Mirantis OpenStack

Image creation over glance v1 using public endpoint that is under SSL failed with CommunicationError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:765)

Bug #1527224 reported by Tatyanka
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mirantis OpenStack
Status tracked in 10.0.x
10.0.x
Confirmed
Medium
Kairat Kushaev
Mirantis OpenStack 10.0
9.x
Won't Fix
Medium
Kairat Kushaev
Mirantis OpenStack 9.0

Bug Description

1. Deploy Fuel cluster with SSL on services and horizon
2. Try to create image using v1 api and public endpoints with insecure True (I use ostf that was switched to public endpoints, but it is not now in master yet)
3. Request image list over v1 and public endpoint

Expected Result:
Image created

Actual Result:
Get list passed without any of error
and Image creation fails with:
keystoneclient.auth.identity.v2: DEBUG: Making authentication request to https://10.109.3.3:5000/v2.0/tokens fuel_health.common.test_mixins: INFO: STEP:1, verify action: 'Image creation' glanceclient.common.http: DEBUG: curl -g -i -X POST -H 'Accept-Encoding: gzip, deflate' -H 'x-image-meta-container_format: bare' -H 'Accept: */*' -H 'X-Auth-Token: {SHA1}9f765ed4c5b59c57bbcacd86126e335317036a28' -H 'x-image-meta-size: 1024' -H 'Connection: keep-alive' -H 'User-Agent: python-glanceclient' -H 'Content-Type: application/octet-stream' -H 'x-image-meta-disk_format: raw' -H 'x-image-meta-name: ostf_test-image_glance-400860815' -k --cert None --key None https://10.109.3.3:9292/v1/images fuel_health.common.test_mixins: DEBUG: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/fuel_health/common/test_mixins.py", line 177, in verify result = func(*args, **kwargs) File "/usr/lib/python2.7/site-packages/fuel_health/glancemanager.py", line 68, in image_create disk_format=disk_format, **kwargs) File "/usr/lib/python2.7/site-packages/glanceclient/v1/images.py", line 324, in create data=image_data) File "/usr/lib/python2.7/site-packages/glanceclient/common/http.py", line 283, in post return self._request('POST', url, **kwargs) File "/usr/lib/python2.7/site-packages/glanceclient/common/http.py", line 261, in _request raise exc.CommunicationError(message=message) CommunicationError: Error finding address for https://10.109.3.3:9292/v1/images: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:765) fuel_health.glancemanager: DEBUG: Deleting images created by Glance test

At the same time all those tests with the same endpoints passed for v2 (so v2 do not have any issues with that)

http://paste.openstack.org/show/482179/

VERSION:
  feature_groups:
    - mirantis
  production: "docker"
  release: "8.0"
  api: "1.0"
  build_number: "297"
  build_id: "297"
  fuel-nailgun_sha: "8930b95bf889ad6fbb7fa3218013aebf15f288b6"
  python-fuelclient_sha: "8013333fdbe69df41f665b4b31c731e8d4982a07"
  fuel-agent_sha: "3a568b454b496a07639c188c428a5e10e1a61253"
  fuel-nailgun-agent_sha: "a33a58d378c117c0f509b0e7badc6f0910364154"
  astute_sha: "c56dfde2da034151a7e707b381c4cf9d213b4ba2"
  fuel-library_sha: "ce7315bcaec88cf21c0d54485c9d1e402d20e8dc"
  fuel-ostf_sha: "9910a4726cbd038c257582b429527e40c4c3cb20"
  fuel-mirror_sha: "c1c856f49c9fc228b6a00c9c9b4bcbac9c49468f"
  fuelmenu_sha: "680b720291ff577f4c058cee25f85e563c96312e"
  shotgun_sha: "a0bd06508067935f2ae9be2523ed0d1717b995ce"
  network-checker_sha: "67d4954c92ec0001032f732fea5da6cb32037371"
  fuel-upgrade_sha: "1e894e26d4e1423a9b0d66abd6a79505f4175ff6"
  fuelmain_sha: "7702258023b34e67e94594aef0d679a67fd844c5"

See original description
Revision history for this message
Tatyanka (tatyana-leontovich) wrote :

https://drive.google.com/a/mirantis.com/file/d/0B_tSitrwrgvoaVFEZzVNY0pmd0k/view?usp=sharing

Roman Podoliaka (rpodolyaka)
Changed in mos:
status: New → Confirmed
Tatyanka (tatyana-leontovich)
description: updated
description: updated
Alexey Galkin (agalkin)
Changed in mos:
assignee: MOS Glance (mos-glance) → Alexey Galkin (agalkin)
Revision history for this message
Alexey Galkin (agalkin) wrote :

Can't reproduce on mos 8.0 ISO#327.

Steps to reproduce:

1. Deploy Fuel cluster with SSL on services and horizon.
2. Trying to run all ostf tests (all ostf tests have passed successfully).
3. Set 'insecure = True' in glance-api.conf on all controllers and restart glance-api service.
4. Trying to run all ostf tests (all ostf tests have passed successfully).
5. Let's try to create an image manually by using v1:
root@node-4:~# glance --os-image-api-version 1 image-create --file openrc --container-format bare --disk-format qcow2
+------------------+--------------------------------------+
| Property | Value |
 +------------------+--------------------------------------+
| checksum | 2305cce2b1e001fc68ad5bb967717592 |
| container_format | bare |
| created_at | 2015-12-21T16:14:10.000000 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | d1b3d960-6fd4-4955-a15a-dd879423b643 |
| is_public | False |
| min_disk | 0 |
| min_ram | 0 |
| name | None |
| owner | 5f69905190ae4c4d89192725c28a3cc7 |
| protected | False |
| size | 688 |
| status | active |
| updated_at | 2015-12-21T16:14:12.000000 |
| virtual_size | None |
 +------------------+--------------------------------------+

Result: image successfully created

4. Trying to get image list with v1:

root@node-4:~# glance --os-image-api-version 1 image-list
+--------------------------------------+--------+-------------+------------------+----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
 +--------------------------------------+--------+-------------+------------------+----------+--------+
| d1b3d960-6fd4-4955-a15a-dd879423b643 | | qcow2 | bare | 688 | active |
| 30667ff3-94a5-4002-9496-91e1d5420163 | TestVM | qcow2 | bare | 13287936 | active |
 +--------------------------------------+--------+-------------+------------------+----------+--------+

Result: image list successfully received.

I did not find the problem, change the status of this bug on: "invalid". Correct me if I'm wrong in reproduce steps.

Changed in mos:
status: Confirmed → Invalid
Revision history for this message
Tatyanka (tatyana-leontovich) wrote :

your steps are wrong: 1. I mentioned in bug report that list operation is success, failed the post one, also it is important to run in outside the node by public url

Changed in mos:
status: Invalid → Confirmed
Timur Nurlygayanov (tnurlygayanov)
Changed in mos:
assignee: Alexey Galkin (agalkin) → MOS Glance (mos-glance)
Kairat Kushaev (kkushaev)
Changed in mos:
assignee: MOS Glance (mos-glance) → Kairat Kushaev (kkushaev)
status: Confirmed → In Progress
Revision history for this message
Kairat Kushaev (kkushaev) wrote :

Hello,
I tested this for MOS 8.0 and I failed to re-produce the issue:
  feature_groups:
    - mirantis
  production: "docker"
  release: "8.0"
  api: "1.0"
  build_number: "512"
  build_id: "512"
  fuel-nailgun_sha: "19fb6afdafcc17f87922e10e4cc90689c087d49c"
  python-fuelclient_sha: "4f234669cfe88a9406f4e438b1e1f74f1ef484a5"
  fuel-agent_sha: "658be72c4b42d3e1436b86ac4567ab914bfb451b"
  fuel-nailgun-agent_sha: "b2bb466fd5bd92da614cdbd819d6999c510ebfb1"
  astute_sha: "b81577a5b7857c4be8748492bae1dec2fa89b446"
  fuel-library_sha: "af8b5f7b3d1e231d0b04de5e79dd60b5b35d5ad7"
  fuel-ostf_sha: "5fe41945c2a49f26c849df1fd46329f6db1ab6b0"
  fuel-mirror_sha: "1e93fe1794b988677ff0942788bd48b61a89d307"
  fuelmenu_sha: "234cb4cbb30fbd2df00f388c28f31606d9cae15f"
  shotgun_sha: "63645dea384a37dde5c01d4f8905566978e5d906"
  network-checker_sha: "a43cf96cd9532f10794dce736350bf5bed350e9d"
  fuel-upgrade_sha: "616a7490ec7199f69759e97e42f9b97dfc87e85b"
  fuelmain_sha: "94507c5e4dad6d8cfbd8f5d41aa8389d5335990a"
Here is steps I executed:
1. Execute keystone endpoint-list and find public endpoint ip: https://paste.mirantis.net/show/1812/
2. After that I tried to create image with curl (the same as client generates for v1) and I succeed: http://paste.openstack.org/show/485826/
3. Now I am truying to install glanceclient locally and execute the scenario again to prove (or unprove) that public endpoints are working correctly with ssl.

Revision history for this message
Kairat Kushaev (kkushaev) wrote :

So
1. I installed python-glanceclient 1.1.0.
2. Provided the following openrc file:
https://paste.mirantis.net/show/1814/
3. image has been created successfully:
https://paste.mirantis.net/show/1813/

The bug is either incomplete or invalid (the trouble is in tempest configurations).
glanceclient works correctly for insecure connection to public URL.
I am marking this as invalid until there will be the cases where the issue can be re-produced.

Revision history for this message
Tatyanka (tatyana-leontovich) wrote :

We make some testing with Kairat Kushaev and found that tests fails only if we try to connect to v1 glance by public ssl endpoint over proxy, so move to won't fix for 8.0 according it is not impact for user at all . Also downgrade priority to low for 9.0 to look on this problem on Mitaka cycle and decide do we need support such case at all

Changed in mos:
importance: High → Medium
status: In Progress → Won't Fix
Revision history for this message
Roman Podoliaka (rpodolyaka) wrote :

Let's revisit this in 9.0 again. From what Tatyana says this sounds like an Invalid (how SSL is supposed to work over a proxy?).

Revision history for this message
Kairat Kushaev (kkushaev) wrote :

The V1 API is going to be deprecated in next cycle.
I checked test case manually with glanceclient and was not reproduced again, so looks like trouble with tempest.

Kairat Kushaev (kkushaev)
tags: added: move-to-10.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.