Allow configuration of external CA
Bug #1691874 reported by
James Hebden
This bug report is a duplicate of:
Bug #1691875: setup_keystone_certs does not support use with keystone v3 API.
Edit
Remove
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Ceph RADOS Gateway Charm |
Incomplete
|
Medium
|
Unassigned | ||
Bug Description
When using ceph-radosgw in an environment where all services, including keystone, are using certificates signed with an external CA, the ceph-radosgw charm is not able to communicate with Keystone.
Adding an option to specify an additional CA certificate, which could be added to the system trusted certificate bundle, or configured for use explicitly with the python requests library when making calls to keystone, would allow this to work.
| tags: | added: canonical-bootstack |
Revision history for this message
| James Page (james-page) wrote | #1 |
| Changed in charm-ceph-radosgw: | |
| status: | New → Triaged |
| importance: | Undecided → Medium |
| milestone: | none → 17.08 |
| tags: | added: adrastea |
Revision history for this message
| David Ames (thedac) wrote | #2 |
| Changed in charm-ceph-radosgw: | |
| status: | Triaged → Incomplete |
Revision history for this message
| David Ames (thedac) wrote | #3 |
To post a comment you must log in.
Confirmed; the charm does not have any SSL configuration options, but will need to communicate over SSL to the keystone API for authentication; needs a ssl_ca configuration style option to allow a private enterprise CA to be used for the deployment.