diskimage-builder

Ironic IPA does not work when Swift is using https

Bug #1513508 reported by Om Kumar on 2015-11-05

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	diskimage-builder	Invalid	Undecided	Unassigned
	ironic-python-agent	Invalid	Undecided	Unassigned

Bug Description

2015-11-05 08:51:30.008 51327 DEBUG ironic.drivers.modules.agent [-] prepare_image got response {u'command_error': None, u'command_status': u'RUNNING', u'command_params': {u'image_info': {u'checksum': u'45a4a06997e64f7120795c68beeb0e3c', u'disk_format': u'qcow2', u'id': u'eece8669-f8b0-45ae-99c0-70f6fae680ef', u'urls': [u'https://192.168.103.10:8080/v1/AUTH_d1885b2d665145eeb685df680c80e151/glance/eece8669-f8b0-45ae-99c0-70f6fae680ef?temp_url_sig=d7b4a93f303b2a22089229c6bda54ad07f6bcc5e&temp_url_expires=1446714458'], u'container_format': u'bare'}}, u'command_result': None, u'id': u'4e6be5f9-1590-4089-a390-e589306cb065', u'command_name': u'prepare_image'} for node 7d401924-bf1a-4510-9dc0-58f1603c783d continue_deploy /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/ironic/drivers/modules/agent.py:485
2015-11-05 08:51:30.096 51327 DEBUG oslo_messaging._drivers.amqp [-] unpacked context: {u'read_only': False, u'show_deleted': False, u'roles': [u''], u'auth_token': None, u'domain_name': None, u'show_password': False, u'is_admin': False, u'user': None, u'request_id': u'req-b329128f-3a91-4ee5-abc8-96c86ad035f8', u'is_public_api': True, u'domain_id': None, u'tenant': None} unpack_context /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/oslo_messaging/_drivers/amqp.py:203
2015-11-05 08:51:30.098 51327 DEBUG ironic.conductor.manager [-] RPC vendor_passthru called for node 7d401924-bf1a-4510-9dc0-58f1603c783d. vendor_passthru /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/ironic/conductor/manager.py:464
2015-11-05 08:51:30.099 51327 DEBUG ironic.conductor.task_manager [-] Attempting to reserve node 7d401924-bf1a-4510-9dc0-58f1603c783d reserve_node /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/ironic/conductor/task_manager.py:193
2015-11-05 08:51:30.125 51327 DEBUG oslo_concurrency.lockutils [-] Lock "conductor_worker_spawn" acquired by "_spawn_worker" :: waited 0.000s inner /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/oslo_concurrency/lockutils.py:444
2015-11-05 08:51:30.126 51327 DEBUG oslo_concurrency.lockutils [-] Lock "conductor_worker_spawn" released by "_spawn_worker" :: held 0.000s inner /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/oslo_concurrency/lockutils.py:456
2015-11-05 08:51:30.126 51327 DEBUG oslo_messaging._drivers.amqp [-] UNIQUE_ID is ebb0e95411db45d4bf3524160ea3ee63. _add_unique_id /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/oslo_messaging/_drivers/amqp.py:258
2015-11-05 08:51:30.128 51327 DEBUG ironic.drivers.modules.agent_base_vendor [-] Heartbeat from 7d401924-bf1a-4510-9dc0-58f1603c783d, last heartbeat at 1446713489. heartbeat /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/ironic/drivers/modules/agent_base_vendor.py:211
2015-11-05 08:51:30.139 51327 DEBUG oslo_messaging._drivers.amqp [-] UNIQUE_ID is 807e9925458d4eaf9b9cff3730ff2bef. _add_unique_id /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/oslo_messaging/_drivers/amqp.py:258
2015-11-05 08:51:30.150 51327 DEBUG ironic.drivers.modules.agent [-] Preparing to reboot to instance for node 7d401924-bf1a-4510-9dc0-58f1603c783d reboot_to_instance /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/ironic/drivers/modules/agent.py:497
2015-11-05 08:51:30.157 51327 ERROR ironic.drivers.modules.agent [-] node 7d401924-bf1a-4510-9dc0-58f1603c783d command status errored: {u'message': u'Command execution failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)', u'code': 500, u'type': u'CommandExecutionError', u'details': u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)'}
2015-11-05 08:51:30.157 51327 DEBUG ironic.common.states [-] Entering new state 'deploy failed' in response to event 'fail' on_enter /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/ironic/common/states.py:183
2015-11-05 08:51:30.169 51327 DEBUG oslo_concurrency.processutils [-] Running cmd (subprocess): ipmitool -I lanplus -H 10.1.67.62 -L ADMINISTRATOR -U adminblade -R 12 -N 5 -f /tmp/tmp7JA1uS power status execute /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/oslo_concurrency/processutils.py:223

Revision history for this message

Ben Nemec (bnemec) wrote on 2015-11-12:

This doesn't seem like a diskimage-builder problem. Adding Ironic as the project which owns IPA.

Changed in diskimage-builder:
status:	New → Invalid

Dmitry Tantsur (divius) on 2015-11-23

affects:

ironic → ironic-python-agent

Revision history for this message

Mathieu Mitchell (mat128) wrote on 2015-12-14:

We are successfully using Swift in HTTPS from IPA. The error you are getting is a certificate validation issue. This means the certificate offered on your swift endpoint (which looks like it's https://192.168.103.10:8080/) is invalid. Note that a self-signed cert will not work for IPA as it is trying to validate that the cert is right.

There is currently no option to tell IPA to not verify the SSL certificates. See the requests calls:
https://github.com/openstack/ironic-python-agent/blob/15e4454e68c93d6beca55ef2925733833673b20c/ironic_python_agent/extensions/standby.py#L152

Mathieu Mitchell (mat128) on 2016-01-07

Changed in ironic-python-agent:
status:	New → Invalid

Revision history for this message

Clint Byrum (clint-fewbar) wrote on 2016-01-07:

Hm, is this really invalid, or a wishlist request to add the capability to be able to run it with self signed certs?

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.