glance_store

Swift backend does not support insecure Keystone v3 with SSL

Bug #1744494 reported by Chris Hoge on 2018-01-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Glance	Triaged	Low	Unassigned
	glance_store	Triaged	Low	Unassigned

Bug Description

The swift glance_store client does not create an insecure auth client when using Keystone v3 with an unsigned cert delivering Swift service endpoints. With keystone authtoken insecure=true and swift_store_auth_insecure=true, Glance returns the following error when uploading a new image:

http://paste.openstack.org/show/648868/

glance-api_1 | 2018-01-20 19:50:43.409 208 ERROR glance.common.wsgi BackendException: Cannot find swift service endpoint : Unable to establish connection to https://192.168.1.44:35357/v3/auth/tokens: HTTPSConnectionPool(host='192.168.1.44', port=35357): Max retries exceeded with url: /v3/auth/tokens (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))

Erno Kuvaja (jokke) on 2018-04-20

Changed in glance:
importance:	Undecided → Low
Changed in glance-store:
importance:	Undecided → Low

Brian Rosmaita (brian-rosmaita) on 2018-06-25

Changed in glance:
status:	New → Triaged
Changed in glance-store:
status:	New → Triaged

Revision history for this message

Shannon Mitchell (shannon-mitchell) wrote on 2019-02-19:

We were encountering the same issue recently in openstack-ansible queens. Looks like it was fixed in https://bugs.launchpad.net/glance-store/+bug/1606268 in master and rocky.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.