[Bug 1347150] Re: [SRU] switch to requests breaks HTTPS support

Edward Hope-Morley edward.hope-morley at canonical.com
Thu Oct 22 14:50:04 UTC 2015 

** Also affects: cloud-archive
   Importance: Undecided
       Status: New

** Changed in: cloud-archive
     Assignee: (unassigned) => Edward Hope-Morley (hopem)

** Changed in: cloud-archive
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to ubuntu-cloud-archive.
https://bugs.launchpad.net/bugs/1347150

Title:
  [SRU] switch to requests breaks HTTPS support

Status in ubuntu-cloud-archive:
  In Progress
Status in python-glanceclient:
  Fix Released

Bug description:
  [Impact]
    Fix glanceclient breakage in Nova when using https glance endpoint in Juno.

  [Test Case]
    1. Deploy Openstack juno (incl. this fix) with https endpoints and
       create an instance.

    2. Check that instance deployed successfully.

  [Regression Potential]

    None.

  Since the switching to using the requests library in the client, nova
  boot fails when the glance server is using SSL.

  The error reported by nova is:

  2014-07-22 16:20:57.569 ^[[00;32mDEBUG glanceclient.common.http [^[[01;36mreq-e9a94169-9af4-45e8-ab95-1ccd3f8caf04 ^[[00;36madmin admin^[[00;32m] ^[[01;35m^[[00;32mcurl -i -X GET -H 'X-Auth-Token: ***' -H 'Accept-Encoding: gzip, deflate, compress' -H 'Accept: */*' -H 'User-Agent: python-glanceclient'  --cert None --key None https://test.example.com:9292https://moon.greyoak.com:9292//v1/images/detail?is_public=none&limit=20^[[00m ^[[00;33mfrom (pid=32459) log_curl_request /home/rcrit/redhat/openstack/python-glanceclient/glanceclient/common/http.py:103^[[00m
  2014-07-22 16:20:57.571 ^[[01;31mERROR nova.api.openstack [^[[01;36mreq-e9a94169-9af4-45e8-ab95-1ccd3f8caf04 ^[[00;36madmin admin^[[01;31m] ^[[01;35m^[[01;31mCaught error: VerifiedHTTPSConnection instance has no attribute 'insecure'^[[00m

  Once seen, all subsequent commands to the nova server fail similarly.

  This is fairly easily reproduced with my SSL patches in
  https://bugs.launchpad.net/devstack/+bug/1328226 (probably needs some
  rebasing).

  With an SSL-everywhere server this can be seen by installing in
  devstack and doing things like:

  These work.

  $ nova flavor-list
  $ glance image-list
  $ nova net-list

  Have nova hit glance:

  $ nova image-list
  ERROR (Unauthorized): Unauthorized (HTTP 401) (Request-ID: req-ee964e9a-c2a9-4be9-bd52-3f42c805cf2c)

  All subsequent requests will fail similarly:

  $ nova list
  ERROR (Unauthorized): Unauthorized (HTTP 401) (Request-ID: req-f670db83-c830-4e75-b29f-44f61ae161a1)

  Note that if you start nova and the first thing you do is an image-
  list it works. I'm guessing this is because the only connection in the
  pool is a glance connection object which has insecure defined.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1347150/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list