eally think of why one couldn’t/wouldn’t do that.
>
> But definitely +1 on consistent config option naming, at a minimum.
>
> Mike
>
>
> From: Erik McCormick
> Date: Wednesday, March 25, 2015 at 9:36 PM
> To: Michael Still
> Cc: Jesse Keating, OpenStack Operators
&
Subject: Re: [Openstack-operators] OpenStack services and ca certificate config
entries
I'll start by saying I went the system bundle route also and have thus far had
no issues with it. I'll also say that I'm using RDO packages still and not
doing anything with venvs or pip insta
I'll start by saying I went the system bundle route also and have thus far
had no issues with it. I'll also say that I'm using RDO packages still and
not doing anything with venvs or pip installed stuff.
On Wed, Mar 25, 2015 at 6:33 PM, Michael Still wrote:
> Thanks for starting this thread Jess
Thanks for starting this thread Jesse. I agree that heat looks like a
good model for other projects to model themselves on here.
Can anyone think of a use case for having a per client / driver CA
file? I can't, but perhaps I'm missing something.
Michael
On Thu, Mar 26, 2015 at 5:13 AM, Jesse Kea
We were adding our CA to the bundle, we are using python-requests.
python-requests is getting installed via pip in a venv, and it includes
it's own CA bundle. So we were creating a symlink from the system bundle to
the venv requests bundle. Then something upgraded python-requests in the
venv, which
This sounds like something we can bake into the session object to make it
easier / more consistent.
--Morgan
Sent via mobile
> On Mar 25, 2015, at 14:03, John Dewey wrote:
>
> I faced this very issue in the past. We solved the problem by adding the CA
> to the system bundle (as you stated)
I faced this very issue in the past. We solved the problem by adding the CA to
the system bundle (as you stated). We also ran into problems where python
would still not validate the CA. However, this turned out to be a permissions
error with cacerts.txt[1] when httplib2 was installed through
We're facing a bit of a frustration. In some of our environments, we're
using a self-signed certificate for our ssl termination (haproxy). We have
our various services pointing at the haproxy for service cross-talk, such
as nova to neutron or nova to glance or nova to cinder or neutron to nova
or c
