Juju Charms Collection
keystone package

Keystone certs need to sync during ha cluster

Bug #1317782 reported by Xiang Hui
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
keystone (Juju Charms Collection)
Fix Released
Critical
Edward Hope-Morley
Juju Charms Collection 15.01

Bug Description

Version : icehouse
Location : http://bazaar.launchpad.net/~openstack-charmers/charms/precise/keystone/icehouse/

Set up two keystone vms with Vip/SSL using juju commands, after instances are started, keystone request could get success results every few times.

after investigating, the reason is due to every keystone server generate different certificates from peers including root_ca/intermediate_ca/signed_ca, but the keystone client could specified only one ca_bundle, so when the correct signed certificate by this ca_bundle verified, the keystone request can get OK.

See original description
Tags: openstack cts

Related branches

lp://staging/~xianghui/charm-helpers/fix-keystone-ssl-part-1
James Page: Approve
Edward Hope-Morley: Approve
Diff: 191 lines (+89/-22)
2 files modified
charmhelpers/contrib/unison/__init__.py (+21/-14)
tests/contrib/unison/test_unison.py (+68/-8)
lp://staging/~hopem/charms/trusty/keystone/fix-ssl-cert-sync
Liam Young (community): Approve
Ryan Beisner (community): Approve
Diff: 1821 lines (+937/-202)
7 files modified
README.md (+46/-10)
hooks/keystone_context.py (+45/-8)
hooks/keystone_hooks.py (+180/-66)
hooks/keystone_ssl.py (+43/-14)
hooks/keystone_utils.py (+443/-50)
unit_tests/test_keystone_hooks.py (+178/-50)
unit_tests/test_keystone_utils.py (+2/-4)
lp://staging/~openstack-charm-testers/+junk/keystone-ssl
Xiang Hui (xianghui)
Changed in keystone (Juju Charms Collection):
assignee: nobody → Xiang Hui (xianghui)
description: updated
summary: - Keystone certs need to be sync during ha cluster
+ Keystone certs need to sync during ha cluster
Xiang Hui (xianghui)
description: updated
Xiang Hui (xianghui)
Changed in keystone (Juju Charms Collection):
status: New → In Progress
Edward Hope-Morley (hopem)
tags: added: openstack
Edward Hope-Morley (hopem)
tags: added: cts
Xiang Hui (xianghui)
Changed in keystone (Juju Charms Collection):
importance: Undecided → High
Edward Hope-Morley (hopem)
Changed in keystone (Juju Charms Collection):
importance: High → Critical
Edward Hope-Morley (hopem)
Changed in keystone (Juju Charms Collection):
assignee: Xiang Hui (xianghui) → Edward Hope-Morley (hopem)
Edward Hope-Morley (hopem)
Changed in keystone (Juju Charms Collection):
status: In Progress → Fix Committed
James Page (james-page)
Changed in keystone (Juju Charms Collection):
milestone: none → 15.01
James Page (james-page)
Changed in keystone (Juju Charms Collection):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.