OpenStack Compute (nova)

Bug #1752152
Comment #8

Comment 8 for bug 1752152

Revision history for this message

Divya K Konoor (dikonoor) wrote on 2018-03-28:

mriedem, I am using Queens and the url used is https. The request library by default does secure communication unless specified otherwise.

https://github.com/openstack/python-cinderclient/blob/3.5.0/cinderclient/client.py#L109

response = requests.get(version_url)

So in any case where a https url used and the certificate is not specified (in cases where the root certificate is not present at the client making the call), this is going to complain saying certificate verify failed.

So the above line of code in cinderclient should be fixed simply because it does not provide an option for the sys admin to either specify the certificate path or say the call has to be insecure.

The nova.conf [cinder] section has the following options, which can be utilized while connecting to the URL specified in the same section:

#catalog_info = volumev3:cinderv3:publicURL

# PEM encoded Certificate Authority to use when verifying HTTPs connections.
# (string value)
#cafile = <None>

# PEM encoded client certificate cert file (string value)
#certfile = <None>

# PEM encoded client certificate key file (string value)
#keyfile = <None>

# Verify HTTPS connections. (boolean value)
#insecure = false