** Description changed:
- E.g. radosgw charm fails, when self-signed SSL certificate has IP
- address only (not hostname based).
+ [Impact]
+
+ [Test Case]
+
+
+ [Regression Potential]
+
+ [Original Bug Report]
+ E.g. radosgw charm fails, when self-signed SSL certificate has IP address
only (not hostname based).
2019-02-06 13:05:46 DEBUG identity-service-relation-changed Traceback (most
recent call last):
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/identity-service-relation-changed",
line 400, in <module>
2019-02-06 13:05:46 DEBUG identity-service-relation-changed
hooks.execute(sys.argv)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/charmhelpers/core/hookenv.py",
line 800, in execute
2019-02-06 13:05:46 DEBUG identity-service-relation-changed
self._hooks[hook_name]()
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/charmhelpers/contrib/openstack/utils.py",
line 1891, in wrapped_f
2019-02-06 13:05:46 DEBUG identity-service-relation-changed
restart_functions)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/charmhelpers/core/host.py",
line 730, in restart_on_change_helper
2019-02-06 13:05:46 DEBUG identity-service-relation-changed r = lambda_f()
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/charmhelpers/contrib/openstack/utils.py",
line 1890, in <lambda>
2019-02-06 13:05:46 DEBUG identity-service-relation-changed (lambda:
f(*args, **kwargs)), restart_map, stopstart,
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/identity-service-relation-changed",
line 245, in identity_changed
2019-02-06 13:05:46 DEBUG identity-service-relation-changed
configure_https()
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/identity-service-relation-changed",
line 389, in configure_https
2019-02-06 13:05:46 DEBUG identity-service-relation-changed
setup_keystone_certs(CONFIGS)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/utils.py", line 356, in
_inner2_defer_if_unavailable
2019-02-06 13:05:46 DEBUG identity-service-relation-changed return
f(*args, **kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/utils.py", line 496, in
setup_keystone_certs
2019-02-06 13:05:46 DEBUG identity-service-relation-changed
get_ks_ca_cert(ksclient, auth_endpoint, certs_path)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/utils.py", line 356, in
_inner2_defer_if_unavailable
2019-02-06 13:05:46 DEBUG identity-service-relation-changed return
f(*args, **kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/utils.py", line 414, in
get_ks_ca_cert
2019-02-06 13:05:46 DEBUG identity-service-relation-changed ca_cert =
get_ks_cert(ksclient, auth_endpoint, 'ca')
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/utils.py", line 356, in
_inner2_defer_if_unavailable
2019-02-06 13:05:46 DEBUG identity-service-relation-changed return
f(*args, **kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/utils.py", line 384, in
get_ks_cert
2019-02-06 13:05:46 DEBUG identity-service-relation-changed cert =
ksclient.certificates.get_ca_certificate()
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/usr/lib/python2.7/dist-packages/keystoneclient/v2_0/certificates.py", line
29, in get_ca_certificate
2019-02-06 13:05:46 DEBUG identity-service-relation-changed resp, body =
self._client.get('/certificates/ca', authenticated=False)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/usr/lib/python2.7/dist-packages/keystoneauth1/adapter.py", line 173, in get
2019-02-06 13:05:46 DEBUG identity-service-relation-changed return
self.request(url, 'GET', **kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/usr/lib/python2.7/dist-packages/keystoneauth1/adapter.py", line 331, in
request
2019-02-06 13:05:46 DEBUG identity-service-relation-changed resp =
super(LegacyJsonAdapter, self).request(*args, **kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/usr/lib/python2.7/dist-packages/keystoneauth1/adapter.py", line 98, in request
2019-02-06 13:05:46 DEBUG identity-service-relation-changed return
self.session.request(url, method, **kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/usr/lib/python2.7/dist-packages/positional/__init__.py", line 94, in inner
2019-02-06 13:05:46 DEBUG identity-service-relation-changed return
func(*args, **kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/usr/lib/python2.7/dist-packages/keystoneclient/session.py", line 405, in
request
2019-02-06 13:05:46 DEBUG identity-service-relation-changed resp =
send(**kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/usr/lib/python2.7/dist-packages/keystoneclient/session.py", line 443, in
_send_request
2019-02-06 13:05:46 DEBUG identity-service-relation-changed raise
exceptions.SSLError(msg)
- 2019-02-06 13:05:46 DEBUG identity-service-relation-changed
keystoneauth1.exceptions.connection.SSLError: SSL exception connecting to
https://100.86.0.2:35357/v2.0/certificates/ca: hostname '100.86.0.2' doesn't
+ 2019-02-06 13:05:46 DEBUG identity-service-relation-changed
keystoneauth1.exceptions.connection.SSLError: SSL exception connecting to
https://100.86.0.2:35357/v2.0/certificates/ca: hostname '100.86.0.2' doesn't
match '100.86.0.2'
** Description changed:
[Impact]
-
+ Bug 1771988 introduced a fix to support IP based SAN's in certificates;
however the required new dependency (python-ipaddress) was not added to the
Recommends of the package. This really only impacts on trusty deployments as
on xenial python-ipaddress is installed indirectly via another dependency.
[Test Case]
-
+ apt install python-urllib3
+ python-ipaddress is not installed, certs with IP based SAN's won't verify
correctly.
[Regression Potential]
+ Minimal - extra package installed on upgrades or install of urllib3
[Original Bug Report]
E.g. radosgw charm fails, when self-signed SSL certificate has IP address
only (not hostname based).
2019-02-06 13:05:46 DEBUG identity-service-relation-changed Traceback (most
recent call last):
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/identity-service-relation-changed",
line 400, in <module>
2019-02-06 13:05:46 DEBUG identity-service-relation-changed
hooks.execute(sys.argv)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/charmhelpers/core/hookenv.py",
line 800, in execute
2019-02-06 13:05:46 DEBUG identity-service-relation-changed
self._hooks[hook_name]()
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/charmhelpers/contrib/openstack/utils.py",
line 1891, in wrapped_f
2019-02-06 13:05:46 DEBUG identity-service-relation-changed
restart_functions)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/charmhelpers/core/host.py",
line 730, in restart_on_change_helper
2019-02-06 13:05:46 DEBUG identity-service-relation-changed r = lambda_f()
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/charmhelpers/contrib/openstack/utils.py",
line 1890, in <lambda>
2019-02-06 13:05:46 DEBUG identity-service-relation-changed (lambda:
f(*args, **kwargs)), restart_map, stopstart,
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/identity-service-relation-changed",
line 245, in identity_changed
2019-02-06 13:05:46 DEBUG identity-service-relation-changed
configure_https()
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/identity-service-relation-changed",
line 389, in configure_https
2019-02-06 13:05:46 DEBUG identity-service-relation-changed
setup_keystone_certs(CONFIGS)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/utils.py", line 356, in
_inner2_defer_if_unavailable
2019-02-06 13:05:46 DEBUG identity-service-relation-changed return
f(*args, **kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/utils.py", line 496, in
setup_keystone_certs
2019-02-06 13:05:46 DEBUG identity-service-relation-changed
get_ks_ca_cert(ksclient, auth_endpoint, certs_path)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/utils.py", line 356, in
_inner2_defer_if_unavailable
2019-02-06 13:05:46 DEBUG identity-service-relation-changed return
f(*args, **kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/utils.py", line 414, in
get_ks_ca_cert
2019-02-06 13:05:46 DEBUG identity-service-relation-changed ca_cert =
get_ks_cert(ksclient, auth_endpoint, 'ca')
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/utils.py", line 356, in
_inner2_defer_if_unavailable
2019-02-06 13:05:46 DEBUG identity-service-relation-changed return
f(*args, **kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/utils.py", line 384, in
get_ks_cert
2019-02-06 13:05:46 DEBUG identity-service-relation-changed cert =
ksclient.certificates.get_ca_certificate()
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/usr/lib/python2.7/dist-packages/keystoneclient/v2_0/certificates.py", line
29, in get_ca_certificate
2019-02-06 13:05:46 DEBUG identity-service-relation-changed resp, body =
self._client.get('/certificates/ca', authenticated=False)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/usr/lib/python2.7/dist-packages/keystoneauth1/adapter.py", line 173, in get
2019-02-06 13:05:46 DEBUG identity-service-relation-changed return
self.request(url, 'GET', **kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/usr/lib/python2.7/dist-packages/keystoneauth1/adapter.py", line 331, in
request
2019-02-06 13:05:46 DEBUG identity-service-relation-changed resp =
super(LegacyJsonAdapter, self).request(*args, **kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/usr/lib/python2.7/dist-packages/keystoneauth1/adapter.py", line 98, in request
2019-02-06 13:05:46 DEBUG identity-service-relation-changed return
self.session.request(url, method, **kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/usr/lib/python2.7/dist-packages/positional/__init__.py", line 94, in inner
2019-02-06 13:05:46 DEBUG identity-service-relation-changed return
func(*args, **kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/usr/lib/python2.7/dist-packages/keystoneclient/session.py", line 405, in
request
2019-02-06 13:05:46 DEBUG identity-service-relation-changed resp =
send(**kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/usr/lib/python2.7/dist-packages/keystoneclient/session.py", line 443, in
_send_request
2019-02-06 13:05:46 DEBUG identity-service-relation-changed raise
exceptions.SSLError(msg)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed
keystoneauth1.exceptions.connection.SSLError: SSL exception connecting to
https://100.86.0.2:35357/v2.0/certificates/ca: hostname '100.86.0.2' doesn't
match '100.86.0.2'
** Description changed:
[Impact]
- Bug 1771988 introduced a fix to support IP based SAN's in certificates;
however the required new dependency (python-ipaddress) was not added to the
Recommends of the package. This really only impacts on trusty deployments as
on xenial python-ipaddress is installed indirectly via another dependency.
+ Bug 1771988 introduced a fix to support IP based SAN's in certificates;
however the required new dependency (python-ipaddress) was not added to the
Recommends of the package which was an oversight of the original SRU. This
really only impacts on trusty deployments as on xenial python-ipaddress is
installed indirectly via another dependency.
[Test Case]
apt install python-urllib3
python-ipaddress is not installed, certs with IP based SAN's won't verify
correctly.
[Regression Potential]
Minimal - extra package installed on upgrades or install of urllib3
[Original Bug Report]
E.g. radosgw charm fails, when self-signed SSL certificate has IP address
only (not hostname based).
2019-02-06 13:05:46 DEBUG identity-service-relation-changed Traceback (most
recent call last):
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/identity-service-relation-changed",
line 400, in <module>
2019-02-06 13:05:46 DEBUG identity-service-relation-changed
hooks.execute(sys.argv)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/charmhelpers/core/hookenv.py",
line 800, in execute
2019-02-06 13:05:46 DEBUG identity-service-relation-changed
self._hooks[hook_name]()
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/charmhelpers/contrib/openstack/utils.py",
line 1891, in wrapped_f
2019-02-06 13:05:46 DEBUG identity-service-relation-changed
restart_functions)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/charmhelpers/core/host.py",
line 730, in restart_on_change_helper
2019-02-06 13:05:46 DEBUG identity-service-relation-changed r = lambda_f()
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/charmhelpers/contrib/openstack/utils.py",
line 1890, in <lambda>
2019-02-06 13:05:46 DEBUG identity-service-relation-changed (lambda:
f(*args, **kwargs)), restart_map, stopstart,
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/identity-service-relation-changed",
line 245, in identity_changed
2019-02-06 13:05:46 DEBUG identity-service-relation-changed
configure_https()
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/identity-service-relation-changed",
line 389, in configure_https
2019-02-06 13:05:46 DEBUG identity-service-relation-changed
setup_keystone_certs(CONFIGS)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/utils.py", line 356, in
_inner2_defer_if_unavailable
2019-02-06 13:05:46 DEBUG identity-service-relation-changed return
f(*args, **kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/utils.py", line 496, in
setup_keystone_certs
2019-02-06 13:05:46 DEBUG identity-service-relation-changed
get_ks_ca_cert(ksclient, auth_endpoint, certs_path)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/utils.py", line 356, in
_inner2_defer_if_unavailable
2019-02-06 13:05:46 DEBUG identity-service-relation-changed return
f(*args, **kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/utils.py", line 414, in
get_ks_ca_cert
2019-02-06 13:05:46 DEBUG identity-service-relation-changed ca_cert =
get_ks_cert(ksclient, auth_endpoint, 'ca')
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/utils.py", line 356, in
_inner2_defer_if_unavailable
2019-02-06 13:05:46 DEBUG identity-service-relation-changed return
f(*args, **kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/var/lib/juju/agents/unit-radosgw-int-0/charm/hooks/utils.py", line 384, in
get_ks_cert
2019-02-06 13:05:46 DEBUG identity-service-relation-changed cert =
ksclient.certificates.get_ca_certificate()
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/usr/lib/python2.7/dist-packages/keystoneclient/v2_0/certificates.py", line
29, in get_ca_certificate
2019-02-06 13:05:46 DEBUG identity-service-relation-changed resp, body =
self._client.get('/certificates/ca', authenticated=False)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/usr/lib/python2.7/dist-packages/keystoneauth1/adapter.py", line 173, in get
2019-02-06 13:05:46 DEBUG identity-service-relation-changed return
self.request(url, 'GET', **kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/usr/lib/python2.7/dist-packages/keystoneauth1/adapter.py", line 331, in
request
2019-02-06 13:05:46 DEBUG identity-service-relation-changed resp =
super(LegacyJsonAdapter, self).request(*args, **kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/usr/lib/python2.7/dist-packages/keystoneauth1/adapter.py", line 98, in request
2019-02-06 13:05:46 DEBUG identity-service-relation-changed return
self.session.request(url, method, **kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/usr/lib/python2.7/dist-packages/positional/__init__.py", line 94, in inner
2019-02-06 13:05:46 DEBUG identity-service-relation-changed return
func(*args, **kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/usr/lib/python2.7/dist-packages/keystoneclient/session.py", line 405, in
request
2019-02-06 13:05:46 DEBUG identity-service-relation-changed resp =
send(**kwargs)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed File
"/usr/lib/python2.7/dist-packages/keystoneclient/session.py", line 443, in
_send_request
2019-02-06 13:05:46 DEBUG identity-service-relation-changed raise
exceptions.SSLError(msg)
2019-02-06 13:05:46 DEBUG identity-service-relation-changed
keystoneauth1.exceptions.connection.SSLError: SSL exception connecting to
https://100.86.0.2:35357/v2.0/certificates/ca: hostname '100.86.0.2' doesn't
match '100.86.0.2'
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1814911
Title:
charm deployment fails, when using self-signed certificate, which has
IP address only (SAN)
To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-helpers/+bug/1814911/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
