(deploy) root@k-node1:~# pip freeze | grep kolla
kolla==9.1.0.dev387
kolla-ansible==9.1.0.dev588
the globals.yml file is https://github.com/albertjone/kolla-config/blob/master/kolla-config/multinode/globals.yml
when use kolla-ansible to deploy it failed with following detail:
```
TASK [kibana : Wait for kibana to register in elasticsearch]
FAILED - RETRYING: Wait for kibana to register in elasticsearch (20 retries left).Result was: {
"action": "uri",
"attempts": 1,
"changed": false,
"content": "",
"elapsed": 0,
"invocation": {
"module_args": {
"attributes": null,
"backup": null,
"body": null,
"body_format": "raw",
"client_cert": null,
"client_key": null,
"content": null,
"creates": null,
"delimiter": null,
"dest": null,
"directory_mode": null,
"follow": false,
"follow_redirects": "safe",
"force": false,
"force_basic_auth": false,
"group": null,
"headers": {},
"http_agent": "ansible-httpget",
"method": "GET",
"mode": null,
"owner": null,
"regexp": null,
"remote_src": null,
"removes": null,
"return_content": false,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"status_code": [
"200"
],
"timeout": 30,
"unix_socket": null,
"unsafe_writes": null,
"url": "https://10.10.1.205:9200/.kibana",
"url_password": null,
"url_username": null,
"use_proxy": true,
"validate_certs": true
}
},
"msg": "Status code was -1 and not [200]: Request failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)>",
"redirected": false,
"retries": 21,
"status": -1,
"url": "https://10.10.1.205:9200/.kibana"
}
```
and i logged into kolla_toolbox it shows below interesting staff
```
(kolla-toolbox)[root@k-node1 /]# cat /etc/pki/ca-trust/source/anchors/kolla-customca-haproxy-internal.crt
-----BEGIN CERTIFICATE-----
MIIDMjCCAhqgAwIBAgIJAMK1wLrbsYLPMA0GCSqGSIb3DQEBCwUAME4xCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJOQzEMMAoGA1UEBwwDUlRQMQ4wDAYDVQQLDAVrb2xs
YTEUMBIGA1UEAwwLMTAuMTAuMS4yMDUwHhcNMjAwNDI0MDg1MDI4WhcNMzAwNDIy
MDg1MDI4WjBOMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkMxDDAKBgNVBAcMA1JU
UDEOMAwGA1UECwwFa29sbGExFDASBgNVBAMMCzEwLjEwLjEuMjA1MIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDq0b/Zau/A1r7JT16s88HZ7S6YM8aT+
IynPsHTjbcy9xHR9lidL/GzHy9bxkSMd2IzUCozy33zos4crUrqM3yz12BVUXa76
SXzoPPU6Km+8JT49QFMSmdCR2GFj5OTzF0WyOlaoj9c/JPk2DGh0ksf5hfG91mlQ
MIZECoCwxUS2Fd3pLTwFMWjNL8NUWzrwBLtCMbdlORmz7m3iH2SUuX5sDu3vLmam
2qpobqu627uRpyxcj/Qvo2OAZruNMlTtL+L99P/6Wf+GzXTEX9Juv1lkB/CuVAEi
1TZimEthO9moRYsuSpUPV+CPStYjf+SYyQDst/OGZOxMaSnrZXpq/wIDAQABoxMw
ETAPBgNVHREECDAGhwQKCgHNMA0GCSqGSIb3DQEBCwUAA4IBAQAGR40ZbQoup5+Z
EZxuqtsh4fOaJgwtPuIrpcwTPQOjAsn5ldVYftbs7YyBFcfGHDLp1yGoONqU2FFZ
LLt6sk+BZ60Gx0TBTM0yK6c86i+U4CIogJ8OB9Z59+JfTzbE7z060yhk6Z91qqLl
IcFUylmv+84vw/ERuY4JnDymdrwoBJxxc8+v4mJAyWm1wjg/9ktUP+rwFqLFmzT3
r62cun6Jg4vH18FkCF1FlvEaliaDiAxHKL7Ck3JdxruTBuXt/NfledSFVmnBczwY
QGvYanEZP/IEuMlJx+0p30X+EV3ayUhhVg+VXcHM6ZygnG3cTegdebz58HHw+0gs
lLoJXkug
-----END CERTIFICATE-----
(kolla-toolbox)[root@k-node1 /]# curl https://10.10.1.205:9200/.kibana --cacert /etc/pki/ca-trust/source/anchors/kolla-customca-haproxy-internal.crt
{".kibana_1":{"aliases":{".kibana":{}},"mappings":{"doc":{"dynamic":"strict","properties":{"config":{"dynamic":"true","properties":{"buildNum":{"type":"keyword"}}},"dashboard":{"properties":{"description":{"type":"text"},"hits":{"type":"integer"},"kibanaSavedObjectMeta":{"properties":{"searchSourceJSON":{"type":"text"}}},"optionsJSON":{"type":"text"},"panelsJSON":{"type":"text"},"refreshInterval":{"properties":{"display":{"type":"keyword"},"pause":{"type":"boolean"},"section":{"type":"integer"},"value":{"type":"integer"}}},"timeFrom":{"type":"keyword"},"timeRestore":{"type":"boolean"},"timeTo":{"type":"keyword"},"title":{"type":"text"},"uiStateJSON":{"type":"text"},"version":{"type":"integer"}}},"index-pattern":{"properties":{"fieldFormatMap":{"type":"text"},"fields":{"type":"text"},"intervalName":{"type":"keyword"},"notExpandable":{"type":"boolean"},"sourceFilters":{"type":"text"},"timeFieldName":{"type":"keyword"},"title":{"type":"text"},"type":{"type":"keyword"},"typeMeta":{"type":"keyword"}}},"kql-telemetry":{"properties":{"optInCount":{"type":"long"},"optOutCount":{"type":"long"}}},"migrationVersion":{"type":"object","dynamic":"true"},"namespace":{"type":"keyword"},"search":{"properties":{"columns":{"type":"keyword"},"description":{"type":"text"},"hits":{"type":"integer"},"kibanaSavedObjectMeta":{"properties":{"searchSourceJSON":{"type":"text"}}},"sort":{"type":"keyword"},"title":{"type":"text"},"version":{"type":"integer"}}},"server":{"properties":{"uuid":{"type":"keyword"}}},"timelion-sheet":{"properties":{"description":{"type":"text"},"hits":{"type":"integer"},"kibanaSavedObjectMeta":{"properties":{"searchSourceJSON":{"type":"text"}}},"timelion_chart_height":{"type":"integer"},"timelion_columns":{"type":"integer"},"timelion_interval":{"type":"keyword"},"timelion_other_interval":{"type":"keyword"},"timelion_rows":{"type":"integer"},"timelion_sheet":{"type":"text"},"title":{"type":"text"},"version":{"type":"integer"}}},"type":{"type":"keyword"},"updated_at":{"type":"date"},"url":{"properties":{"accessCount":{"type":"long"},"accessDate":{"type":"date"},"createDate":{"type":"date"},"url":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":2048}}}}},"visualization":{"properties":{"description":{"type":"text"},"kibanaSavedObjectMeta":{"properties":{"searchSourceJSON":{"type":"text"}}},"savedSearchId":{"type":"keyword"},"title":{"type":"text"},"uiStateJSON":{"type":"text"},"version":{"type":"integer"},"visState":{"type":"text"}}}}}},"settings":{"index":{"number_of_shards":"1","auto_expand_replicas":"0-1","provided_name":".kibana_1","creation_date":"1588055326408","number_of_replicas":"1","uuid":"5cRMGCAbR4ukQPVqyl-kkA","version":{"created":"6080899"}}}}}curl (https://10.10.1.205:9200/.kibana): response: 200, time: 0.010410, size: 2719
(kolla-toolbox)[root@k-node1 /]# curl https://10.10.1.205:9200/.kibana
curl (https://10.10.1.205:9200/.kibana): response: 000, time: 0.000128, size: 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
(kolla-toolbox)[root@k-node1 /]# cat /etc/redhat-release
CentOS Linux release 8.1.1911 (Core)
```
according to https://docs.openstack.org/kolla-ansible/latest/admin/advanced-configuration.html my config ought to be ok, but failed.
it seems that it's the mis function of system certification in centos 8.