On 2/9/2015 5:40 PM, Andrew Lazarev wrote:
Hi Nova experts,

Some time ago I figured out that devstack fails to stack with
USE_SSL=True option because it doesn't configure nova to work with
secured glace [1]. Support of secured glance was added to nova in Juno
cycle [2], but it looks strange for me.

Glance client takes settings form '[ssl]' section. The same section is
used to set up nova server SSL settings. Other clients have separate
sections in the config file (and switching to session use now),  e.g.
related code for cinder - [3].

I've created quick fix for the devstack - [4], but it would be nice to
shed a light on nova plans around glance config before merging a
workaround for devstack.

So, the questions are:
1. Is it normal that glance client reads from '[ssl]' config section?
2. Is there a plan to move glance client to sessions use and move
corresponding config section to '[glance]'?
3. Are any plans to run CI for USE_SSL=True use case?

[1] - https://bugs.launchpad.net/devstack/+bug/1405484
[2] - https://review.openstack.org/#/c/72974
[3] -
https://github.com/openstack/nova/blob/2015.1.0b2/nova/volume/cinder.py#L73
[4] - https://review.openstack.org/#/c/153737

Thanks,
Andrew.


__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


This came up in another -dev thread at one point which prompted a series from Matthew Gilliard [1] to use [ssl] globally or project-specific options since both glance and keystone are currently getting their ssl options from the global [ssl] group in nova right now.

I've been a bad citizen and haven't gotten back to the series review yet.

[1] https://review.openstack.org/#/q/status:open+project:openstack/nova+branch:master+topic:ssl-config-options,n,z

--

Thanks,

Matt Riedemann


__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to