Fuel for OpenStack

Test deploy neutron tun failed with [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol on attempts to auth in keystone

Bug #1520495 reported by Tatyanka on 2015-11-27

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Fuel for OpenStack	Fix Released	Critical	Vladimir Kuklin	Fuel for OpenStack 8.0

Bug Description

Deploy cluster in ha mode with 1 controller and Neutron

        Scenario:
            1. Create cluster
            2. Add 1 node with controller role
            3. Add 2 nodes with compute role
            4. Run network verification
            5 Update ssl hostname field with public vip ip
            6. Deploy cluster
            7. Run network verification
            8. Try to auth in keystone over public endpoint with casert

Actual:
Failed with
Error Message

Authorization Failed: SSL exception connecting to https://10.109.23.3:5000/v2.0/tokens: [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

Start to fail after changes
https://github.com/openstack/fuel-library/commit/7426c422a408004f4cc5ddf5c1cd65b9212ca94a

VERSION:
  feature_groups:
    - mirantis
  production: "docker"
  release: "8.0"
  openstack_version: "2015.1.0-8.0"
  api: "1.0"
  build_number: "216"
  build_id: "216"
  fuel-nailgun_sha: "c65165087e9624f524188f00b7d1dec52aa5adec"
  python-fuelclient_sha: "4f9a873b1ae68271bb848a1145b3cf912a176f4b"
  fuel-agent_sha: "c7de981fc952bae196ba21df52dd0015625271fc"
  fuel-nailgun-agent_sha: "a33a58d378c117c0f509b0e7badc6f0910364154"
  astute_sha: "d2c1b401816c6f0341902272f37018b9cec3c775"
  fuel-library_sha: "dde99f902d58c612c2ffb7afa649139f303248e3"
  fuel-ostf_sha: "3e8ba6373541a195d6efd44db4fa4d2bd68778b7"
  fuel-createmirror_sha: "a31465e82eeb5710ab31afd6e739e39847541376"
  fuelmenu_sha: "601536e7054a0f80a6ef78d4219b97f00fbf6e7e"
  shotgun_sha: "25a0cc461a9fa4f7684f04cef0ff4ad9aa99a64d"
  network-checker_sha: "2c62cd52655ea6456ff6294fd63f18d6ea54fe38"
  fuel-upgrade_sha: "1e894e26d4e1423a9b0d66abd6a79505f4175ff6"
  fuelmain_sha: "743a8df03579d0d622b09e4d786f8435279840fd"

Tags:

Revision history for this message

Tatyanka (tatyana-leontovich) wrote on 2015-11-27:

fail_error_deploy_neutron_tun-fuel-snapshot-2015-11-27_03-45-05.tar.xz Edit (20.3 MiB, application/octet-stream)

Changed in fuel:
importance:	Undecided → High

Revision history for this message

Nastya Urlapova (aurlapova) wrote on 2015-11-27:

It should has Critical priority, because it is a failure on smoke test.

Changed in fuel:
importance:	High → Critical

Dmitry Klenov (dklenov) on 2015-11-27

Changed in fuel:
status:	New → Confirmed

Dmitry Klenov (dklenov) on 2015-11-27

tags:

added: area-library

Revision history for this message

Matthew Mosesohn (raytrac3r) wrote on 2015-11-27:

root@node-2:~# hiera public_ssl
{"hostname"=>"10.109.28.3",
"horizon"=>false,
"services"=>false,
(output truncated)

That's why OSTF gets an SSL error when trying to reach https://10.109.28.3:5000/v2.0, which is because SSL isn't enabled here.

Changed in fuel:
status:	Confirmed → Incomplete

Revision history for this message

Tatyanka (tatyana-leontovich) wrote on 2015-11-27:

Actually ostf is pass here , and also ostf is not works with public net at all

Revision history for this message

Matthew Mosesohn (raytrac3r) wrote on 2015-11-27:

The issue here is that fuel-qa assumes that SSL defaults to enabled, but now it's disabled https://review.openstack.org/#/c/249693/

Passing to fuel-qa to investigate their side and update tests configuration

Changed in fuel:
status:	Incomplete → Confirmed
assignee:	Fuel Library Team (fuel-library) → Fuel QA Team (fuel-qa)

OpenStack Infra (hudson-openstack) on 2015-11-27

Changed in fuel:
assignee:	Fuel QA Team (fuel-qa) → Vladimir Kuklin (vkuklin)
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-27: Fix merged to fuel-web (master)

Reviewed: https://review.openstack.org/250812
Committed: https://git.openstack.org/cgit/openstack/fuel-web/commit/?id=d72787e3032250748060204a85a2c4fe0b578d31
Submitter: Jenkins
Branch: master

commit d72787e3032250748060204a85a2c4fe0b578d31
Author: Nastya Urlapova <email address hidden>
Date: Fri Nov 27 13:30:32 2015 +0000

Revert "Disable TLS by default"

This reverts commit f1879e8974f18733badd4daefb85eb3439f00ac9.

Closes-bug: #1520495
Related-bug: #1495466

Change-Id: Ia29bbf146e9149a738488f2d1a0e2e93f6f4b47b

Changed in fuel:
status:	In Progress → Fix Committed

Dmitriy Kruglov (dkruglov) on 2015-12-01

tags:

added: on-verification

Revision history for this message

Dmitriy Kruglov (dkruglov) wrote on 2015-12-01:

Verified on MOS 8.0 build 219 and higher (swarm runs).
The issue is not reproduced.

tags:	removed: on-verification
Changed in fuel:
status:	Fix Committed → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-12-09: Related fix merged to fuel-qa (master)

Reviewed: https://review.openstack.org/250816
Committed: https://git.openstack.org/cgit/openstack/fuel-qa/commit/?id=450ecbe97cfb3f1a6db751a77ff31391092741e8
Submitter: Jenkins
Branch: master

commit 450ecbe97cfb3f1a6db751a77ff31391092741e8
Author: Artem Panchenko <email address hidden>
Date: Fri Nov 27 15:32:02 2015 +0200

Enable SSL for clouds in system tests

    SSL is going to be disabled by default for new
    OpenStack environments, so tests must enable it
    if 'DISABLE_SSL' is not set to 'True'.

Related-bug: #1520495
Change-Id: Ib3a851413c935e1423910fd65ea4f3086a5cd17d

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1520552

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

fail_error_deploy_neutron_tun-fuel-snapshot-2015-11-27_03-45-05.tar.xz Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.