yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #62900
[Bug 1678686] Re: keystoneauth doesn't use a default cafile
** Also affects: nova
Importance: Undecided
Status: New
** Changed in: nova
Assignee: (unassigned) => Sean McCully (sean-mccully)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1678686
Title:
keystoneauth doesn't use a default cafile
Status in keystoneauth:
In Progress
Status in OpenStack Compute (nova):
New
Bug description:
KeystoneAuth doens't use a default cafile, this causes problems when
generating a local CA or self signed CA with HTTPS enabled endpoints.
Even though the CA can be installed locally, keystone auth will still
fail ssl verification.
=================
2017-04-03 00:54:49.305 545 DEBUG oslo_messaging._drivers.amqpdriver [-] received reply msg_id: bb9ce702f5864adf8e4720d2304fcb2a __call__ /usr/lib/python2.7/site-packages/oslo_messaging/_drivers/amqpdriver.py:346
2017-04-03 00:54:49.337 545 DEBUG cinderclient.v2.client [req-7cb00c0e-be3d-4e25-b369-fd8aecbae803 7106629bf3b440a79030d327abd0747e 2aeed525cd4e4f329b0567be30d3aa6c - default default] REQ: curl -g -i -X GET https://openstack.local.net:8776/v2/2aeed525cd4e4f329b0567be30d3aa6c/volumes/ef828539-027c-4daa-9c96-19d2f3cd51e3 -H "X-Service-Token: {SHA1}77aedd00ae7642ecf44c452749b8b3ed6f45330d" -H "User-Agent: python-cinderclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}a91d7c21ef9f2401ffbe691355000e7bcc9d390c" _http_log_request /usr/lib/python2.7/site-packages/keystoneauth1/session.py:347
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions [req-7cb00c0e-be3d-4e25-b369-fd8aecbae803 7106629bf3b440a79030d327abd0747e 2aeed525cd4e4f329b0567be30d3aa6c - default default] Unexpected exception in API method
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions Traceback (most recent call last):
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/nova/api/openstack/extensions.py", line 338, in wrapped
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions return f(*args, **kwargs)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/nova/api/validation/__init__.py", line 108, in wrapper
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions return func(*args, **kwargs)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/nova/api/openstack/compute/volumes.py", line 338, in create
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions volume_id, device)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/nova/compute/api.py", line 204, in inner
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions return function(self, context, instance, *args, **kwargs)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/nova/compute/api.py", line 152, in inner
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions return f(self, context, instance, *args, **kw)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/nova/compute/api.py", line 3772, in attach_volume
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions disk_bus, device_type)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/nova/compute/api.py", line 3715, in _attach_volume
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions volume_bdm.destroy()
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/oslo_utils/excutils.py", line 220, in __exit__
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions self.force_reraise()
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/oslo_utils/excutils.py", line 196, in force_reraise
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions six.reraise(self.type_, self.value, self.tb)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/nova/compute/api.py", line 3711, in _attach_volume
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions self._check_attach_and_reserve_volume(context, volume_id, instance)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/nova/compute/api.py", line 3693, in _check_attach_and_reserve_volume
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions volume = self.volume_api.get(context, volume_id)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/nova/volume/cinder.py", line 177, in wrapper
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions _reraise(exception.CinderConnectionFailed(reason=err_msg))
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/nova/volume/cinder.py", line 231, in _reraise
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions six.reraise(type(desired_exc), desired_exc, sys.exc_info()[2])
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/nova/volume/cinder.py", line 173, in wrapper
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions res = method(self, ctx, *args, **kwargs)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/nova/volume/cinder.py", line 195, in wrapper
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions res = method(self, ctx, volume_id, *args, **kwargs)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/nova/volume/cinder.py", line 239, in get
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions item = cinderclient(context).volumes.get(volume_id)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/cinderclient/v2/volumes.py", line 277, in get
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions return self._get("/volumes/%s" % volume_id, "volume")
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/cinderclient/base.py", line 314, in _get
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions resp, body = self.api.client.get(url)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/cinderclient/client.py", line 171, in get
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions return self._cs_request(url, 'GET', **kwargs)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/cinderclient/client.py", line 162, in _cs_request
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions return self.request(url, method, **kwargs)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/cinderclient/client.py", line 148, in request
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions **kwargs)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 380, in request
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 148, in request
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions return self.session.request(url, method, **kwargs)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions return wrapped(*args, **kwargs)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 616, in request
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions resp = send(**kwargs)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 678, in _send_request
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions raise exceptions.SSLError(msg)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions CinderConnectionFailed: Connection to cinder host failed: SSL exception connecting to https://openstack.local.nunet.net:8776/v2/2aeed525cd4e4f329b0567be30d3aa6c/volumes/ef828539-027c-4daa-9c96-19d2f3cd51e3: ("bad handshake: Error([('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)",)
2017-04-03 00:54:49.442 545 ERROR nova.api.openstack.extensions
====================
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystoneauth/+bug/1678686/+subscriptions
