[Openstack-security] [Bug 1561796] Re: ironic driver does not support ssl cafile
OpenStack Infra
1561796 at bugs.launchpad.net
Tue Mar 29 11:19:36 UTC 2016
Reviewed: https://review.openstack.org/297467
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=0230edd708eb961ad6f9afb88a778fe03320bf3e
Submitter: Jenkins
Branch: master
commit 0230edd708eb961ad6f9afb88a778fe03320bf3e
Author: Devananda van der Veen <devananda.vdv at gmail.com>
Date: Thu Mar 24 17:00:26 2016 -0700
Allow ironic driver to specify cafile
This patch adds a config option to the [ironic] group, allowing the
operator to specify a cacert file with which to connect to the
ironic-api service.
This corresponds with the way encrypted connections to other OpenStack
services are configured.
Change-Id: Ice1d6c3f6fc911c4f35fe0283e3d1e9dd8b0e1a7
Closes-bug: #1561796
** Changed in: nova
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1561796
Title:
ironic driver does not support ssl cafile
Status in OpenStack Compute (nova):
Fix Released
Bug description:
Even though Ironic's python client supports SSL encrypted connections
to the ironic service, and securing intra-service connections is a
recommended practice, the nova.virt.Ironic driver currently lacks an
option to specify a custom CA Certificate for validating the SSL
connection to the Ironic service.
On the other hand, other OpenStack services which Nova connects to
(eg, Glance, Neutron...) have support for this via a service-specific
"cafile" config option.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1561796/+subscriptions
More information about the Openstack-security
mailing list