Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1814693

Summary: Horizon is unable to retrieve Cinder API versions when it has a self-signed SSL certificate
Product: Red Hat OpenStack Reporter: Randy Rubins <rrubins>
Component: python-django-horizonAssignee: Radomir Dopieralski <rdopiera>
Status: CLOSED WONTFIX QA Contact: Beth White <beth.white>
Severity: medium Docs Contact:
Priority: medium    
Version: 13.0 (Queens)CC: athomas, cgaynor, eharney, jrist, mmagr, mmethot, rdopiera
Target Milestone: ---Keywords: Triaged, ZStream
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-01-19 15:11:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1817951    
Bug Blocks:    

Description Randy Rubins 2020-03-18 14:27:14 UTC 
Description of problem:
While using self-signed SSL certs and adjusting local_settings to use "OPENSTACK_SSL_NO_VERIFY = True", we are failing to retrieve API versions using cinderclient (see lp#1815635 for full description) .

Version-Release number of selected component (if applicable):
Horizon container: rhosp13/openstack-horizon/images/13.0-109
Package: openstack-dashboard-13.0.3-1.el7ost.noarch

How reproducible:


Steps to Reproduce:
1. Adjust /etc/openstack-dashboard/local_settings to include:
# Disable SSL certificate checks (useful for self-signed certificates):
OPENSTACK_SSL_NO_VERIFY = True

2. Restart horizon container on controllers


Actual results:
Observe failed SSL connection attempts to retrieve API versions using cinderclient

Expected results:
No verify ssl connections should be respected throughout the request initiated from the Horizon dashboard. 


Additional info:
Comment 1 Marc Methot 2020-03-18 15:45:10 UTC 
Basically duplicate of https://bugs.launchpad.net/horizon/+bug/1744670
Should be fixed by:
- https://github.com/openstack/horizon/commit/285c51f7e1b27a786fa9684abdc489998285b4e2
- https://review.opendev.org/#/c/675894/

Upstream fix of cinderclient (added an insecure flag) which is a version bump for horizon to get the applied upstream fix:
- https://review.opendev.org/#/c/675891/

For RH OSP13 we would need to bump a lot:
< python-cinderclient>=3.3.0 # Apache-2.0
> python-cinderclient>=5.0.0 # Apache-2.0


Cheers,
Marc Methot
Comment 2 Radomir Dopieralski 2020-03-25 11:09:04 UTC 
To be honest, I don't think we can bump cinderclient like that. I will see if we could get the cinderclient patch backported instead.
Comment 5 Radomir Dopieralski 2020-03-27 09:58:13 UTC 
We will know as soon as we get a reply to comment 3.