[Kimchi-devel] [PATCH] issue #475: Properly set cert and key variables when starting nginx proxy

Aline Manera alinefm at linux.vnet.ibm.com
Fri Dec 5 11:33:12 UTC 2014 

On 12/05/2014 06:38 AM, Royce Lv wrote:
> On 2014年12月05日 02:05, Aline Manera wrote:
>> When specifying a custom SSL certificate and key, Kimchi did not start
>> up due the error:
> I'm wondering the user scenario of this bug, when do we specify a 
> custom certificate and key?
> AFAK, we used self signed certificate and key, why does a user want to 
> specify one?
> Shall we just ignore user provided one?

Nope! The user must be able to specify his/her own CA and key as the one 
kimchi generated it not trusted assigned.

>>
>> Traceback (most recent call last):
>> File "/usr/bin/kimchid", line 95, in sys.exit(main(sys.argv[1:]))
>> File "/usr/bin/kimchid", line 92, in main kimchi.server.main(options)
>> File "/usr/lib/python2.6/site-packages/kimchi/server.py", line 183, 
>> in main
>> srv = Server(options)
>> File "/usr/lib/python2.6/site-packages/kimchi/server.py", line 62, in 
>> init
>> start_proxy(options)
>> File "/usr/lib/python2.6/site-packages/kimchi/proxy.py", line 89, in 
>> start_proxy
>> _create_proxy_config(options)
>> File "/usr/lib/python2.6/site-packages/kimchi/proxy.py", line 78, in 
>> _create_proxy_config
>> cert_pem=cert, cert_key=key,
>> UnboundLocalError: local variable 'cert' referenced before assignment
>>
>> Signed-off-by: Aline Manera <alinefm at linux.vnet.ibm.com>
>> ---
>>   src/kimchi/proxy.py | 6 ++++--
>>   1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/src/kimchi/proxy.py b/src/kimchi/proxy.py
>> index 9238147..fafa5bc 100644
>> --- a/src/kimchi/proxy.py
>> +++ b/src/kimchi/proxy.py
>> @@ -43,7 +43,6 @@ def _create_proxy_config(options):
>>       Arguments:
>>       options - OptionParser object with Kimchi config options
>>       """
>> -
>>       # User that will run the worker process of the proxy. Fedora,
>>       # RHEL and Suse creates an user called 'nginx' when installing
>>       # the proxy. Ubuntu creates an user 'www-data' for it.
>> @@ -54,8 +53,11 @@ def _create_proxy_config(options):
>>           user_proxy = 'www-data'
>>
>>       config_dir = paths.conf_dir
>> +    cert = options.ssl_cert
>> +    key = options.ssl_key
>> +
>>       # No certificates specified by the user
>> -    if not options.ssl_cert or not options.ssl_key:
>> +    if not cert or not key:
>>           cert = '%s/kimchi-cert.pem' % config_dir
>>           key = '%s/kimchi-key.pem' % config_dir
>>           # create cert files if they don't exist
>

More information about the Kimchi-devel mailing list