OpenStack Compute (nova)

Two different CA path definition causes launching_vpn_instance error

Bug #757033 reported by Hyunsun Moon
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Medium
Vish Ishaya
OpenStack Compute (nova) 2012.1 "essex"

Bug Description

Path for 'CA' directory referenced in two different way in nova/crypto.py.
I manage my own state directory including CA directory, and almost every codes in Nova also references CA directory like '$state_path/CA'. But in some code including 'generate_vpn_files' reference CA directory with the following way which may point different path with the previous way.

genvpn_sh_path = os.path.join(os.path.dirname(__file__),
                                  'CA',
                                  'geninter.sh')

Thierry Carrez (ttx)
Changed in nova:
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Openstack Gerrit (openstack-gerrit) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/1752
Committed: http://github.com/openstack/nova/commit/8a0370e4cf4b2004df63588c7a2daf5e676df43e
Submitter: Jenkins
Branch: master

 status fixcommitted
 done

commit 8a0370e4cf4b2004df63588c7a2daf5e676df43e
Author: Joe Gordon <email address hidden>
Date: Thu Nov 17 23:28:00 2011 -0800

    Fixes bug 757033

    different CA path definitions

    Change-Id: I55bb9df1b4b4a0095c4d62215847b730976028ee

Changed in nova:
status: Confirmed → Fix Committed
Revision history for this message
Vish Ishaya (vishvananda) wrote :

I missed this when it went in, but this fix is incorrect. The directory referred to by ca_path is the target directory for the CA files, whereas genvpn_sh_path and geninter_sh_path is location of the scripts that need to be run to create the target directories.

These are usually not the same place. In a source checkout into /opt/stack/nova for example:
CA path == /opt/stack/nova/CA
script location == /opt/stack/nova/nova/CA/genvpn.sh

In order for this to work, one would have to manually copy all of the files from nova/CA into the location specified in ca_directory. I think this change needs to be reverted.

Revision history for this message
Openstack Gerrit (openstack-gerrit) wrote :

Reviewed: https://review.openstack.org/1833
Committed: http://github.com/openstack/nova/commit/a3ea70c0809f62a0a7b09199bd31fbed704ebf9d
Submitter: Jenkins
Branch: master

 status fixcommitted
 done

commit a3ea70c0809f62a0a7b09199bd31fbed704ebf9d
Author: Vishvananda Ishaya <email address hidden>
Date: Mon Nov 21 16:39:02 2011 -0800

    Revert "Fixes bug 757033"

    This reverts commit 8a0370e4cf4b2004df63588c7a2daf5e676df43e.

    Change-Id: I8522eb0e84b7e811020dedc083f8e3c8478e0f8c

Thierry Carrez (ttx)
Changed in nova:
milestone: none → essex-2
status: Fix Committed → Fix Released
Mark McLoughlin (markmc)
Changed in nova:
assignee: nobody → Joe Gordon (joe-gordon0)
assignee: Joe Gordon (joe-gordon0) → Vish Ishaya (vishvananda)
Thierry Carrez (ttx)
Changed in nova:
milestone: essex-2 → 2012.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.