Ironic IPA does not work when Swift is using https

Bug #1513508 reported by Om Kumar on 2015-11-05
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

2015-11-05 08:51:30.008 51327 DEBUG ironic.drivers.modules.agent [-] prepare_image got response {u'command_error': None, u'command_status': u'RUNNING', u'command_params': {u'image_info': {u'checksum': u'45a4a06997e64f7120795c68beeb0e3c', u'disk_format': u'qcow2', u'id': u'eece8669-f8b0-45ae-99c0-70f6fae680ef', u'urls': [u''], u'container_format': u'bare'}}, u'command_result': None, u'id': u'4e6be5f9-1590-4089-a390-e589306cb065', u'command_name': u'prepare_image'} for node 7d401924-bf1a-4510-9dc0-58f1603c783d continue_deploy /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/ironic/drivers/modules/
2015-11-05 08:51:30.096 51327 DEBUG oslo_messaging._drivers.amqp [-] unpacked context: {u'read_only': False, u'show_deleted': False, u'roles': [u''], u'auth_token': None, u'domain_name': None, u'show_password': False, u'is_admin': False, u'user': None, u'request_id': u'req-b329128f-3a91-4ee5-abc8-96c86ad035f8', u'is_public_api': True, u'domain_id': None, u'tenant': None} unpack_context /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/oslo_messaging/_drivers/
2015-11-05 08:51:30.098 51327 DEBUG ironic.conductor.manager [-] RPC vendor_passthru called for node 7d401924-bf1a-4510-9dc0-58f1603c783d. vendor_passthru /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/ironic/conductor/
2015-11-05 08:51:30.099 51327 DEBUG ironic.conductor.task_manager [-] Attempting to reserve node 7d401924-bf1a-4510-9dc0-58f1603c783d reserve_node /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/ironic/conductor/
2015-11-05 08:51:30.125 51327 DEBUG oslo_concurrency.lockutils [-] Lock "conductor_worker_spawn" acquired by "_spawn_worker" :: waited 0.000s inner /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/oslo_concurrency/
2015-11-05 08:51:30.126 51327 DEBUG oslo_concurrency.lockutils [-] Lock "conductor_worker_spawn" released by "_spawn_worker" :: held 0.000s inner /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/oslo_concurrency/
2015-11-05 08:51:30.126 51327 DEBUG oslo_messaging._drivers.amqp [-] UNIQUE_ID is ebb0e95411db45d4bf3524160ea3ee63. _add_unique_id /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/oslo_messaging/_drivers/
2015-11-05 08:51:30.128 51327 DEBUG ironic.drivers.modules.agent_base_vendor [-] Heartbeat from 7d401924-bf1a-4510-9dc0-58f1603c783d, last heartbeat at 1446713489. heartbeat /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/ironic/drivers/modules/
2015-11-05 08:51:30.139 51327 DEBUG oslo_messaging._drivers.amqp [-] UNIQUE_ID is 807e9925458d4eaf9b9cff3730ff2bef. _add_unique_id /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/oslo_messaging/_drivers/
2015-11-05 08:51:30.150 51327 DEBUG ironic.drivers.modules.agent [-] Preparing to reboot to instance for node 7d401924-bf1a-4510-9dc0-58f1603c783d reboot_to_instance /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/ironic/drivers/modules/
2015-11-05 08:51:30.157 51327 ERROR ironic.drivers.modules.agent [-] node 7d401924-bf1a-4510-9dc0-58f1603c783d command status errored: {u'message': u'Command execution failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)', u'code': 500, u'type': u'CommandExecutionError', u'details': u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)'}
2015-11-05 08:51:30.157 51327 DEBUG ironic.common.states [-] Entering new state 'deploy failed' in response to event 'fail' on_enter /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/ironic/common/
2015-11-05 08:51:30.169 51327 DEBUG oslo_concurrency.processutils [-] Running cmd (subprocess): ipmitool -I lanplus -H -L ADMINISTRATOR -U adminblade -R 12 -N 5 -f /tmp/tmp7JA1uS power status execute /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/oslo_concurrency/

Ben Nemec (bnemec) wrote :

This doesn't seem like a diskimage-builder problem. Adding Ironic as the project which owns IPA.

Changed in diskimage-builder:
status: New → Invalid
Dmitry Tantsur (divius) on 2015-11-23
affects: ironic → ironic-python-agent
Mathieu Mitchell (mat128) wrote :

We are successfully using Swift in HTTPS from IPA. The error you are getting is a certificate validation issue. This means the certificate offered on your swift endpoint (which looks like it's is invalid. Note that a self-signed cert will not work for IPA as it is trying to validate that the cert is right.

There is currently no option to tell IPA to not verify the SSL certificates. See the requests calls:

Changed in ironic-python-agent:
status: New → Invalid
Clint Byrum (clint-fewbar) wrote :

Hm, is this really invalid, or a wishlist request to add the capability to be able to run it with self signed certs?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers