cinder-volume and cinder-backup raise SSL error on "Notifying Schedulers of capabilities"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
New
|
Undecided
|
Unassigned |
Bug Description
Hello! After using OSA to install cinder, I'm receiving a fatal error during the startup of both the cinder-volume and cinder-backup services in my cinder-volume lxc containers. The traceback is as follows:
---- BEGIN TRACEBACK ----
Jun 29 11:31:31 raisinbran-
s/cinder/
Jun 29 11:31:31 raisinbran-
ssl.SSLError: [SSL: UNABLE_
---- END TRACEBACK ----
I've been looking everywhere I can on Google for something similar to this and am coming up short. I'm able to create the same same SSL context inside an interactive python session without fail.
Here's information about my setup:
* CentOS 7.8 Host running CentOS 7.8 LXC container.
* Python3.6 with virtualenv build by opentack ansible
* OpenSSL version 1.0.2k-fips (no SSL2 support)
* Kernel 3.10.0
* Relevant cinder.conf snippet:
[oslo_messaging
ssl = True
ssl_version = TLSv1_1
[oslo_messaging
driver = messagingv2
transport_url = rabbit:
* Installed packages in cinder venv:
Package Version
-------
alembic 1.4.2
amqp 2.5.2
appdirs 1.4.3
attrs 19.3.0
automaton 2.0.1
Babel 2.8.0
bcrypt 3.1.7
cachetools 4.1.0
castellan 3.0.1
certifi 2020.4.5.1
cffi 1.14.0
chardet 3.0.4
cinder 16.0.1.dev3
cliff 3.1.0
cmd2 0.8.9
cryptography 2.9
cursive 0.2.2
debtcollector 2.0.1
decorator 4.4.2
defusedxml 0.6.0
dnspython 1.15.0
dogpile.cache 0.9.0
ecdsa 0.15
eventlet 0.25.2
extras 1.0.0
fasteners 0.14.1
fixtures 3.0.0
futurist 2.1.1
google-api-core 1.16.0
google-
google-auth 1.13.1
google-
googleapis-
greenlet 0.4.15
httplib2 0.17.2
idna 2.9
importlib-metadata 1.6.0
iso8601 0.1.12
Jinja2 2.11.1
jmespath 0.9.5
jsonpatch 1.25
jsonpointer 2.0
jsonschema 3.2.0
keystoneauth1 4.0.0
keystonemiddleware 9.0.0
kombu 4.6.8
linecache2 1.0.0
lxml 4.5.0
Mako 1.1.2
MarkupSafe 1.1.1
monotonic 1.5
msgpack 0.6.2
munch 2.5.0
netaddr 0.7.19
netifaces 0.10.9
networkx 2.4
oauth2client 4.1.3
openstacksdk 0.46.0
os-brick 3.0.1
os-service-types 1.7.0
os-win 5.0.1
osc-lib 2.0.0
oslo.cache 2.3.0
oslo.concurrency 4.0.2
oslo.config 8.0.2
oslo.context 3.0.2
oslo.db 8.1.0
oslo.i18n 4.0.1
oslo.log 4.1.1
oslo.messaging 12.1.0
oslo.middleware 4.0.2
oslo.policy 3.1.0
oslo.privsep 2.1.1
oslo.reports 2.0.1
oslo.rootwrap 6.0.2
oslo.serialization 3.1.1
oslo.service 2.1.1
oslo.upgradecheck 1.0.1
oslo.utils 4.1.1
oslo.versionedo
oslo.vmware 3.3.1
osprofiler 3.1.0
paramiko 2.7.1
Paste 3.4.0
PasteDeploy 2.1.0
pbr 5.4.5
pip 20.1.1
prettytable 0.7.2
protobuf 3.11.3
psutil 5.7.0
pyasn1 0.4.8
pyasn1-modules 0.2.8
pycadf 3.0.0
pycparser 2.20
pydot 1.4.1
pyinotify 0.9.6
pymemcache 3.1.0
PyMySQL 0.9.3
PyNaCl 1.3.0
pyOpenSSL 19.1.0
pyparsing 2.4.7
pyperclip 1.8.0
pyrsistent 0.16.0
python-
python-cinderclient 7.0.0
python-dateutil 2.8.1
python-editor 1.0.4
python-glanceclient 3.1.1
python-
python-memcached 1.59
python-mimeparse 1.6.0
python-novaclient 17.0.0
python-
python-swiftclient 3.9.0
pytz 2019.3
pyudev 0.22.0
PyYAML 5.3.1
repoze.lru 0.7
requests 2.23.0
requestsexceptions 1.4.0
retrying 1.3.3
rfc3986 1.4.0
Routes 2.4.1
rsa 4.0
rtslib-fb 2.1.71
setuptools 46.4.0
simplejson 3.17.0
six 1.14.0
SQLAlchemy 1.3.16
sqlalchemy-migrate 0.13.0
sqlparse 0.3.1
statsd 3.3.0
stevedore 1.32.0
suds-jurko 0.6
systemd-python 234
tabulate 0.8.7
taskflow 4.1.0
Tempita 0.5.2
tenacity 6.1.0
testresources 2.0.1
testscenarios 0.5.0
testtools 2.4.0
tooz 2.3.0
traceback2 1.4.0
unittest2 1.1.0
uritemplate 3.0.1
urllib3 1.25.8
vine 1.3.0
voluptuous 0.11.7
warlock 1.3.3
wcwidth 0.1.9
WebOb 1.8.6
wheel 0.34.2
wrapt 1.12.1
yappi 1.2.3
zipp 3.1.0
In order to get cinder-volume to startup, I've had to just disable SSL. This is super confusing as, why would I get an SSL2 related error when SSL2 isn't even being used?
I'm not sure if this is in error in the cinder package itself or somewhere down the chain the rabbit client implementation, but I thought I'd raise this bug here as a start.
Thanks!