yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #68164
[Bug 1720049] [NEW] glance image-list command failed when ssl enabled in glance service
Public bug reported:
Steps to reproduce:
1. Deploy glance service in SSL mode
2. Set below extra env variable
OS_CACERT=/etc/ssl/openstack/ca.crt
OS_CERT=/etc/ssl/openstack/client3.crt
OS_KEY=/etc/ssl/openstack/client3.key
3. Try to use this command: glance image-list
SSL exception connecting to https://pike-c7:9292/v2/images?limit=20&sort_key=name&sort_dir=asc: ("bad handshake: Error([('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure')],)",)
If I enable debug:
glance --debug image-list
DEBUG:keystoneauth.session:REQ: curl -g -i -X GET https://pike-c7:9292/v2/images?limit=20&sort_key=name&sort_dir=asc -H "User-Agent: python-glanceclient" -H "Content-Type: application/octet-stream" -H "X-Auth-Token: {SHA1}d41d9e001959c67c31eca98d67a65d048f13a1f4"
INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): pike-c7
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/glanceclient/shell.py", line 699, in main
OpenStackImagesShell().main(argv)
File "/usr/lib/python2.7/site-packages/glanceclient/shell.py", line 603, in main
args.func(client, args)
File "/usr/lib/python2.7/site-packages/glanceclient/v2/shell.py", line 237, in do_image_list
utils.print_list(images, columns)
File "/usr/lib/python2.7/site-packages/glanceclient/common/utils.py", line 185, in print_list
for o in objs:
File "/usr/lib/python2.7/site-packages/glanceclient/common/utils.py", line 524, in next
return self._next()
File "/usr/lib/python2.7/site-packages/glanceclient/common/utils.py", line 517, in _next
obj, resp = next(self._self_wrapped)
File "/usr/lib/python2.7/site-packages/glanceclient/v2/images.py", line 183, in list
for image, resp in paginate(url, page_size, limit):
File "/usr/lib/python2.7/site-packages/glanceclient/v2/images.py", line 110, in paginate
resp, body = self.http_client.get(next_url, headers=req_id_hdr)
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 288, in get
return self.request(url, 'GET', **kwargs)
File "/usr/lib/python2.7/site-packages/glanceclient/common/http.py", line 335, in request
**kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 192, in request
return self.session.request(url, method, **kwargs)
File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
return wrapped(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 703, in request
resp = send(**kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 765, in _send_request
raise exceptions.SSLError(msg)
SSLError: SSL exception connecting to https://pike-c7:9292/v2/images?limit=20&sort_key=name&sort_dir=asc: ("bad handshake: Error([('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure')],)",)
SSL exception connecting to https://pike-c7:9292/v2/images?limit=20&sort_key=name&sort_dir=asc: ("bad handshake: Error([('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure')],)",)
But if I input three parameters in command line, It can display result:
glance --os-cacert /etc/ssl/openstack/ca.crt --os-cert /etc/ssl/openstack/client3.crt --os-key /etc/ssl/openstack/client3.key image-list
+--------------------------------------+-------------------------+
| ID | Name |
+--------------------------------------+-------------------------+
| 9f3c23db-5d67-4aba-9dd2-aec5287f5f1c | cirros |
| 3664023e-9db6-44a3-9e18-86d14ade5784 | cloud-template-centos73 |
| | |
| c3a7f251-6ede-41df-b75f-a9257d1b71ef | cloud-template-rhel73 |
| | |
+--------------------------------------+-------------------------+
It seems that glance client didn't read certificate and/or key file from
env variable.
Version:
Pike on CentOS 7 (OpenStack-Pike release in CentOS delivery)
python2-glanceclient-2.8.0-1.el7.noarch
** Affects: glance
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1720049
Title:
glance image-list command failed when ssl enabled in glance service
Status in Glance:
New
Bug description:
Steps to reproduce:
1. Deploy glance service in SSL mode
2. Set below extra env variable
OS_CACERT=/etc/ssl/openstack/ca.crt
OS_CERT=/etc/ssl/openstack/client3.crt
OS_KEY=/etc/ssl/openstack/client3.key
3. Try to use this command: glance image-list
SSL exception connecting to https://pike-c7:9292/v2/images?limit=20&sort_key=name&sort_dir=asc: ("bad handshake: Error([('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure')],)",)
If I enable debug:
glance --debug image-list
DEBUG:keystoneauth.session:REQ: curl -g -i -X GET https://pike-c7:9292/v2/images?limit=20&sort_key=name&sort_dir=asc -H "User-Agent: python-glanceclient" -H "Content-Type: application/octet-stream" -H "X-Auth-Token: {SHA1}d41d9e001959c67c31eca98d67a65d048f13a1f4"
INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): pike-c7
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/glanceclient/shell.py", line 699, in main
OpenStackImagesShell().main(argv)
File "/usr/lib/python2.7/site-packages/glanceclient/shell.py", line 603, in main
args.func(client, args)
File "/usr/lib/python2.7/site-packages/glanceclient/v2/shell.py", line 237, in do_image_list
utils.print_list(images, columns)
File "/usr/lib/python2.7/site-packages/glanceclient/common/utils.py", line 185, in print_list
for o in objs:
File "/usr/lib/python2.7/site-packages/glanceclient/common/utils.py", line 524, in next
return self._next()
File "/usr/lib/python2.7/site-packages/glanceclient/common/utils.py", line 517, in _next
obj, resp = next(self._self_wrapped)
File "/usr/lib/python2.7/site-packages/glanceclient/v2/images.py", line 183, in list
for image, resp in paginate(url, page_size, limit):
File "/usr/lib/python2.7/site-packages/glanceclient/v2/images.py", line 110, in paginate
resp, body = self.http_client.get(next_url, headers=req_id_hdr)
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 288, in get
return self.request(url, 'GET', **kwargs)
File "/usr/lib/python2.7/site-packages/glanceclient/common/http.py", line 335, in request
**kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 192, in request
return self.session.request(url, method, **kwargs)
File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
return wrapped(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 703, in request
resp = send(**kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 765, in _send_request
raise exceptions.SSLError(msg)
SSLError: SSL exception connecting to https://pike-c7:9292/v2/images?limit=20&sort_key=name&sort_dir=asc: ("bad handshake: Error([('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure')],)",)
SSL exception connecting to https://pike-c7:9292/v2/images?limit=20&sort_key=name&sort_dir=asc: ("bad handshake: Error([('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure')],)",)
But if I input three parameters in command line, It can display result:
glance --os-cacert /etc/ssl/openstack/ca.crt --os-cert /etc/ssl/openstack/client3.crt --os-key /etc/ssl/openstack/client3.key image-list
+--------------------------------------+-------------------------+
| ID | Name |
+--------------------------------------+-------------------------+
| 9f3c23db-5d67-4aba-9dd2-aec5287f5f1c | cirros |
| 3664023e-9db6-44a3-9e18-86d14ade5784 | cloud-template-centos73 |
| | |
| c3a7f251-6ede-41df-b75f-a9257d1b71ef | cloud-template-rhel73 |
| | |
+--------------------------------------+-------------------------+
It seems that glance client didn't read certificate and/or key file
from env variable.
Version:
Pike on CentOS 7 (OpenStack-Pike release in CentOS delivery)
python2-glanceclient-2.8.0-1.el7.noarch
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1720049/+subscriptions
Follow ups