1) add "/etc/ssl/certs/ca-certificates.crt" as `verify` arg to keystoneclient.Session
2) set env var export REQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-certificates.crt"
For 1), it will only affect the requests usage in keystoneclient.
For 2), it will change the requests behavior all over the charm.
Considering we may also being using/will use requests in other places in this charm, I have chosen 2) as the solution. The patch is merged by xav into master, but not released to mainline yet:
Also, I have released it as cs:~llama-charmers-next/openstack-service-checks-12.
So, in addition to modifying `venv/.../certifi/core.py`, the other workaround is to switch charm temporarily to this uri.
Hi Paul,
To fix the current issue, there are 2 ways:
1) add "/etc/ssl/ certs/ca- certificates. crt" as `verify` arg to keystoneclient. Session CA_BUNDLE= "/etc/ssl/ certs/ca- certificates. crt"
2) set env var export REQUESTS_
For 1), it will only affect the requests usage in keystoneclient.
For 2), it will change the requests behavior all over the charm.
Considering we may also being using/will use requests in other places in this charm, I have chosen 2) as the solution. The patch is merged by xav into master, but not released to mainline yet:
https:/ /code.launchpad .net/~guoqiao/ charm-openstack -service- checks/ +git/charm- openstack- service- checks/ +merge/ 402381
Also, I have released it as cs:~llama- charmers- next/openstack- service- checks- 12. ../certifi/ core.py` , the other workaround is to switch charm temporarily to this uri.
So, in addition to modifying `venv/.