yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #67751
[Bug 1704798] Re: GET /os-quota-sets/{tenant_id} API is failing with SSL exception
Reviewed: https://review.openstack.org/485121
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=905d31dd9715505599b0a2ad123eebef37f606f5
Submitter: Jenkins
Branch: master
commit 905d31dd9715505599b0a2ad123eebef37f606f5
Author: jichenjc <jichenjc@xxxxxxxxxx>
Date: Sun Jul 9 10:35:23 2017 +0800
Enable custom certificates for keystone communication
Nova creates a session back to keystone to verify project ids for
quota and flavor access APIs. The session that was being created was
not based on conf options, so it only worked in simple default
scenarios. This updates the session by using the newly added keystone
section to utilize keystoneauth1 to manage the session creation, which
allows for specifying custom site certificates to secure the link
between Nova and Keystone.
Change-Id: Ice4b226fdabdfb66e60b61de05ac8f3b37610661
Closes-Bug: 1704798
** Changed in: nova
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1704798
Title:
GET /os-quota-sets/{tenant_id} API is failing with SSL exception
Status in OpenStack Compute (nova):
Fix Released
Bug description:
In the flow of GET /os-quota-sets/{tenant_id} API, when
project_id/tenant_id is being verified by communicating with keystone
through secure(https)connection at
https://github.com/openstack/nova/blob/master/nova/api/openstack/identity.py#L32,
it is failing in certificate validation error as below.
2017-07-06 01:13:28.134 21365 ERROR nova.api.openstack.identity Traceback (most recent call last):
2017-07-06 01:13:28.134 21365 ERROR nova.api.openstack.identity File "/usr/lib/python2.7/site-packages/nova/api/openstack/identity.py", line 42, in verify_project_id
2017-07-06 01:13:28.134 21365 ERROR nova.api.openstack.identity raise_exc=False)
2017-07-06 01:13:28.134 21365 ERROR nova.api.openstack.identity File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 758, in get
2017-07-06 01:13:28.134 21365 ERROR nova.api.openstack.identity return self.request(url, 'GET', **kwargs)
2017-07-06 01:13:28.134 21365 ERROR nova.api.openstack.identity File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
2017-07-06 01:13:28.134 21365 ERROR nova.api.openstack.identity return wrapped(*args, **kwargs)
2017-07-06 01:13:28.134 21365 ERROR nova.api.openstack.identity File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 616, in request
2017-07-06 01:13:28.134 21365 ERROR nova.api.openstack.identity resp = send(**kwargs)
2017-07-06 01:13:28.134 21365 ERROR nova.api.openstack.identity File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 678, in _send_request
2017-07-06 01:13:28.134 21365 ERROR nova.api.openstack.identity raise exceptions.SSLError(msg)
2017-07-06 01:13:28.134 21365 ERROR nova.api.openstack.identity SSLError: SSL exception connecting to https://xxx.xxx.xxx.xxx:5000/v3/projects/0fe761dc32934fc88c390d244acb6971: ("bad handshake: Error([('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)",)
2017-07-06 01:13:28.134 21365 ERROR nova.api.openstack.identity
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1704798/+subscriptions
References
