Ironic IPA does not work when Swift is using https

Bug #1513508 reported by Om Kumar on 2015-11-05
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
diskimage-builder
Undecided
Unassigned
ironic-python-agent
Invalid
Undecided
Unassigned

Bug Description

2015-11-05 08:51:30.008 51327 DEBUG ironic.drivers.modules.agent [-] prepare_image got response {u'command_error': None, u'command_status': u'RUNNING', u'command_params': {u'image_info': {u'checksum': u'45a4a06997e64f7120795c68beeb0e3c', u'disk_format': u'qcow2', u'id': u'eece8669-f8b0-45ae-99c0-70f6fae680ef', u'urls': [u'https://192.168.103.10:8080/v1/AUTH_d1885b2d665145eeb685df680c80e151/glance/eece8669-f8b0-45ae-99c0-70f6fae680ef?temp_url_sig=d7b4a93f303b2a22089229c6bda54ad07f6bcc5e&temp_url_expires=1446714458'], u'container_format': u'bare'}}, u'command_result': None, u'id': u'4e6be5f9-1590-4089-a390-e589306cb065', u'command_name': u'prepare_image'} for node 7d401924-bf1a-4510-9dc0-58f1603c783d continue_deploy /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/ironic/drivers/modules/agent.py:485
2015-11-05 08:51:30.096 51327 DEBUG oslo_messaging._drivers.amqp [-] unpacked context: {u'read_only': False, u'show_deleted': False, u'roles': [u''], u'auth_token': None, u'domain_name': None, u'show_password': False, u'is_admin': False, u'user': None, u'request_id': u'req-b329128f-3a91-4ee5-abc8-96c86ad035f8', u'is_public_api': True, u'domain_id': None, u'tenant': None} unpack_context /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/oslo_messaging/_drivers/amqp.py:203
2015-11-05 08:51:30.098 51327 DEBUG ironic.conductor.manager [-] RPC vendor_passthru called for node 7d401924-bf1a-4510-9dc0-58f1603c783d. vendor_passthru /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/ironic/conductor/manager.py:464
2015-11-05 08:51:30.099 51327 DEBUG ironic.conductor.task_manager [-] Attempting to reserve node 7d401924-bf1a-4510-9dc0-58f1603c783d reserve_node /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/ironic/conductor/task_manager.py:193
2015-11-05 08:51:30.125 51327 DEBUG oslo_concurrency.lockutils [-] Lock "conductor_worker_spawn" acquired by "_spawn_worker" :: waited 0.000s inner /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/oslo_concurrency/lockutils.py:444
2015-11-05 08:51:30.126 51327 DEBUG oslo_concurrency.lockutils [-] Lock "conductor_worker_spawn" released by "_spawn_worker" :: held 0.000s inner /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/oslo_concurrency/lockutils.py:456
2015-11-05 08:51:30.126 51327 DEBUG oslo_messaging._drivers.amqp [-] UNIQUE_ID is ebb0e95411db45d4bf3524160ea3ee63. _add_unique_id /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/oslo_messaging/_drivers/amqp.py:258
2015-11-05 08:51:30.128 51327 DEBUG ironic.drivers.modules.agent_base_vendor [-] Heartbeat from 7d401924-bf1a-4510-9dc0-58f1603c783d, last heartbeat at 1446713489. heartbeat /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/ironic/drivers/modules/agent_base_vendor.py:211
2015-11-05 08:51:30.139 51327 DEBUG oslo_messaging._drivers.amqp [-] UNIQUE_ID is 807e9925458d4eaf9b9cff3730ff2bef. _add_unique_id /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/oslo_messaging/_drivers/amqp.py:258
2015-11-05 08:51:30.150 51327 DEBUG ironic.drivers.modules.agent [-] Preparing to reboot to instance for node 7d401924-bf1a-4510-9dc0-58f1603c783d reboot_to_instance /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/ironic/drivers/modules/agent.py:497
2015-11-05 08:51:30.157 51327 ERROR ironic.drivers.modules.agent [-] node 7d401924-bf1a-4510-9dc0-58f1603c783d command status errored: {u'message': u'Command execution failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)', u'code': 500, u'type': u'CommandExecutionError', u'details': u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)'}
2015-11-05 08:51:30.157 51327 DEBUG ironic.common.states [-] Entering new state 'deploy failed' in response to event 'fail' on_enter /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/ironic/common/states.py:183
2015-11-05 08:51:30.169 51327 DEBUG oslo_concurrency.processutils [-] Running cmd (subprocess): ipmitool -I lanplus -H 10.1.67.62 -L ADMINISTRATOR -U adminblade -R 12 -N 5 -f /tmp/tmp7JA1uS power status execute /opt/stack/venvs/ironic/local/lib/python2.7/site-packages/oslo_concurrency/processutils.py:223

Ben Nemec (bnemec) wrote :

This doesn't seem like a diskimage-builder problem. Adding Ironic as the project which owns IPA.

Changed in diskimage-builder:
status: New → Invalid
Dmitry Tantsur (divius) on 2015-11-23
affects: ironic → ironic-python-agent
Mathieu Mitchell (mat128) wrote :

We are successfully using Swift in HTTPS from IPA. The error you are getting is a certificate validation issue. This means the certificate offered on your swift endpoint (which looks like it's https://192.168.103.10:8080/) is invalid. Note that a self-signed cert will not work for IPA as it is trying to validate that the cert is right.

There is currently no option to tell IPA to not verify the SSL certificates. See the requests calls:
https://github.com/openstack/ironic-python-agent/blob/15e4454e68c93d6beca55ef2925733833673b20c/ironic_python_agent/extensions/standby.py#L152

Changed in ironic-python-agent:
status: New → Invalid
Clint Byrum (clint-fewbar) wrote :

Hm, is this really invalid, or a wishlist request to add the capability to be able to run it with self signed certs?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers