get-pip.py fails on debian-testing

same error over here.

devstack on docker debian:jessie

proposed solution:
remove line 87 in nova/openstack/common/sslutils.py

_SSL_PROTOCOLS = {
    "tlsv1": ssl.PROTOCOL_TLSv1,
    "sslv23": ssl.PROTOCOL_SSLv23,
    "sslv3": ssl.PROTOCOL_SSLv3
}

Hi slimjim2234,

your error is related to nova, but has the same root.

You can find the nova patch here :

http://anonscm.debian.org/cgit/openstack/nova.git/tree/debian/patches/removed-reference-to-sslv3-removed-from-debian.patch?id=04d5dcd9e70c6caf0df7b10396285549a0e56e99

The backtrace shows this is really a problem with get-pip.py ; however it seems that this has been updated around dec last year and should be correctly handling the missing sslv3 [1]

i assume you're running a quite old checkout ... it looks like we don't overwrite get-pip.py which may be a bug

[1] https://github.com/pypa/pip/commits/develop/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.py

Fix proposed to branch: master
Review: https://review.openstack.org/162813

Reviewed: https://review.openstack.org/162813
Committed: https://git.openstack.org/cgit/openstack-dev/devstack/commit/?id=7c4ce9edbad6f3c33469d45be832ebea4a46ff70
Submitter: Jenkins
Branch: master

commit 7c4ce9edbad6f3c33469d45be832ebea4a46ff70
Author: Ian Wienand <email address hidden>
Date: Tue Mar 10 11:32:26 2015 +1100

    Check for new versions of get-pip.py

    People can leave their devstack installs around for a long time, and
    in the mean time new versions of pip can be released.

    The current check does not download a new version if an old one
    exists. We want to check for new versions, but we also don't want the
    gate jobs trying this sometimes unreliable fetch.

    So add a flag-file that tells devstack if it downloaded get-pip.py
    originally. If so, on each run check for a new version using curl's
    "-z" flag to request only files modified since the file's timestamp.

    Change-Id: I91734528f02deafabf3d18d968c3abd749751199
    Closes-Bug: #1429943