kolla

ubuntu is not installing proper security packages

Bug #1560302 reported by Sam Yaple on 2016-03-22

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
kolla	Invalid	High	Unassigned	kolla ocata-1 "o1"
Liberty	Invalid	High	Unassigned	kolla 1.1.3 "liberty"
Mitaka	Invalid	High	Unassigned	kolla 2.0.3 "mitaka"

Bug Description

2016-03-22 00:14:46.346 | INFO:kolla.cmd.build:openstack-base:[91m/tmp/tmpronDEw/pip.zip/pip/_vendor/requests/packages/urllib3/util/ssl_.py:315: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning.
2016-03-22 00:14:46.346 | INFO:kolla.cmd.build:openstack-base:[0m
2016-03-22 00:14:46.346 | INFO:kolla.cmd.build:openstack-base:[91m/tmp/tmpronDEw/pip.zip/pip/_vendor/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
2016-03-22 00:14:46.346 | INFO:kolla.cmd.build:openstack-base:[0m

These are from not having the proper security libs in place

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-22: Fix proposed to kolla (master)

Fix proposed to branch: master
Review: https://review.openstack.org/295602

Changed in kolla:
status:	Triaged → In Progress

Steven Dake (sdake) on 2016-03-22

no longer affects:	kolla/newton
tags:	added: rc-backport-potential

Steven Dake (sdake) on 2016-03-26

Changed in kolla:
milestone:	mitaka-rc2 → newton-1
tags:	removed: rc-backport-potential

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-04-01: Change abandoned on kolla (master)

Change abandoned by Sam Yaple (<email address hidden>) on branch: master
Review: https://review.openstack.org/295602

Steven Dake (sdake) on 2016-04-02

no longer affects:	kolla/liberty
Changed in kolla:
assignee:	Sam Yaple (s8m) → nobody
status:	In Progress → Confirmed

Swapnil Kulkarni (coolsvap-deactivatedaccount) on 2016-04-06

Changed in kolla:
assignee:	nobody → Swapnil Kulkarni (coolsvap)

OpenStack Infra (hudson-openstack) on 2016-04-08

Changed in kolla:
status:	Confirmed → In Progress

Revision history for this message

Steven Dake (sdake) wrote on 2016-04-11:

One of the problems here is the base container installs a bunch of python packages. Those need to be uninstalled in openstack-base and kolla-toolbox. What we really need is a venv in base, however, there is no capacity to do that work prior to our 2.0.0 4/15 release. The rpm removal should fix the problem for the centos failing gate.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-05-10:

Change abandoned by Sam Yaple (<email address hidden>) on branch: master
Review: https://review.openstack.org/295602
Reason: This is not the appropriate way to solve this issue. The issue comes from using python and installing pip. its a chicken and egg problem

Swapnil Kulkarni (coolsvap-deactivatedaccount) on 2016-06-30

Changed in kolla:
milestone:	newton-1 → newton-2

Swapnil Kulkarni (coolsvap-deactivatedaccount) on 2016-07-20

Changed in kolla:
milestone:	newton-2 → newton-3

Swapnil Kulkarni (coolsvap-deactivatedaccount) on 2016-09-01

Changed in kolla:
assignee:	Swapnil Kulkarni (coolsvap) → nobody
milestone:	newton-3 → occata-1

shake.chen (shake-chen) on 2016-11-12

Changed in kolla:
status:	In Progress → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.