Bug 1820310

Summary: [Backport][OSP16.1] Add TLS support in tooz's etcd3gw driver
Product: Red Hat OpenStack Reporter: Alan Bishop <abishop>
Component: python-toozAssignee: Alan Bishop <abishop>
Status: CLOSED ERRATA QA Contact: Tzach Shefi <tshefi>
Severity: medium Docs Contact:
Priority: medium    
Version: 16.0 (Train)CC: apevec, gcharot, johfulto, jvisser, lhh, ltoscano
Target Milestone: betaKeywords: FeatureBackport, Triaged
Target Release: 16.1 (Train on RHEL 8.2)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-tooz-1.66.2-0.20200310155113.5b280a8.el8ost Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-07-29 07:51:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alan Bishop 2020-04-02 18:10:07 UTC 
Cinder uses tooz's etcd3gw driver for its DLM when running in active/active mode. 
Support for TLS was added to the tooz driver in Ussuri [1], but it's needed downstream in OSP 16.1.

[1] https://review.opendev.org/710539
Comment 6 Tzach Shefi 2020-06-16 14:57:25 UTC 
Verified on:
python3-tooz-1.66.3-0.20200602080725.13a6dff.el8ost.noarch

I can't install Cinder A/A TLS just yet. 
So to verify I used below on a Cinder controller on none TLS DCN A/A deployment. 


[root@central-controller0-0 ~]# podman exec -ti cinder_api bash -c 'grep https /usr/lib/python*/site-packages/tooz/drivers/etcd3gw.py'
    The PROTOCOL can be http or https. If not specified, HOST defaults to
        protocol = 'https' if parsed_url.scheme.endswith('https') else 'http'

Above means tooz includes support for https, good to verify.
Comment 8 errata-xmlrpc 2020-07-29 07:51:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:3148