kolla-ansible

  1. Bug #1875561
  2. Comment #0

Comment 0 for bug 1875561

Revision history for this message
XiaojueGuan (xiaojuegaun) wrote :

(deploy) root@k-node1:~# pip freeze | grep kolla
kolla==9.1.0.dev387
kolla-ansible==9.1.0.dev588

the globals.yml file is https://github.com/albertjone/kolla-config/blob/master/kolla-config/multinode/globals.yml

when use kolla-ansible to deploy it failed with following detail:
```
TASK [kibana : Wait for kibana to register in elasticsearch]
FAILED - RETRYING: Wait for kibana to register in elasticsearch (20 retries left).Result was: {
    "action": "uri",
    "attempts": 1,
    "changed": false,
    "content": "",
    "elapsed": 0,
    "invocation": {
        "module_args": {
            "attributes": null,
            "backup": null,
            "body": null,
            "body_format": "raw",
            "client_cert": null,
            "client_key": null,
            "content": null,
            "creates": null,
            "delimiter": null,
            "dest": null,
            "directory_mode": null,
            "follow": false,
            "follow_redirects": "safe",
            "force": false,
            "force_basic_auth": false,
            "group": null,
            "headers": {},
            "http_agent": "ansible-httpget",
            "method": "GET",
            "mode": null,
            "owner": null,
            "regexp": null,
            "remote_src": null,
            "removes": null,
            "return_content": false,
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "src": null,
            "status_code": [
                "200"
            ],
            "timeout": 30,
            "unix_socket": null,
            "unsafe_writes": null,
            "url": "https://10.10.1.205:9200/.kibana",
            "url_password": null,
            "url_username": null,
            "use_proxy": true,
            "validate_certs": true
        }
    },
    "msg": "Status code was -1 and not [200]: Request failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)>",
    "redirected": false,
    "retries": 21,
    "status": -1,
    "url": "https://10.10.1.205:9200/.kibana"
}
```

and i logged into kolla_toolbox it shows below interesting staff
```
(kolla-toolbox)[root@k-node1 /]# cat /etc/pki/ca-trust/source/anchors/kolla-customca-haproxy-internal.crt
-----BEGIN CERTIFICATE-----
MIIDMjCCAhqgAwIBAgIJAMK1wLrbsYLPMA0GCSqGSIb3DQEBCwUAME4xCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJOQzEMMAoGA1UEBwwDUlRQMQ4wDAYDVQQLDAVrb2xs
YTEUMBIGA1UEAwwLMTAuMTAuMS4yMDUwHhcNMjAwNDI0MDg1MDI4WhcNMzAwNDIy
MDg1MDI4WjBOMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkMxDDAKBgNVBAcMA1JU
UDEOMAwGA1UECwwFa29sbGExFDASBgNVBAMMCzEwLjEwLjEuMjA1MIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDq0b/Zau/A1r7JT16s88HZ7S6YM8aT+
IynPsHTjbcy9xHR9lidL/GzHy9bxkSMd2IzUCozy33zos4crUrqM3yz12BVUXa76
SXzoPPU6Km+8JT49QFMSmdCR2GFj5OTzF0WyOlaoj9c/JPk2DGh0ksf5hfG91mlQ
MIZECoCwxUS2Fd3pLTwFMWjNL8NUWzrwBLtCMbdlORmz7m3iH2SUuX5sDu3vLmam
2qpobqu627uRpyxcj/Qvo2OAZruNMlTtL+L99P/6Wf+GzXTEX9Juv1lkB/CuVAEi
1TZimEthO9moRYsuSpUPV+CPStYjf+SYyQDst/OGZOxMaSnrZXpq/wIDAQABoxMw
ETAPBgNVHREECDAGhwQKCgHNMA0GCSqGSIb3DQEBCwUAA4IBAQAGR40ZbQoup5+Z
EZxuqtsh4fOaJgwtPuIrpcwTPQOjAsn5ldVYftbs7YyBFcfGHDLp1yGoONqU2FFZ
LLt6sk+BZ60Gx0TBTM0yK6c86i+U4CIogJ8OB9Z59+JfTzbE7z060yhk6Z91qqLl
IcFUylmv+84vw/ERuY4JnDymdrwoBJxxc8+v4mJAyWm1wjg/9ktUP+rwFqLFmzT3
r62cun6Jg4vH18FkCF1FlvEaliaDiAxHKL7Ck3JdxruTBuXt/NfledSFVmnBczwY
QGvYanEZP/IEuMlJx+0p30X+EV3ayUhhVg+VXcHM6ZygnG3cTegdebz58HHw+0gs
lLoJXkug
-----END CERTIFICATE-----
(kolla-toolbox)[root@k-node1 /]# curl https://10.10.1.205:9200/.kibana --cacert /etc/pki/ca-trust/source/anchors/kolla-customca-haproxy-internal.crt
{".kibana_1":{"aliases":{".kibana":{}},"mappings":{"doc":{"dynamic":"strict","properties":{"config":{"dynamic":"true","properties":{"buildNum":{"type":"keyword"}}},"dashboard":{"properties":{"description":{"type":"text"},"hits":{"type":"integer"},"kibanaSavedObjectMeta":{"properties":{"searchSourceJSON":{"type":"text"}}},"optionsJSON":{"type":"text"},"panelsJSON":{"type":"text"},"refreshInterval":{"properties":{"display":{"type":"keyword"},"pause":{"type":"boolean"},"section":{"type":"integer"},"value":{"type":"integer"}}},"timeFrom":{"type":"keyword"},"timeRestore":{"type":"boolean"},"timeTo":{"type":"keyword"},"title":{"type":"text"},"uiStateJSON":{"type":"text"},"version":{"type":"integer"}}},"index-pattern":{"properties":{"fieldFormatMap":{"type":"text"},"fields":{"type":"text"},"intervalName":{"type":"keyword"},"notExpandable":{"type":"boolean"},"sourceFilters":{"type":"text"},"timeFieldName":{"type":"keyword"},"title":{"type":"text"},"type":{"type":"keyword"},"typeMeta":{"type":"keyword"}}},"kql-telemetry":{"properties":{"optInCount":{"type":"long"},"optOutCount":{"type":"long"}}},"migrationVersion":{"type":"object","dynamic":"true"},"namespace":{"type":"keyword"},"search":{"properties":{"columns":{"type":"keyword"},"description":{"type":"text"},"hits":{"type":"integer"},"kibanaSavedObjectMeta":{"properties":{"searchSourceJSON":{"type":"text"}}},"sort":{"type":"keyword"},"title":{"type":"text"},"version":{"type":"integer"}}},"server":{"properties":{"uuid":{"type":"keyword"}}},"timelion-sheet":{"properties":{"description":{"type":"text"},"hits":{"type":"integer"},"kibanaSavedObjectMeta":{"properties":{"searchSourceJSON":{"type":"text"}}},"timelion_chart_height":{"type":"integer"},"timelion_columns":{"type":"integer"},"timelion_interval":{"type":"keyword"},"timelion_other_interval":{"type":"keyword"},"timelion_rows":{"type":"integer"},"timelion_sheet":{"type":"text"},"title":{"type":"text"},"version":{"type":"integer"}}},"type":{"type":"keyword"},"updated_at":{"type":"date"},"url":{"properties":{"accessCount":{"type":"long"},"accessDate":{"type":"date"},"createDate":{"type":"date"},"url":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":2048}}}}},"visualization":{"properties":{"description":{"type":"text"},"kibanaSavedObjectMeta":{"properties":{"searchSourceJSON":{"type":"text"}}},"savedSearchId":{"type":"keyword"},"title":{"type":"text"},"uiStateJSON":{"type":"text"},"version":{"type":"integer"},"visState":{"type":"text"}}}}}},"settings":{"index":{"number_of_shards":"1","auto_expand_replicas":"0-1","provided_name":".kibana_1","creation_date":"1588055326408","number_of_replicas":"1","uuid":"5cRMGCAbR4ukQPVqyl-kkA","version":{"created":"6080899"}}}}}curl (https://10.10.1.205:9200/.kibana): response: 200, time: 0.010410, size: 2719
(kolla-toolbox)[root@k-node1 /]# curl https://10.10.1.205:9200/.kibana
curl (https://10.10.1.205:9200/.kibana): response: 000, time: 0.000128, size: 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
(kolla-toolbox)[root@k-node1 /]# cat /etc/redhat-release
CentOS Linux release 8.1.1911 (Core)
```
according to https://docs.openstack.org/kolla-ansible/latest/admin/advanced-configuration.html my config out to be ok, but failed.