kolla-toolbox: python requests fails to verify certificates with root-ca located at /etc/ssl/certs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kolla-ansible |
New
|
Undecided
|
Unassigned |
Bug Description
**Bug Report**
What happened:
Deploying an environment with internal TLS is causing issues, if the root-ca certificate is not part of python-certifi.
Example: grafana deployment
FAILED - RETRYING: Wait for grafana application ready (1 retries left).
fatal: [ctl1]: FAILED! => {"action": "uri", "attempts": 30, "changed": false, "elapsed": 0, "msg": "Status code was -1 and not [200]: Request failed: <urlopen error [SSL: CERTIFICATE_
What you expected to happen:
TASK [grafana : Wait for grafana application ready] *******
ok: [ctl1]
How to reproduce it (minimal and precise):
1. set `kolla_
2. Deploy Grafana: kolla-ansible deploy grafana
**Environment**:
* OS (e.g. from /etc/os-release): Ubuntu 20.04.4 LTS
* Kernel (e.g. `uname -a`): Linux ctl1 5.4.0-105-generic #119-Ubuntu SMP Mon Mar 7 18:49:24 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
* Docker version if applicable (e.g. `docker version`): 20.10.13
* Kolla-Ansible version (e.g. `git head or tag or stable branch` or pip package version if using release): stable/xena
* Docker image Install type (source/binary): source
* Docker image distribution: quay.io/
* Are you using official images from Docker Hub or self built? self-built
* If self built - Kolla version and environment used to build: Xena
* Share your inventory file, globals.yml and other configuration files if relevant
kolla_enable_
kolla_copy_
openstack_cacert: /etc/ssl/
Notes:
Setting `REQUESTS_