ceilometer/fix-1940660-5226988f2e7ae1bd.yaml at 3a4f2d6fee8561d2b95c595a5a3fbd1ffec034f6 - ceilometer - OpenDev: Free Software Needs Free Tools

openstack/ceilometer

Mark Goddard ed404c5f66 Fix CA file for Swift pollster

Most OpenStack API communication uses the cafile option in the
service_credentials config. For swift the client is created differently,
and does not get this option. When TLS is used, we may get an error like
the following:

exceptions.SSLError: HTTPSConnectionPool(host='1.2.3.4', port=443): Max
retries exceeded with url: /swift/v1/AUTH_XXXX (Caused by
SSLError(SSLError("bad handshake: Error([('SSL routines',
'tls_process_server_certificate', 'certificate verify failed')],)",),))

This change fixes the issue by creating an HTTP connection for the Swift
client that uses the configured CA file.

Closes-Bug: #1940660
Change-Id: I38f9ff2bec0a2a3cb9dfc5c362284e33c12f3127

2021-08-20 14:25:44 +01:00

8 lines

268 B

YAML

Raw Blame History

 ---
 fixes:
   - >
     [`bug 1940660 <https://bugs.launchpad.net/ceilometer/+bug/1940660>`_]
     Fixes an issue with the Swift pollster where the ``[service_credentials]
     cafile`` option was not used. This could prevent communication with
     TLS-enabled Swift APIs.