keystone charm does not use ssl_cert, ssl_key for configured SSL
Bug #1351401 reported by
David Ames
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
keystone (Juju Charms Collection) |
Fix Released
|
High
|
Edward Hope-Morley |
Bug Description
The keystone charm does not use ssl_cert, ssl_key and ssl_ca for configured SSL. Although these are in config.yaml.
Also it is unable to set a specific common name.
get_cert_and_key() uses the locally created CA and never checks the configured values for SSL.
charmhelpers contrib ha apache's get_cert() does the right thing
The goal is to be able to use an SSL cert (say from GoDaddy) and specify the domain (keystone.
Related branches
lp://qastaging/~hopem/charms/trusty/cinder/fix-ssl-inject
- Billy Olsen: Approve
-
Diff: 253 lines (+161/-3)5 files modifiedcharm-helpers-hooks.yaml (+1/-1)
hooks/charmhelpers/contrib/openstack/context.py (+59/-1)
hooks/charmhelpers/contrib/openstack/neutron.py (+70/-0)
hooks/charmhelpers/core/hookenv.py (+26/-0)
hooks/charmhelpers/core/host.py (+5/-1)
lp://qastaging/~hopem/charms/trusty/ceilometer/fix-ssl-inject
- Billy Olsen: Approve
-
Diff: 243 lines (+160/-2)4 files modifiedhooks/charmhelpers/contrib/openstack/context.py (+59/-1)
hooks/charmhelpers/contrib/openstack/neutron.py (+70/-0)
hooks/charmhelpers/core/hookenv.py (+26/-0)
hooks/charmhelpers/core/host.py (+5/-1)
lp://qastaging/~hopem/charms/trusty/glance/fix-ssl-inject
- Billy Olsen: Approve
-
Diff: 243 lines (+160/-2)4 files modifiedhooks/charmhelpers/contrib/openstack/context.py (+59/-1)
hooks/charmhelpers/contrib/openstack/neutron.py (+70/-0)
hooks/charmhelpers/core/hookenv.py (+26/-0)
hooks/charmhelpers/core/host.py (+5/-1)
lp://qastaging/~hopem/charms/trusty/nova-cloud-controller/fix-ssl-inject
Merged
into
lp://qastaging/~openstack-charmers-archive/charms/trusty/nova-cloud-controller/next
at
revision 145
- Billy Olsen: Approve
-
Diff: 243 lines (+160/-2)4 files modifiedhooks/charmhelpers/contrib/openstack/context.py (+59/-1)
hooks/charmhelpers/contrib/openstack/neutron.py (+70/-0)
hooks/charmhelpers/core/hookenv.py (+26/-0)
hooks/charmhelpers/core/host.py (+5/-1)
lp://qastaging/~hopem/charms/trusty/neutron-api/fix-ssl-inject
Merged
into
lp://qastaging/~openstack-charmers-archive/charms/trusty/neutron-api/next
at
revision 85
- Billy Olsen: Approve
-
Diff: 243 lines (+160/-2)4 files modifiedhooks/charmhelpers/contrib/openstack/context.py (+59/-1)
hooks/charmhelpers/contrib/openstack/neutron.py (+70/-0)
hooks/charmhelpers/core/hookenv.py (+26/-0)
hooks/charmhelpers/core/host.py (+5/-1)
lp://qastaging/~hopem/charms/trusty/swift-proxy/fix-ssl-inject
Merged
into
lp://qastaging/~openstack-charmers-archive/charms/trusty/swift-proxy/next
at
revision 85
- Billy Olsen: Approve
-
Diff: 243 lines (+160/-2)4 files modifiedhooks/charmhelpers/contrib/openstack/context.py (+59/-1)
hooks/charmhelpers/contrib/openstack/neutron.py (+70/-0)
hooks/charmhelpers/core/hookenv.py (+26/-0)
hooks/charmhelpers/core/host.py (+5/-1)
lp://qastaging/~hopem/charms/trusty/keystone/fix-ssl-inject
- Billy Olsen: Approve
-
Diff: 383 lines (+195/-18)6 files modifiedhooks/charmhelpers/contrib/openstack/context.py (+59/-1)
hooks/charmhelpers/contrib/openstack/neutron.py (+70/-0)
hooks/charmhelpers/core/hookenv.py (+26/-0)
hooks/charmhelpers/core/host.py (+5/-1)
hooks/keystone_context.py (+29/-15)
unit_tests/test_keystone_contexts.py (+6/-1)
lp://qastaging/~hopem/charm-helpers/fix-ssl-install-from-config
- Liam Young (community): Approve
- Billy Olsen: Approve
-
Diff: 96 lines (+36/-7)2 files modifiedcharmhelpers/contrib/openstack/context.py (+12/-1)
tests/contrib/openstack/test_os_contexts.py (+24/-6)
lp://qastaging/~billy-olsen/charm-helpers/backport-lp-1351401
- Liang Chen (community): Approve
- Edward Hope-Morley: Pending requested
- OpenStack Charmers: Pending requested
-
Diff: 96 lines (+36/-7)2 files modifiedcharmhelpers/contrib/openstack/context.py (+12/-1)
tests/contrib/openstack/test_os_contexts.py (+24/-6)
lp://qastaging/~billy-olsen/charms/trusty/keystone/backport-lp-1351401
- Liang Chen (community): Approve
- Edward Hope-Morley: Pending requested
- OpenStack Charmers: Pending requested
-
Diff: 168 lines (+47/-17)3 files modifiedhooks/charmhelpers/contrib/openstack/context.py (+12/-1)
hooks/keystone_context.py (+29/-15)
unit_tests/test_keystone_contexts.py (+6/-1)
tags: | added: openstack |
affects: | charms → keystone (Juju Charms Collection) |
tags: | added: is-bootstack |
tags: |
added: canonical-bootstack removed: is-bootstack |
tags: | added: cts |
Changed in keystone (Juju Charms Collection): | |
milestone: | none → 15.04 |
Changed in keystone (Juju Charms Collection): | |
assignee: | nobody → Liang Chen (cbjchen) |
Changed in keystone (Juju Charms Collection): | |
assignee: | Liang Chen (cbjchen) → Edward Hope-Morley (hopem) |
Changed in keystone (Juju Charms Collection): | |
assignee: | Edward Hope-Morley (hopem) → Liang Chen (cbjchen) |
tags: | added: backport-potential |
Changed in keystone (Juju Charms Collection): | |
status: | Triaged → In Progress |
Changed in keystone (Juju Charms Collection): | |
assignee: | Liang Chen (cbjchen) → Edward Hope-Morley (hopem) |
Changed in keystone (Juju Charms Collection): | |
status: | In Progress → Fix Committed |
Changed in keystone (Juju Charms Collection): | |
status: | Fix Committed → Fix Released |
Changed in keystone (Juju Charms Collection): | |
milestone: | 15.04 → 15.01 |
To post a comment you must log in.
Hi David
Right now provision for using specific common names is not present in the charm; any provided certificate would need to match the IP address of either the server itself, or the VIP if configured for HA.
Marking Confirmed for ignorance of configuration options - that does need fixing.