yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1269740] Re: metadata agent fails with self-signed SSL certs

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Sascha Peilicke <1269740@xxxxxxxxxxxxxxxxxx>
Date: Tue, 11 Mar 2014 16:04:06 -0000
Reply-to: Bug 1269740 <1269740@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a duplicate of bug 1263872 ***
    https://bugs.launchpad.net/bugs/1263872

** This bug has been marked a duplicate of bug 1263872
   metadata proxy not support Https Metadata-api

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1269740

Title:
  metadata agent fails with self-signed SSL certs

Status in OpenStack Neutron (virtual network service):
  In Progress

Bug description:
  When using a self-signed certificate for the network service endpoint,
  the metadata agent has to pass the 'insecure' flag to neutronclient.
  Otherwise requests will fail due to the failed certificate validity
  check.

  Grizzly trace:

  2013-10-30 16:09:47    ERROR [quantum.agent.metadata.agent] Unexpected error.
  Traceback (most recent call last):
    File "/usr/lib64/python2.6/site-packages/quantum/agent/metadata/agent.py", line 86, in __call__
      instance_id = self._get_instance_id(req)
    File "/usr/lib64/python2.6/site-packages/quantum/agent/metadata/agent.py", line 110, in _get_instance_id
      device_owner=DEVICE_OWNER_ROUTER_INTF)['ports']
    File "/usr/lib64/python2.6/site-packages/quantumclient/v2_0/client.py", line 107, in with_params
      ret = self.function(instance, *args, **kwargs)
    File "/usr/lib64/python2.6/site-packages/quantumclient/v2_0/client.py", line 258, in list_ports
      **_params)
    File "/usr/lib64/python2.6/site-packages/quantumclient/v2_0/client.py", line 999, in list
      for r in self._pagination(collection, path, **params):
    File "/usr/lib64/python2.6/site-packages/quantumclient/v2_0/client.py", line 1012, in _pagination
      res = self.get(path, params=params)
    File "/usr/lib64/python2.6/site-packages/quantumclient/v2_0/client.py", line 985, in get
      headers=headers, params=params)
    File "/usr/lib64/python2.6/site-packages/quantumclient/v2_0/client.py", line 970, in retry_request
      headers=headers, params=params)
    File "/usr/lib64/python2.6/site-packages/quantumclient/v2_0/client.py", line 907, in do_request
      resp, replybody = self.httpclient.do_request(action, method, body=body)
    File "/usr/lib64/python2.6/site-packages/quantumclient/client.py", line 143, in do_request
      self.authenticate()
    File "/usr/lib64/python2.6/site-packages/quantumclient/client.py", line 199, in authenticate
      raise exceptions.Unauthorized(message=body)
  Unauthorized: Server presented certificate that does not match host d00-1e-c9-4c-44-30.cloud.susestudio.com: {'notAfter': 'Jul 10 12:00:00 2015 GMT', 'subjectAltName': (('DNS', '*.susestudio.com'), ('DNS', 'susestudio.com')), 'subject': ((('countryName', u'US'),), (('stateOrProvinceName', u'Utah'),), (('localityName', u'Provo'),), (('organizationName', u'Novell, Inc.'),), (('commonName', u'*.susestudio.com'),))}

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1269740/+subscriptions

References

[Bug 1269740] [NEW] metadata agent fails with self-signed SSL certs
From: Sascha Peilicke, 2014-01-16