Hi,
I deployed OpenStack Ocata AIO with a self-signed certificate. The certificate is generated with the command 'kolla-genpwd'.
When I try to create a cluster template with Magnum, it failed. After investigation here is what I found in the magnum-api.log:
2017-07-24 19:30:49.683 18 INFO werkzeug [req-022d6f65-dab6-41a5-9d59-23a914dfc720 99799bbc61e5415dbdd9f27ac5b277c9 05d0cc5909e6447fbc26a60b52d42adc default - -] 10.10.20.31 - - [24/Jul/2017 19:30:49] "GET /v1/clustertemplates/detail HTTP/1.1" 200 -
2017-07-24 19:31:50.882 19 ERROR wsme.api [req-dd37aa12-1b12-4430-95f3-e687ef308bbf 99799bbc61e5415dbdd9f27ac5b277c9 05d0cc5909e6447fbc26a60b52d42adc default - -] Server-side error: "SSL certificate validation has failed: %(reason)s". Detail:
Traceback (most recent call last):
File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/wsmeext/pecan.py", line 85, in callfunction
result = f(self, *args, **kwargs)
File "<decorator-gen-22>", line 2, in post
File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/magnum/api/validation.py", line 89, in wrapper
return func(*args, **kwargs)
File "<decorator-gen-21>", line 2, in post
File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/magnum/api/validation.py", line 52, in wrapper
return func(*args, **kwargs)
File "<decorator-gen-20>", line 2, in post
File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/magnum/api/validation.py", line 104, in wrapper
return func(*args, **kwargs)
File "<decorator-gen-19>", line 2, in post
File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/magnum/api/validation.py", line 114, in wrapper
return func(*args, **kwargs)
File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/magnum/api/controllers/v1/cluster_template.py", line 343, in post
attr_validator.validate_os_resources(context, cluster_template_dict)
File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/magnum/api/attr_validator.py", line 193, in validate_os_resources
validate_method(cli, cluster_template[attr])
File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/magnum/api/attr_validator.py", line 79, in validate_external_network
networks = cli.neutron().list_networks(**ext_filter)
File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 778, in list_networks
**_params)
File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 376, in list
for r in self._pagination(collection, path, **params):
File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 391, in _pagination
res = self.get(path, params=params)
File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 361, in get
headers=headers, params=params)
File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 338, in retry_request
headers=headers, params=params)
File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 289, in do_request
resp, replybody = self.httpclient.do_request(action, method, body=body)
File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/client.py", line 175, in do_request
**kwargs)
File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/client.py", line 105, in _cs_request
raise exceptions.SslCertificateValidationError(reason=e)
SslCertificateValidationError: SSL certificate validation has failed: %(reason)s
2017-07-24 19:31:50.884 19 INFO werkzeug [req-dd37aa12-1b12-4430-95f3-e687ef308bbf 99799bbc61e5415dbdd9f27ac5b277c9 05d0cc5909e6447fbc26a60b52d42adc default - -] 10.10.20.31 - - [24/Jul/2017 19:31:50] "POST /v1/clustertemplates HTTP/1.1" 500 -
It looks like Magnum is trying to access the external API instead of the internal one.
Obviously if I deploy OpenStack without SSL everything is working fine.
Thanks a lot,
Simon Guyennet
Hi, this bug was fixes in master with this commit https:/ /github. com/openstack/ kolla-ansible/ commit/ fdc75cdd8c686d5 5ad2fcc5b86287a 82b853cc78 .
Will backport the fix