← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #03336

[Bug 1194001] Re: SSLError: [Errno 336265218] _ssl.c:351: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib for Keystone configuring with SSL.

  Thread PreviousDate PreviousThread Next 
** Changed in: keystone
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1194001

Title:
  SSLError: [Errno 336265218] _ssl.c:351: error:140B0002:SSL
  routines:SSL_CTX_use_PrivateKey_file:system lib for Keystone
  configuring with SSL.

Status in OpenStack Identity (Keystone):
  Invalid

Bug description:
  Hi,

  Installed Openstack Identity service(2013.1.1) through apt-get.
  Ref Link: https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/OVS_SingleNode/OpenStack_Grizzly_Install_Guide.rst

  I've configured SSL with keystone by following the below steps.

  1) Created client, server and CA cert files using openssl.
  Ref Link: https://forums.openvpn.net/topic10261.html

  2) Created endpoints for keystone with HTTPS.

  3) Configured in [ssl] of /etc/keystone/keystone.conf

   enable = True
   certfile = /root/certs/server_cert_key.pem (server cert + server key)
   keyfile = /root/certs/server.key (server key)
   ca_certs = /root/certs/ca.crt (Certificate Authority)
   cert_required = True

  4) Created openrc

   export OS_TENANT_NAME=demo
   export OS_USERNAME=admin
   export OS_PASSWORD=secrete
   export OS_AUTH_URL=https://10.233.53.117:5000/v2.0/
   export OS_CERT=/root/certs/client_cert_key.pem (client cert + client key)
   export OS_CACERT=/root/certs/ca.crt (Certificate Authority)
   export OS_SERVICE_ENDPOINT=https://10.233.53.117:35357/v2.0/
   export OS_SERVICE_TOKEN=ADMIN
   export OS_REGION_NAME=RegionOne

  5) Source openrc.

  6) Started keystone using /usr/bin/keystone-all then Keystone commands
  are working.

  But the issue is when i start the keystone using service keystone
  start. Then i'm getting the following error while trying to list
  users, tenants, endpoints etc.

  Traceback (most recent call last):
    File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 135, in _run
      log=WritableLogger(log))
    File "/usr/lib/python2.7/dist-packages/eventlet/wsgi.py", line 663, in server
      client_socket = sock.accept()
    File "/usr/lib/python2.7/dist-packages/eventlet/green/ssl.py", line 279, in accept
      suppress_ragged_eofs=self.suppress_ragged_eofs)
    File "/usr/lib/python2.7/dist-packages/eventlet/green/ssl.py", line 46, in __init__
      super(GreenSSLSocket, self).__init__(sock.fd, *args, **kw)
    File "/usr/lib/python2.7/ssl.py", line 141, in __init__
      ciphers)
  SSLError: [Errno 336265218] _ssl.c:351: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib

  This is not working in the case of running keystone as service.

  Thanks,
  Sasikiran

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1194001/+subscriptions
  Thread PreviousDate PreviousThread Next