nova-compute service is not starting when TLS certs are supplied via ssl_* options
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Nova Cloud Controller Charm |
Fix Released
|
High
|
Unassigned |
Bug Description
Although charm is showing "Unit is ready", the service itself never gets up:
ubuntu@node06:~$ service nova-compute status
● nova-compute.
Loaded: loaded (/lib/systemd/
Active: active (running) since Fri 2021-02-12 09:09:21 UTC; 1s ago
Main PID: 24411 (nova-compute)
Tasks: 1 (limit: 4915)
CGroup: /system.
└─24411 /usr/bin/python3 /usr/bin/
Feb 12 09:09:21 node06 systemd[1]: Started OpenStack Compute.
Feb 12 09:09:23 node06 nova-compute[
ubuntu@node06:~$
<again>
ubuntu@node06:~$ service nova-compute status
● nova-compute.
Loaded: loaded (/lib/systemd/
Active: active (running) since Fri 2021-02-12 09:09:32 UTC; 760ms ago
Main PID: 24553 (nova-compute)
Tasks: 1 (limit: 4915)
CGroup: /system.
└─24553 /usr/bin/python3 /usr/bin/
Feb 12 09:09:32 node06 systemd[1]: Started OpenStack Compute.
ubuntu@node06:~$
Sometimes, there is a "Services not running that should be: nova-compute", but this error message is transient.
The service is never getting online, due to:
2021-02-12 09:09:12.823 24283 WARNING keystoneauth.
2021-02-12 09:09:12.826 24283 CRITICAL nova [req-664b95e2-
2021-02-12 09:09:12.826 24283 ERROR nova Traceback (most recent call last):
2021-02-12 09:09:12.826 24283 ERROR nova File "/usr/lib/
2021-02-12 09:09:12.826 24283 ERROR nova chunked=chunked)
2021-02-12 09:09:12.826 24283 ERROR nova File "/usr/lib/
2021-02-12 09:09:12.826 24283 ERROR nova self._validate_
2021-02-12 09:09:12.826 24283 ERROR nova File "/usr/lib/
2021-02-12 09:09:12.826 24283 ERROR nova conn.connect()
2021-02-12 09:09:12.826 24283 ERROR nova File "/usr/lib/
2021-02-12 09:09:12.826 24283 ERROR nova ssl_context=
2021-02-12 09:09:12.826 24283 ERROR nova File "/usr/lib/
2021-02-12 09:09:12.826 24283 ERROR nova return context.
2021-02-12 09:09:12.826 24283 ERROR nova File "/usr/lib/
2021-02-12 09:09:12.826 24283 ERROR nova return GreenSSLSocket(
2021-02-12 09:09:12.826 24283 ERROR nova File "/usr/lib/
2021-02-12 09:09:12.826 24283 ERROR nova self.do_handshake()
2021-02-12 09:09:12.826 24283 ERROR nova File "/usr/lib/
2021-02-12 09:09:12.826 24283 ERROR nova super(GreenSSLS
2021-02-12 09:09:12.826 24283 ERROR nova File "/usr/lib/
2021-02-12 09:09:12.826 24283 ERROR nova return func(*a, **kw)
2021-02-12 09:09:12.826 24283 ERROR nova File "/usr/lib/
2021-02-12 09:09:12.826 24283 ERROR nova self._sslobj.
2021-02-12 09:09:12.826 24283 ERROR nova File "/usr/lib/
2021-02-12 09:09:12.826 24283 ERROR nova self._sslobj.
2021-02-12 09:09:12.826 24283 ERROR nova ssl.SSLError: [SSL: CERTIFICATE_
2021-02-12 09:09:12.826 24283 ERROR nova
2021-02-12 09:09:12.826 24283 ERROR nova During handling of the above exception, another exception occurred:
2021-02-12 09:09:12.826 24283 ERROR nova
2021-02-12 09:09:12.826 24283 ERROR nova Traceback (most recent call last):
2021-02-12 09:09:12.826 24283 ERROR nova File "/usr/lib/
2021-02-12 09:09:12.826 24283 ERROR nova timeout=timeout
2021-02-12 09:09:12.826 24283 ERROR nova File "/usr/lib/
2021-02-12 09:09:12.826 24283 ERROR nova _stacktrace=
2021-02-12 09:09:12.826 24283 ERROR nova File "/usr/lib/
2021-02-12 09:09:12.826 24283 ERROR nova raise MaxRetryError(
2021-02-12 09:09:12.826 24283 ERROR nova urllib3.
2021-02-12 09:09:12.826 24283 ERROR nova
bundle: https:/
juju status: https:/
nova-compute unit log: https:/
This has been observed at the two separate environments, so I suspect it has nothing to do with the particular certificate chain configuration on the specific environment. Before the new charm release it has worked fine - so we suspect there is some regression after the 21.01 charm release.
description: | updated |
Changed in charm-nova-compute: | |
assignee: | nobody → Aurelien Lourot (aurelien-lourot) |
Changed in charm-nova-compute: | |
status: | New → In Progress |
importance: | Undecided → High |
Changed in charm-nova-cloud-controller: | |
status: | Fix Committed → Fix Released |
milestone: | none → 21.01 |
assignee: | Aurelien Lourot (aurelien-lourot) → nobody |
Subscribing field-critical as this issue has no reliable workaround and is blocking our ongoing customer delivery.