1814693 – Horizon is unable to retrieve Cinder API versions when it has a self-signed SSL certificate

Bug 1814693 - Horizon is unable to retrieve Cinder API versions when it has a self-signed SSL certificate

Summary: Horizon is unable to retrieve Cinder API versions when it has a self-signed S...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	python-django-horizon
Sub Component:
Version:	13.0 (Queens)
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Radomir Dopieralski
QA Contact:	Beth White
Docs Contact:
URL:
Whiteboard:
Depends On:	1817951
Blocks:
TreeView+	depends on / blocked

Reported:	2020-03-18 14:27 UTC by Randy Rubins
Modified:	2023-02-27 15:54 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-01-19 15:11:46 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1744670	None	None	None	2020-03-18 15:45:09 UTC
Launchpad	1815635	None	None	None	2020-03-18 14:27:14 UTC
Red Hat Issue Tracker	OSP-10381	None	None	None	2022-01-19 15:18:46 UTC

Internal Links: 1817951

Description Randy Rubins 2020-03-18 14:27:14 UTC

Description of problem:
While using self-signed SSL certs and adjusting local_settings to use "OPENSTACK_SSL_NO_VERIFY = True", we are failing to retrieve API versions using cinderclient (see lp#1815635 for full description) .

Version-Release number of selected component (if applicable):
Horizon container: rhosp13/openstack-horizon/images/13.0-109
Package: openstack-dashboard-13.0.3-1.el7ost.noarch

How reproducible:


Steps to Reproduce:
1. Adjust /etc/openstack-dashboard/local_settings to include:
# Disable SSL certificate checks (useful for self-signed certificates):
OPENSTACK_SSL_NO_VERIFY = True

2. Restart horizon container on controllers


Actual results:
Observe failed SSL connection attempts to retrieve API versions using cinderclient

Expected results:
No verify ssl connections should be respected throughout the request initiated from the Horizon dashboard. 


Additional info:

Comment 1 Marc Methot 2020-03-18 15:45:10 UTC

Basically duplicate of https://bugs.launchpad.net/horizon/+bug/1744670
Should be fixed by:
- https://github.com/openstack/horizon/commit/285c51f7e1b27a786fa9684abdc489998285b4e2
- https://review.opendev.org/#/c/675894/

Upstream fix of cinderclient (added an insecure flag) which is a version bump for horizon to get the applied upstream fix:
- https://review.opendev.org/#/c/675891/

For RH OSP13 we would need to bump a lot:
< python-cinderclient>=3.3.0 # Apache-2.0
> python-cinderclient>=5.0.0 # Apache-2.0


Cheers,
Marc Methot

Comment 2 Radomir Dopieralski 2020-03-25 11:09:04 UTC

To be honest, I don't think we can bump cinderclient like that. I will see if we could get the cinderclient patch backported instead.

Comment 5 Radomir Dopieralski 2020-03-27 09:58:13 UTC

We will know as soon as we get a reply to comment 3.

Note You need to log in before you can comment on or make changes to this bug.