On Monday, October 14, 2013, Jamie Lennox wrote: > On Mon, 2013-10-14 at 18:36 -0700, Bhuvan Arumugam wrote: > > Just making sure i'm not the only one facing this problem. > > https://bugs.launchpad.net/nova/+bug/1239894 > > Yep, we thought this may raise some issues but insecure by default was > just not acceptable. > > > keystoneclient v0.4.0 was released last week and used by all openstack > > services now. The insecure=False, as defined in > > keystoneclient.middleware.auth_token. The keystone client is happy as > > long as --insecure flag is used. There is no way to configure it in > > other openstack services like nova, neutron or glance while it is > > integrated with self-signed keystone instance. > > I'm not following the problem. As you mentioned before the equivalent > setting for --insecure in auth_token is setting insecure=True in the > service's config file along with all the other keystone auth_token > settings. The equivalent when using the client library is passing > insecure=True to the client initialization. > > > We should introduce new config parameter keystone_api_insecure and > > configure keystoneclient behavior based on this parameter. The config > > parameter should be defined in all other openstack services, as all of > > them integrate with keystone. > > A new config parameter where? I guess we could make insecure in > auth_token also response to an OS_SSL_INSECURE but that pattern is not > followed for any other service or parameter. > > That's something I'd rather not support without a *very* strong use case. Using --insecure is inconvenient by design.
> Until it's resolved, I think the known workaround is to use > > keystoneclient==0.3.2. > > > > > > Is there any other workaround for this issue? > > Signed certificates. > > > -- > > Regards, > > Bhuvan Arumugam > > www.livecipher.com > > _______________________________________________ > > OpenStack-dev mailing list > > OpenStack-dev@lists.openstack.org <javascript:;> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org <javascript:;> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- -Dolph
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
