Tests fail with python 2.7.9

Bug #1403068 reported by Chuck Short on 2014-12-16
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cinder
Undecided
Corey Bryant
Icehouse
Undecided
Unassigned
Juno
Undecided
Corey Bryant
Manila
Undecided
James Page
OpenStack Identity (keystone)
High
James Page
Icehouse
Undecided
Unassigned
Juno
Undecided
Unassigned
neutron
Undecided
Unassigned
Icehouse
Undecided
Unassigned
Juno
Undecided
Corey Bryant

Bug Description

Tests that require SSL fail on python 2.7.9 due to the change in python uses SSL certificates.

======================================================================
FAIL: cinder.tests.test_wsgi.TestWSGIServer.test_app_using_ipv6_and_ssl
cinder.tests.test_wsgi.TestWSGIServer.test_app_using_ipv6_and_ssl
----------------------------------------------------------------------
_StringException: Traceback (most recent call last):
  File "/tmp/buildd/cinder-2014.2/cinder/tests/test_wsgi.py", line 237, in test_app_using_ipv6_and_ssl
    response = open_no_proxy('https://[::1]:%d/' % server.port)
  File "/tmp/buildd/cinder-2014.2/cinder/tests/test_wsgi.py", line 47, in open_no_proxy
    return opener.open(*args, **kwargs)
  File "/usr/lib/python2.7/urllib2.py", line 431, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 449, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 409, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/urllib2.py", line 1240, in https_open
    context=self._context)
  File "/usr/lib/python2.7/urllib2.py", line 1197, in do_open
    raise URLError(err)
URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)>
Traceback (most recent call last):
_StringException: Empty attachments:
  stderr
  stdout

Traceback (most recent call last):
  File "/tmp/buildd/cinder-2014.2/cinder/tests/test_wsgi.py", line 237, in test_app_using_ipv6_and_ssl
    response = open_no_proxy('https://[::1]:%d/' % server.port)
  File "/tmp/buildd/cinder-2014.2/cinder/tests/test_wsgi.py", line 47, in open_no_proxy
    return opener.open(*args, **kwargs)
  File "/usr/lib/python2.7/urllib2.py", line 431, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 449, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 409, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/urllib2.py", line 1240, in https_open
    context=self._context)
  File "/usr/lib/python2.7/urllib2.py", line 1197, in do_open
    raise URLError(err)
URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)>

Traceback (most recent call last):
_StringException: Empty attachments:
  stderr
  stdout

Traceback (most recent call last):
  File "/tmp/buildd/cinder-2014.2/cinder/tests/test_wsgi.py", line 237, in test_app_using_ipv6_and_ssl
    response = open_no_proxy('https://[::1]:%d/' % server.port)
  File "/tmp/buildd/cinder-2014.2/cinder/tests/test_wsgi.py", line 47, in open_no_proxy
    return opener.open(*args, **kwargs)
  File "/usr/lib/python2.7/urllib2.py", line 431, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 449, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 409, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/urllib2.py", line 1240, in https_open
    context=self._context)
  File "/usr/lib/python2.7/urllib2.py", line 1197, in do_open
    raise URLError(err)
URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)>

======================================================================
FAIL: cinder.tests.test_wsgi.TestWSGIServer.test_app_using_ssl
cinder.tests.test_wsgi.TestWSGIServer.test_app_using_ssl
----------------------------------------------------------------------
_StringException: Traceback (most recent call last):
  File "/tmp/buildd/cinder-2014.2/cinder/tests/test_wsgi.py", line 212, in test_app_using_ssl
    response = open_no_proxy('https://127.0.0.1:%d/' % server.port)
  File "/tmp/buildd/cinder-2014.2/cinder/tests/test_wsgi.py", line 47, in open_no_proxy
    return opener.open(*args, **kwargs)
  File "/usr/lib/python2.7/urllib2.py", line 431, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 449, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 409, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/urllib2.py", line 1240, in https_open
    context=self._context)
  File "/usr/lib/python2.7/urllib2.py", line 1197, in do_open
    raise URLError(err)
URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)>
Traceback (most recent call last):
_StringException: Empty attachments:
  stderr
  stdout

Traceback (most recent call last):
  File "/tmp/buildd/cinder-2014.2/cinder/tests/test_wsgi.py", line 212, in test_app_using_ssl
    response = open_no_proxy('https://127.0.0.1:%d/' % server.port)
  File "/tmp/buildd/cinder-2014.2/cinder/tests/test_wsgi.py", line 47, in open_no_proxy
    return opener.open(*args, **kwargs)
  File "/usr/lib/python2.7/urllib2.py", line 431, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 449, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 409, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/urllib2.py", line 1240, in https_open
    context=self._context)
  File "/usr/lib/python2.7/urllib2.py", line 1197, in do_open
    raise URLError(err)
URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)>

Traceback (most recent call last):
_StringException: Empty attachments:
  stderr
  stdout

Traceback (most recent call last):
  File "/tmp/buildd/cinder-2014.2/cinder/tests/test_wsgi.py", line 212, in test_app_using_ssl
    response = open_no_proxy('https://127.0.0.1:%d/' % server.port)
  File "/tmp/buildd/cinder-2014.2/cinder/tests/test_wsgi.py", line 47, in open_no_proxy
    return opener.open(*args, **kwargs)
  File "/usr/lib/python2.7/urllib2.py", line 431, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 449, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 409, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/urllib2.py", line 1240, in https_open
    context=self._context)
  File "/usr/lib/python2.7/urllib2.py", line 1197, in do_open
    raise URLError(err)
URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)>

Boris Bobrov (bbobrov) wrote :

Keystone logs are attached

Changed in keystone:
assignee: nobody → Boris Bobrov (bbobrov)
status: New → Confirmed

Fix proposed to branch: master
Review: https://review.openstack.org/144988

Changed in keystone:
assignee: Boris Bobrov (bbobrov) → James Page (james-page)
status: Confirmed → In Progress
James Page (james-page) wrote :

Boris - apologies I'd not realized that you had assigned yourself the keystone bug task; I've proposed a backwards compatible patch for the keystone SSL tests that fail which will be uploaded to Ubuntu development shortly.

James Page (james-page) on 2015-01-06
Changed in neutron:
assignee: nobody → James Page (james-page)
status: New → In Progress

Fix proposed to branch: master
Review: https://review.openstack.org/146111

Changed in neutron:
assignee: James Page (james-page) → Ralf Haferkamp (rhafer)

Change abandoned by Ralf Haferkamp (<email address hidden>) on branch: master
Review: https://review.openstack.org/146111
Reason: duplicate of https://review.openstack.org/145208

Ralf Haferkamp (rhafer) on 2015-01-09
Changed in neutron:
assignee: Ralf Haferkamp (rhafer) → nobody

Reviewed: https://review.openstack.org/145208
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=1d75a6fd3bce8ccad52d3f33d5118f160c992f60
Submitter: Jenkins
Branch: master

commit 1d75a6fd3bce8ccad52d3f33d5118f160c992f60
Author: James Page <email address hidden>
Date: Tue Jan 6 12:01:40 2015 +0000

    Deal with PEP-0476 certificate chaining checking

    PEP-0476 introduced more thorough certificate chain verfication
    for HTTPS connectivity; this was introduced in Python 2.7.9, and
    breaks a number of unit tests in the neutron codebase.

    Disable certificate chain verification for keystone SSL tests
    using the backwards compatible SSLContext provided for this
    purpose.

    Change-Id: I25859d8981a022b4f625ce57ecd28da3820a7b17
    Closes-Bug: #1403068

Changed in neutron:
status: In Progress → Fix Committed

Fix proposed to branch: master
Review: https://review.openstack.org/147271

Changed in cinder:
assignee: nobody → Corey Bryant (corey.bryant)
status: New → In Progress

Reviewed: https://review.openstack.org/147271
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=4e849ef5fbb7159276435ac6f7315bf20274768d
Submitter: Jenkins
Branch: master

commit 4e849ef5fbb7159276435ac6f7315bf20274768d
Author: Corey Bryant <email address hidden>
Date: Wed Jan 14 13:11:30 2015 -0500

    Deal with PEP-0476 certificate chaining checking

    PEP-0476 introduced more thorough certificate chain verfication
    for HTTPS connectivity; this was introduced in Python 2.7.9, and
    breaks a number of unit tests in the cinder codebase.

    Disable certificate chain verification for cinder SSL tests
    using the backwards compatible SSLContext provided for this
    purpose.

    Change-Id: Iffc3658196f608c7a7c9b6527dc8e7210fb05bff
    Closes-Bug: #1403068

Changed in cinder:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2015-02-05
Changed in cinder:
milestone: none → kilo-2
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2015-02-05
Changed in neutron:
milestone: none → kilo-2
status: Fix Committed → Fix Released
Brant Knudson (blk-u) on 2015-02-09
Changed in keystone:
importance: Undecided → High
Changed in keystone:
milestone: none → kilo-rc1

Fix proposed to branch: master
Review: https://review.openstack.org/165756

Changed in manila:
assignee: nobody → James Page (james-page)
status: New → In Progress
Changed in manila:
milestone: none → kilo-rc1
tags: added: icehouse-backport-potential juno-backport-potential

Reviewed: https://review.openstack.org/165756
Committed: https://git.openstack.org/cgit/openstack/manila/commit/?id=e687499f438f50b810e2bc518187b152d1a68033
Submitter: Jenkins
Branch: master

commit e687499f438f50b810e2bc518187b152d1a68033
Author: James Page <email address hidden>
Date: Thu Mar 19 09:54:09 2015 +0000

    Deal with PEP-0476 certificate chaining checking

    PEP-0476 introduced more thorough certificate chain verfication
    for HTTPS connectivity; this was introduced in Python 2.7.9, and
    breaks a number of unit tests in the manila codebase.

    Disable certificate chain verification for SSL tests
    using the backwards compatible SSLContext provided for this
    purpose.

    Change-Id: I512e4bd5a10fcfdf6241329dbd1eae6e9350854b
    Closes-Bug: #1403068

Changed in manila:
status: In Progress → Fix Committed

Reviewed: https://review.openstack.org/144988
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=89aec92962a551dc06520e284dadc63a0a58ad2c
Submitter: Jenkins
Branch: master

commit 89aec92962a551dc06520e284dadc63a0a58ad2c
Author: James Page <email address hidden>
Date: Mon Jan 5 14:14:40 2015 +0000

    Deal with PEP-0476 certificate chaining checking

    PEP-0476 introduced more thorough certificate chain verification
    for HTTPS connectivity; this was introduced in Python 2.7.9, and
    breaks a number of unit tests in the keystone codebase.

    Disable certificate chain verification for keystone SSL tests
    using the backwards compatible SSLContext provided for this
    purpose.

    Change-Id: I6b5e975ed4c9abf3571212ba0e172eb653bb9281
    Closes-Bug: #1403068

Changed in keystone:
status: In Progress → Fix Committed

Reviewed: https://review.openstack.org/166271
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=ddbad0152cec392d19c3606f0ab9ee70f10f557c
Submitter: Jenkins
Branch: stable/juno

commit ddbad0152cec392d19c3606f0ab9ee70f10f557c
Author: James Page <email address hidden>
Date: Tue Jan 6 12:01:40 2015 +0000

    Deal with PEP-0476 certificate chaining checking

    PEP-0476 introduced more thorough certificate chain verfication
    for HTTPS connectivity; this was introduced in Python 2.7.9, and
    breaks a number of unit tests in the neutron codebase.

    Disable certificate chain verification for keystone SSL tests
    using the backwards compatible SSLContext provided for this
    purpose.

    Closes-Bug: #1403068
    (cherry picked from commit 1d75a6fd3bce8ccad52d3f33d5118f160c992f60)
    Change-Id: I25859d8981a022b4f625ce57ecd28da3820a7b17

tags: added: in-stable-juno

Reviewed: https://review.openstack.org/166274
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=91cc867eb6625eded476343f487d28e76ac3f22f
Submitter: Jenkins
Branch: stable/icehouse

commit 91cc867eb6625eded476343f487d28e76ac3f22f
Author: James Page <email address hidden>
Date: Tue Jan 6 12:01:40 2015 +0000

    Deal with PEP-0476 certificate chaining checking

    PEP-0476 introduced more thorough certificate chain verfication
    for HTTPS connectivity; this was introduced in Python 2.7.9, and
    breaks a number of unit tests in the neutron codebase.

    Disable certificate chain verification for keystone SSL tests
    using the backwards compatible SSLContext provided for this
    purpose.

    Closes-Bug: #1403068
    (cherry picked from commit 1d75a6fd3bce8ccad52d3f33d5118f160c992f60)
    Change-Id: I25859d8981a022b4f625ce57ecd28da3820a7b17

tags: added: in-stable-icehouse

Reviewed: https://review.openstack.org/166255
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=a3e4439de2b153341c27eb8c700632cd15fdb473
Submitter: Jenkins
Branch: stable/juno

commit a3e4439de2b153341c27eb8c700632cd15fdb473
Author: Corey Bryant <email address hidden>
Date: Wed Jan 14 13:11:30 2015 -0500

    Deal with PEP-0476 certificate chaining checking

    PEP-0476 introduced more thorough certificate chain verfication
    for HTTPS connectivity; this was introduced in Python 2.7.9, and
    breaks a number of unit tests in the cinder codebase.

    Disable certificate chain verification for cinder SSL tests
    using the backwards compatible SSLContext provided for this
    purpose.

    Change-Id: Iffc3658196f608c7a7c9b6527dc8e7210fb05bff
    Closes-Bug: #1403068
    (cherry picked from commit 4e849ef5fbb7159276435ac6f7315bf20274768d)

Thierry Carrez (ttx) on 2015-04-07
Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2015-04-13
Changed in manila:
status: Fix Committed → Fix Released

Reviewed: https://review.openstack.org/166263
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=15901c4effad378412e83fe927104961ee5702c9
Submitter: Jenkins
Branch: stable/icehouse

commit 15901c4effad378412e83fe927104961ee5702c9
Author: Corey Bryant <email address hidden>
Date: Wed Jan 14 13:11:30 2015 -0500

    Deal with PEP-0476 certificate chaining checking

    PEP-0476 introduced more thorough certificate chain verfication
    for HTTPS connectivity; this was introduced in Python 2.7.9, and
    breaks a number of unit tests in the cinder codebase.

    Disable certificate chain verification for cinder SSL tests
    using the backwards compatible SSLContext provided for this
    purpose.

    Closes-Bug: #1403068
    (cherry picked from commit 4e849ef5fbb7159276435ac6f7315bf20274768d)

    Conflicts:
     cinder/tests/test_wsgi.py

    Change-Id: Iffc3658196f608c7a7c9b6527dc8e7210fb05bff

Thierry Carrez (ttx) on 2015-04-30
Changed in keystone:
milestone: kilo-rc1 → 2015.1.0
Thierry Carrez (ttx) on 2015-04-30
Changed in neutron:
milestone: kilo-2 → 2015.1.0
Thierry Carrez (ttx) on 2015-04-30
Changed in cinder:
milestone: kilo-2 → 2015.1.0
Thierry Carrez (ttx) on 2015-04-30
Changed in manila:
milestone: kilo-rc1 → 2015.1.0

Reviewed: https://review.openstack.org/168878
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=91255f1edd39804847ce80c65fcbf73e126853f3
Submitter: Jenkins
Branch: stable/icehouse

commit 91255f1edd39804847ce80c65fcbf73e126853f3
Author: James Page <email address hidden>
Date: Mon Jan 5 14:14:40 2015 +0000

    Deal with PEP-0476 certificate chaining checking

    PEP-0476 introduced more thorough certificate chain verification
    for HTTPS connectivity; this was introduced in Python 2.7.9, and
    breaks a number of unit tests in the keystone codebase.

    Disable certificate chain verification for keystone SSL tests
    using the backwards compatible SSLContext provided for this
    purpose.

    Closes-Bug: #1403068
    (cherry picked from commit 89aec92962a551dc06520e284dadc63a0a58ad2c)

    Conflicts:
     keystone/tests/test_ssl.py

    Change-Id: I6b5e975ed4c9abf3571212ba0e172eb653bb9281

Reviewed: https://review.openstack.org/168877
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=10d3b27283697f2c5be971daf7ef0ea7373fe4c8
Submitter: Jenkins
Branch: stable/juno

commit 10d3b27283697f2c5be971daf7ef0ea7373fe4c8
Author: James Page <email address hidden>
Date: Mon Jan 5 14:14:40 2015 +0000

    Deal with PEP-0476 certificate chaining checking

    PEP-0476 introduced more thorough certificate chain verification
    for HTTPS connectivity; this was introduced in Python 2.7.9, and
    breaks a number of unit tests in the keystone codebase.

    Disable certificate chain verification for keystone SSL tests
    using the backwards compatible SSLContext provided for this
    purpose.

    Conflicts:
     keystone/tests/test_ssl.py

    Change-Id: I6b5e975ed4c9abf3571212ba0e172eb653bb9281
    Closes-Bug: #1403068
    (cherry picked from commit 89aec92962a551dc06520e284dadc63a0a58ad2c)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments