help needed : OpenStack cinder https certificate

[olivierBlanc]

Hello, When trying to connect cinder to OpenStack tenant, I have a self-signed certificate problem (x509: certificate signed by unknown authority) Is there a way to give the cinder driver, through the configuration, a ca-file to bypass this problem ? Regards, Olivier

[sushanthakumar]

@olivierBlanc , Can you elaborate a bit on your scenario. Are you using openstack which is integrated with soda projects?

[olivierBlanc]

Hi,

Yes, I am using OpenStack integrated with Soda Project.

So my infrastructure is IaaS with Openstack. I installed a Kubernetes v1.20.2 on this infra and I want to be able to access OpenStack volumes from my Pods in RWM mode. To do so, I moved to SODA.

For my problem, I tried to move on and I modified the cinder.go file in contrib/drivers/openstack to add a parameter CAPEM read from cinder.yaml configuration file. I pass this info to gophercloud/gophercloud/openstack/client.go AthenticatedClient function. I modified that function too, to initiate an http client transport aware of the RootCA to use.

From now on I bypassed the self-certificate problem that I had. I'm still going on to check other problems that I have with my configuration file. Let me know if I need to provide more infos, code or whatever.