kolla-ansible

Cloudkitty with SSL enabled error

Bug #1993302 reported by Rodrigo Lima
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla-ansible
New
Undecided
Unassigned

Bug Description

What happened: Enable TLS certificates with GoDaddy Bundle and tried to deploy Cloudkitty with Elasticsearch backend results in error:
    "msg": "Status code was -1 and not [200, 404]: Request failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)>",
    "redirected": false,
    "status": -1,
    "url": "https://painelhml.amt.com.br:9200/cloudkitty"
}
Also tried with influxdb backend, same validation error

Reproducing with globals.yml:
kolla_enable_tls_internal: "yes"
kolla_enable_tls_external: "no"
kolla_certificates_dir: "{{ node_config }}/certificates"
kolla_external_fqdn_cert: "{{ kolla_certificates_dir }}/haproxy.pem"
kolla_internal_fqdn_cert: "{{ kolla_certificates_dir }}/haproxy-internal.pem"
kolla_admin_openrc_cacert: ""
kolla_copy_ca_into_containers: "yes"
openstack_cacert: "/etc/ssl/certs/ca-certificates.crt"
enable_cloudkitty: "yes"
enable_elasticsearch: "{{ 'yes' if enable_central_logging | bool or enable_osprofiler | bool or enable_skydive | bool or enable_monasca | bool or (enable_cloudkitty | bool and cloudkitty_storage_backend == 'elasticsearch') else 'no' }}"
cloudkitty_collector_backend: "gnocchi"
cloudkitty_storage_backend: "elasticsearch"

And deploy cloudkitty

Environment:
Ubuntu 20.04.5
Kernel 5.4.0-126-generic #142-Ubuntu SMP
Docker version 20.10.18, build b40c2f6
kolla-ansible 13.4.1.dev11
Install type source - Official images

Revision history for this message
Rodrigo Lima (rdlima1981) wrote :
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.