diff options
author | Mark Goddard <mark@stackhpc.com> | 2021-08-20 14:23:54 +0100 |
---|---|---|
committer | Mark Goddard <mark@stackhpc.com> | 2021-08-20 14:25:44 +0100 |
commit | ed404c5f66e874779d58d3ac81f28ae22c55cf09 (patch) | |
tree | f184070ef145219c21e17a736cb76c15e1ba9c50 /releasenotes | |
parent | cb389d0c5d3ddb94dd724c8f6648eb28b20ec2cc (diff) | |
download | ceilometer-ed404c5f66e874779d58d3ac81f28ae22c55cf09.tar.gz |
Fix CA file for Swift pollster
Most OpenStack API communication uses the cafile option in the
service_credentials config. For swift the client is created differently,
and does not get this option. When TLS is used, we may get an error like
the following:
exceptions.SSLError: HTTPSConnectionPool(host='1.2.3.4', port=443): Max
retries exceeded with url: /swift/v1/AUTH_XXXX (Caused by
SSLError(SSLError("bad handshake: Error([('SSL routines',
'tls_process_server_certificate', 'certificate verify failed')],)",),))
This change fixes the issue by creating an HTTP connection for the Swift
client that uses the configured CA file.
Closes-Bug: #1940660
Change-Id: I38f9ff2bec0a2a3cb9dfc5c362284e33c12f3127
Diffstat (limited to 'releasenotes')
-rw-r--r-- | releasenotes/notes/fix-1940660-5226988f2e7ae1bd.yaml | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/releasenotes/notes/fix-1940660-5226988f2e7ae1bd.yaml b/releasenotes/notes/fix-1940660-5226988f2e7ae1bd.yaml new file mode 100644 index 00000000..14a515e8 --- /dev/null +++ b/releasenotes/notes/fix-1940660-5226988f2e7ae1bd.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - > + [`bug 1940660 <https://bugs.launchpad.net/ceilometer/+bug/1940660>`_] + Fixes an issue with the Swift pollster where the ``[service_credentials] + cafile`` option was not used. This could prevent communication with + TLS-enabled Swift APIs. |