nova_compute fails to start in tls-everywhere configuration

With tls-everywhere enabled connecting to keystone endpoint fails to retrieve the URL for the placement endpoint as the certificate can not be verified. While verification is disabled to check the placement endpoint later, it is not to communicate with keystone. This disables certificate verification for communication with keystone. Related-Bug: 1784155 Change-Id: I317dd62f3a555f375d540a63c21a6fb38d37ca96
2018-12-03 17:04:09 +01:00 · 2018-12-03 17:04:09 +01:00 · a99820a80c
parent b01b1a7f72
commit a99820a80c
2 changed files with 10 additions and 1 deletions
--- a/docker_config_scripts/nova_wait_for_placement_service.py
+++ b/docker_config_scripts/nova_wait_for_placement_service.py
@ -55,7 +55,7 @@ if __name__ == '__main__':
        project_name=config.get('placement', 'project_name'),
        project_domain_name=config.get('placement', 'user_domain_name'),
        auth_url=config.get('placement', 'auth_url')+'/v3')
-    sess = session.Session(auth=auth)
+    sess = session.Session(auth=auth, verify=False)
    keystone = client.Client(session=sess)

    iterations_endpoint = iterations
--- a/releasenotes/notes/nova_wait_for_placement_service_disable_cert_verify-45f532d7a924df86.yaml
+++ b/releasenotes/notes/nova_wait_for_placement_service_disable_cert_verify-45f532d7a924df86.yaml
@ -0,0 +1,9 @@
+---
+fixes:
+  - |
+    With tls-everywhere enabled connecting to keystone endpoint fails
+    to retrieve the URL for the placement endpoint as the certificate
+    can not be verified. While verification is disabled to check the 
+    placement endpoint later, it is not to communicate with keystone.
+    This disables certificate verification for communication with
+    keystone.