yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #12138
[Bug 1297280] [NEW] Unhelpful error message when keystone uses self-signed SSL certificates
Public bug reported:
When keystone is configured to use SSL and its certificates are not
signed by a trusted authority, all the keystone client commands return:
Authorization Failed: SSL exception connecting to
https://127.0.0.1:35357/v2.0/tokens
It would be better to instruct the user to pass the "--insecure"
command-line option to the keystone command.
I set up my keystone with SSL like this:
1) Uncomment the following lines in keystone.conf:
[ssl]
enable = True
certfile = /etc/keystone/pki/certs/ssl_cert.pem
keyfile = /etc/keystone/pki/private/ssl_key.pem
ca_certs = /etc/keystone/pki/certs/cacert.pem
ca_key = /etc/keystone/pki/private/cakey.pem
2) Run 'keystone-manage ssl_setup --keystone-user keystone --keystone-
group keystone' and restart the service
3) Change the endpoints in the SQL table to point to https://...
To get the error, source the following file (change the username and password, and make sure the endpoint correctly points to https://...):
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PASSWORD=18ee8218fe2d4e6e
export OS_AUTH_URL=https://127.0.0.1:35357/v2.0/
Now run: keystone user-list
You get: Authorization Failed: SSL exception connecting to https://127.0.0.1:35357/v2.0/tokens
You are supposed to run: keystone --insecure user-list
It's really hard to tell by this error message what the cause of the
problems is. In addition to that, there is nothing in the keystone logs.
Please provide a more informative error message, and possibly some logs
to indicate what went wrong.
Thanks :)
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1297280
Title:
Unhelpful error message when keystone uses self-signed SSL
certificates
Status in OpenStack Identity (Keystone):
New
Bug description:
When keystone is configured to use SSL and its certificates are not
signed by a trusted authority, all the keystone client commands
return:
Authorization Failed: SSL exception connecting to
https://127.0.0.1:35357/v2.0/tokens
It would be better to instruct the user to pass the "--insecure"
command-line option to the keystone command.
I set up my keystone with SSL like this:
1) Uncomment the following lines in keystone.conf:
[ssl]
enable = True
certfile = /etc/keystone/pki/certs/ssl_cert.pem
keyfile = /etc/keystone/pki/private/ssl_key.pem
ca_certs = /etc/keystone/pki/certs/cacert.pem
ca_key = /etc/keystone/pki/private/cakey.pem
2) Run 'keystone-manage ssl_setup --keystone-user keystone --keystone-
group keystone' and restart the service
3) Change the endpoints in the SQL table to point to https://...
To get the error, source the following file (change the username and password, and make sure the endpoint correctly points to https://...):
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PASSWORD=18ee8218fe2d4e6e
export OS_AUTH_URL=https://127.0.0.1:35357/v2.0/
Now run: keystone user-list
You get: Authorization Failed: SSL exception connecting to https://127.0.0.1:35357/v2.0/tokens
You are supposed to run: keystone --insecure user-list
It's really hard to tell by this error message what the cause of the
problems is. In addition to that, there is nothing in the keystone
logs. Please provide a more informative error message, and possibly
some logs to indicate what went wrong.
Thanks :)
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1297280/+subscriptions
Follow ups
References
