On 2/9/2015 5:40 PM, Andrew Lazarev wrote:
Hi Nova experts,
Some time ago I figured out that devstack fails to stack with
USE_SSL=True option because it doesn't configure nova to work with
secured glace [1]. Support of secured glance was added to nova in Juno
cycle [2], but it looks strange for me.
Glance client takes settings form '[ssl]' section. The same section is
used to set up nova server SSL settings. Other clients have separate
sections in the config file (and switching to session use now), e.g.
related code for cinder - [3].
I've created quick fix for the devstack - [4], but it would be nice to
shed a light on nova plans around glance config before merging a
workaround for devstack.
So, the questions are:
1. Is it normal that glance client reads from '[ssl]' config section?
2. Is there a plan to move glance client to sessions use and move
corresponding config section to '[glance]'?
3. Are any plans to run CI for USE_SSL=True use case?
[1] - https://bugs.launchpad.net/devstack/+bug/1405484
[2] - https://review.openstack.org/#/c/72974
[3] -
https://github.com/openstack/nova/blob/2015.1.0b2/nova/volume/cinder.py#L73
[4] - https://review.openstack.org/#/c/153737
Thanks,
Andrew.
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
This came up in another -dev thread at one point which prompted a series
from Matthew Gilliard [1] to use [ssl] globally or project-specific
options since both glance and keystone are currently getting their ssl
options from the global [ssl] group in nova right now.
I've been a bad citizen and haven't gotten back to the series review yet.
[1]
https://review.openstack.org/#/q/status:open+project:openstack/nova+branch:master+topic:ssl-config-options,n,z
--
Thanks,
Matt Riedemann
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
