. That is documented at [1].

It was also mentioned that if writing the code yourself you can pass the
bundle in directly. If OpenStack projects don't currently accept this as
a config option it probably makes sense to file bugs and/or add one for
this (yay another config option).


Hope this helps,

More information about the OpenStack-operators mailing list