** Project changed: glance => glance-store
** Changed in: glance-store
Assignee: (unassigned) => Cyril Roelandt (cyril-roelandt)
** Changed in: glance-store
Status: New => Fix Committed
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/2030825
Title:
s3 backend fails with invalid certificate when using s3 compatible
storage
Status in glance_store:
Fix Committed
Bug description:
When using the Glance s3 backend, if you are using an s3 compatible
store, image operations fail with:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-
signed certificate in certificate chain (_ssl.c:1129).
The current implementation uses boto3 and assumes you are only using
Amazon's implementation as there are not currently any settings for
overriding the CA. In my case, we are using an s3 compatible on-prem
device which has internal corporate certs. If I override using an
environment variable of AWS_CA_BUNDLE to my CA bundle, the s3 backend
then works great.
Can we see about adding an option to the configuration file for the
s3_backend so that we can specify the location of a CA bundle so that
the default CA can be overridden? It appears a few of the other
options have this functionality already, so we would need to add the
support for boto3.
This was tested in Antelope and validated to work once the environment
variable was added.
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance-store/+bug/2030825/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
