← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #12142

[Bug 1297280] Re: Unhelpful error message when keystone uses self-signed SSL certificates

  Thread PreviousDate PreviousThread Next 
There wouldn't be any impact on keystone itself (nor anything for it to
log), but we might be able to get some better feedback out of requests,
which is what is producing the SSL validation failure.

** Project changed: keystone => python-keystoneclient

** Tags added: user-experience

** Changed in: python-keystoneclient
   Importance: Undecided => Low

** Changed in: python-keystoneclient
       Status: New => Triaged

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1297280

Title:
  Unhelpful error message when keystone uses self-signed SSL
  certificates

Status in Python client library for Keystone:
  Triaged

Bug description:
  When keystone is configured to use SSL and its certificates are not
  signed by a trusted authority, all the keystone client commands
  return:

  Authorization Failed: SSL exception connecting to
  https://127.0.0.1:35357/v2.0/tokens

  It would be better to instruct the user to pass the "--insecure"
  command-line option to the keystone command.

  I set up my keystone with SSL like this:
  1) Uncomment the following lines in keystone.conf:
  [ssl]
  enable = True
  certfile = /etc/keystone/pki/certs/ssl_cert.pem
  keyfile = /etc/keystone/pki/private/ssl_key.pem
  ca_certs = /etc/keystone/pki/certs/cacert.pem
  ca_key = /etc/keystone/pki/private/cakey.pem

  2) Run 'keystone-manage ssl_setup --keystone-user keystone --keystone-
  group keystone' and restart the service

  3) Change the endpoints in the SQL table to point to https://...

  To get the error, source the following file (change the username and password, and make sure the endpoint correctly points to https://...):
  export OS_USERNAME=admin
  export OS_TENANT_NAME=admin
  export OS_PASSWORD=18ee8218fe2d4e6e
  export OS_AUTH_URL=https://127.0.0.1:35357/v2.0/

  Now run: keystone user-list
  You get: Authorization Failed: SSL exception connecting to https://127.0.0.1:35357/v2.0/tokens
  You are supposed to run: keystone --insecure user-list

  It's really hard to tell by this error message what the cause of the
  problems is. In addition to that, there is nothing in the keystone
  logs. Please provide a more informative error message, and possibly
  some logs to indicate what went wrong.

  Thanks :)

To manage notifications about this bug go to:
https://bugs.launchpad.net/python-keystoneclient/+bug/1297280/+subscriptions

References

  Thread PreviousDate PreviousThread Next