python-ceilometerclient: Fail to load SSL certificate
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-ceilometerclient |
Triaged
|
High
|
Dina Belova |
Bug Description
Icehouse 2014.1.1 on Debian running Ceilometer
Client version: 1.0.9-1
HAproxy does binding between public world and internal network to secure API traffic only between clients & load balancers.
Ceilometer API servers run within internal network using HTTP.
HAproxy does SSL termination for Ceilometer binding to support SSL from public world <-> load-balancers.
When I run CLI, I face this error:
ceilometerclien
The SSL certificate IS NOT autosigned and is validated by a well-known CA.
All Keystone endpoints are set with HTTPS.
This environment works fine with other OpenStack services (i.e. Nova).
I can use the ceilometer CLI when specifying --insecure.
The .pem file in my HAproxy node contains the CRT, the KEY and the CA.
Changed in python-ceilometerclient: | |
assignee: | nobody → Dina Belova (dbelova) |
Indeed,it works nice with curl. It's likely that httplib does not load any CA and therefore does not recognize the cert. We should switch to requests to fix that I guess.