Bug 1255468

Summary: ahc-tools does not support self-signed certificates
Product: Red Hat OpenStack Reporter: Ben Nemec <bnemec>
Component: ahc-toolsAssignee: John Trowbridge <jtrowbri>
Status: CLOSED DUPLICATE QA Contact: yeylon <yeylon>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.0 (Kilo)CC: bnemec, calfonso, jslagle, mburns, rhel-osp-director-maint, srevivo
Target Milestone: y2Keywords: ZStream
Target Release: 7.0 (Kilo)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-09-02 16:58:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ben Nemec 2015-08-20 16:28:26 UTC 
Description of problem: ahc-tools doesn't allow specifying an os-cacert parameter to its ironic client, which means it can't work with a self-signed certificate.


Version-Release number of selected component (if applicable): 0.1.1-5.el7ost (I think)


How reproducible: Always


Steps to Reproduce:
1. Install undercloud with ssl for service endpoints, using a self-signed certificate
2. Attempt to run ahc-report --full
3.

Actual results: ironicclient.openstack.common.apiclient.exceptions.ConnectionRefused: Error communicating with https://192.168.85.6:13385/ [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


Expected results: ahc-report --full output


Additional info:
Comment 3 Ben Nemec 2015-08-20 16:35:17 UTC 
Actually, I take that back.  I see this is using the discoverd configuration as a basis, which means we just need to be able to configure ahc-tools to talk to the internal ironic endpoint instead of public.  That's how we addressed the issue in discoverd so it should work fine here too.
Comment 4 John Trowbridge 2015-09-02 16:36:04 UTC 
@Ben,

I think this will be resolved with the same fix as https://bugzilla.redhat.com/show_bug.cgi?id=1245212

WDYT?
Comment 5 Ben Nemec 2015-09-02 16:58:32 UTC 
Agreed, this is actually a dupe of that bug.
Comment 6 Ben Nemec 2015-09-02 16:58:59 UTC 

*** This bug has been marked as a duplicate of bug 1245212 ***