OS_TARGET_CACERT or --os-target_cacert both not work, still report CERTIFICATE_VERIFY_FAILED
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mistral |
Fix Released
|
Medium
|
Andras Kovi |
Bug Description
Mistral release: 7.0.0.0b2
Workflow test.yaml:
version: '2.0'
create_vm:
description: Simple workflow example
type: direct
tasks:
get_servers:
action: nova.servers_list
publish:
servers: <% task(get_
Openstack RC info:
export MISTRAL_URL="http://
export OS_TARGET_AUTH_URL=https:/
export OS_TARGET_
export OS_TARGET_
export OS_TARGET_
export OS_TARGET_
export OS_TARGET_
export OS_TARGET_
export OS_TARGET_
Commands:
mistral workflow-create test.yaml
mistral execution-create create_vm
Result:
get_servers [task_ex_
NovaAction.
Also I tries msitral --os-target_cacert /tmp/openstack.crt execution-create create_vm, still the same error.
This cacert file works when I directly uses openstack command like "nova list".
Changed in mistral: | |
assignee: | nobody → Andras Kovi (akovi) |
status: | New → Confirmed |
tags: | added: docs |
Changed in mistral: | |
milestone: | none → rocky-3 |
importance: | Undecided → Medium |
Also I tried to set mistral.conf: authtoken] /.../v3
[keystone_
cafile = /tmp/openstack.crt
auth_uri = https:/
And in client to set OpenStack RC info: localhost: 8989/v2" /.../v3 /tmp/openstack. crt NAME=RegionOne DOMAIN_ NAME=Default DOMAIN_ NAME=Default
Openstack RC info:
export MISTRAL_URL="http://
export OS_AUTH_URL=https:/
export OS_USERNAME=...
export OS_PROJECT_NAME=...
export OS_PASSWORD=...
export OS_CACERT=
export OS_REGION_
export OS_USER_
export OS_PROJECT_
But it still report the same error. And the traceback is: actions. openstack. base [req-1a06d85f- 32ea-4e89- b8ef-7a59d85502 1a - - - - -] Traceback (most recent call last): python2. 7/site- packages/ mistral/ actions/ openstack/ base.py" , line 115, in run client_ method( self._get_ client( context) ) python2. 7/site- packages/ mistral/ actions/ openstack/ base.py" , line 84, in _get_client client( context) python2. 7/site- packages/ mistral/ actions/ openstack/ actions. py", line 89, in _create_client service_ endpoint( ) python2. 7/site- packages/ mistral/ actions/ openstack/ base.py" , line 108, in get_service_ endpoint name=self. action_ region python2. 7/site- packages/ mistral/ utils/openstack /keystone. py", line 161, in get_endpoint_ for_project service_ catalog( ctx) python2. 7/site- packages/ mistral/ utils/openstack /keystone. py", line 239, in obtain_ service_ catalog ).tokens. get_token_ data( python2. 7/site- packages/ mistral/ utils/openstack /keystone. py", line 44, in client url=auth_ url python2. 7/site- packages/ keystoneclient/ v3/client. py", line 263, in __init__ authenticate( ) python2. 7/site- packages/ keystoneclient/ httpclient. py", line 578, in authenticate raw_token_ from_identity_ service( **kwargs) python2. 7/site- packages/ keystoneclient/ v3/client. py", line 349, in get_raw_ token_from_ identity_ service Authorization failed: %s') % e) ilure: Authorization failed: SSL exception connecting to https:/ /.../v3/ auth/tokens: HTTPSConnection Pool(host= '...', port=...): Max retries exceeded with url: /v3/auth/tokens (Caused by SSLError( SSLError( 1, u'[SSL: CERTIFICATE_ VERIFY_ FAILED] certificate verify failed (_ssl.c:579)'),))
2018-07-20 03:06:39.509 766 WARNING mistral.
File "/usr/lib/
method = self._get_
File "/usr/lib/
return self._create_
File "/usr/lib/
nova_endpoint = self.get_
File "/usr/lib/
region_
File "/usr/lib/
service_catalog = obtain_
File "/usr/lib/
response = client(
File "/usr/lib/
auth_
File "/usr/lib/
self.
File "/usr/lib/
resp = self.get_
File "/usr/lib/
_('
AuthorizationFa