Bug 1292488

Summary: [RFE] Allow root CA configuration for SSL enabled Openstack connectivity
Product: Red Hat CloudForms Management Engine Reporter: John Prause <jprause>
Component: ProvidersAssignee: Ladislav Smola <lsmola>
Status: CLOSED ERRATA QA Contact: Aziza Karol <akarol>
Severity: high Docs Contact:
Priority: unspecified    
Version: 5.5.0CC: adahms, cpelland, dajohnso, jfrey, jhardy, jkrocil, jprause, lsmola, mcornea, mfeifer, obarenbo, rrasouli
Target Milestone: GAKeywords: FutureFeature, ZStream
Target Release: 5.5.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
With this update, it is now possible to specify the path to a CA certificate for OpenStack providers to allow SSL connectivity.
Story Points: ---
Clone Of: 1292409 Environment:
Last Closed: 2016-02-10 15:29:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1292409    
Bug Blocks:    

Comment 3 CFME Bot 2016-01-12 19:30:01 UTC
New commit detected on cfme/5.5.z:
https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=063a102f11f053e4931cdf40be3ce022f2914f36

commit 063a102f11f053e4931cdf40be3ce022f2914f36
Merge: ccc121c 95847a9
Author:     Greg Blomquist <gblomqui>
AuthorDate: Tue Jan 12 13:47:39 2016 -0500
Commit:     Greg Blomquist <gblomqui>
CommitDate: Tue Jan 12 13:47:39 2016 -0500

    Merge branch 'bz1292488' into '5.5.z'
    
    Bz1292488
    
    OpenStack allow to specify path to CA certificate
    
    OpenStack allow to specify path to CA certificate, which will be
    passed to Excon.
    
    5.5.z BZ:
    https://bugzilla.redhat.com/show_bug.cgi?id=1292488
    
    Conflict in tests of cherry-pick of:
    https://github.com/ManageIQ/manageiq/pull/5831
    
    Conflicts:
    	gems/pending/spec/openstack/openstack_handle/handle_spec.rb
    
    Conflict is due to should -> expect change for rspec 3
    
    See merge request !709

 .../manageiq/providers/openstack/manager_mixin.rb  |   9 +-
 config/vmdb.tmpl.yml                               |   3 +
 gems/pending/openstack/openstack_handle/handle.rb  |  24 ++++-
 .../spec/openstack/openstack_handle/handle_spec.rb | 100 ++++++++++++++++++++-
 4 files changed, 127 insertions(+), 9 deletions(-)

Comment 6 Ronnie Rasouli 2016-02-01 08:50:31 UTC
tested on 5.5.2.2.20160121120249_395c086
with SSL configured on 7.3 

Copied both CA for undercloud and overcloud to CFME

modified in configure-> configuration-> advanced 
ssl:
ssl_ca_file: "/etc/pki/tls/certs/ca-bundle.crt"
ssl_ca_path

Both undercloud and overcloud with SSL are working

Comment 7 errata-xmlrpc 2016-02-10 15:29:26 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:0159