kolla-ansible

Service cinder-backup failed when Swift with TLS enabled

Bug #2051986 reported by Maksim Malchuk on 2024-02-01

This bug affects 1 person

	Status	Importance	Assigned to
kolla-ansible	Status tracked in Caracal
Antelope	In Progress	Medium	Unassigned
Bobcat	Fix Committed	Medium	Unassigned
Caracal	Fix Released	Medium	Maksim Malchuk
Yoga	Confirmed	Medium	Unassigned
Zed	Confirmed	Medium	Unassigned

Bug Description

Service cinder-backup failed when Swift with TLS enabled even with configuration (Ubuntu, Xena):

[DEFAULT]
backup_swift_ca_cert_file = /etc/ssl/certs/ca-certificates.crt

the full error trace:

2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift [-] Can not get Swift capabilities during backup driver initialization.: requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.44.40', port=8080): Max retries exceeded with url: /info (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)')))
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift Traceback (most recent call last):
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/var/lib/kolla/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 699, in urlopen
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift httplib_response = self._make_request(
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/var/lib/kolla/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 382, in _make_request
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift self._validate_conn(conn)
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/var/lib/kolla/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift conn.connect()
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/var/lib/kolla/venv/lib/python3.8/site-packages/urllib3/connection.py", line 411, in connect
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift self.sock = ssl_wrap_socket(
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/var/lib/kolla/venv/lib/python3.8/site-packages/urllib3/util/ssl_.py", line 453, in ssl_wrap_socket
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls)
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/var/lib/kolla/venv/lib/python3.8/site-packages/urllib3/util/ssl_.py", line 495, in _ssl_wrap_socket_impl
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift return ssl_context.wrap_socket(sock)
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/var/lib/kolla/venv/lib/python3.8/site-packages/eventlet/green/ssl.py", line 445, in wrap_socket
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift return GreenSSLSocket(sock, *a, _context=self, **kw)
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/var/lib/kolla/venv/lib/python3.8/site-packages/eventlet/green/ssl.py", line 139, in __init__
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift self.do_handshake()
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/var/lib/kolla/venv/lib/python3.8/site-packages/eventlet/green/ssl.py", line 311, in do_handshake
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift return self._call_trampolining(
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/var/lib/kolla/venv/lib/python3.8/site-packages/eventlet/green/ssl.py", line 161, in _call_trampolining
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift return func(*a, **kw)
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/usr/lib/python3.8/ssl.py", line 1338, in do_handshake
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift self._sslobj.do_handshake()
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable toget local issuer certificate (_ssl.c:1131)
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift During handling of the above exception, another exception occurred:
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift Traceback (most recent call last):
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/var/lib/kolla/venv/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift resp = conn.urlopen(
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/var/lib/kolla/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 755, in urlopen
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift retries = retries.increment(
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/var/lib/kolla/venv/lib/python3.8/site-packages/urllib3/util/retry.py", line 574, in increment
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift raise MaxRetryError(_pool, url, error or ResponseError(cause))
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='192.168.44.40', port=8080): Max retries exceeded with url: /info (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)')))
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift During handling of the above exception, another exception occurred:
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift Traceback (most recent call last):
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/var/lib/kolla/venv/lib/python3.8/site-packages/cinder/backup/drivers/swift.py", line 420, in check_for_setup_error
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift conn.get_capabilities()
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/var/lib/kolla/venv/lib/python3.8/site-packages/swiftclient/client.py", line 2059, in get_capabilities
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift return get_capabilities((parsed, self.http_conn[1]))
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/var/lib/kolla/venv/lib/python3.8/site-packages/swiftclient/client.py", line 1677, in get_capabilities
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift conn.request('GET', parsed.path, '', headers)
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/var/lib/kolla/venv/lib/python3.8/site-packages/swiftclient/client.py", line 470, in request
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift self.resp = self._request(method, url, headers=headers, data=data,
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/var/lib/kolla/venv/lib/python3.8/site-packages/swiftclient/client.py", line 454, in _request
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift return self.request_session.request(*arg, **kwarg)
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/var/lib/kolla/venv/lib/python3.8/site-packages/requests/sessions.py", line 542, in request
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift resp = self.send(prep, **send_kwargs)
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/var/lib/kolla/venv/lib/python3.8/site-packages/requests/sessions.py", line 655, in send
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift r = adapter.send(request, **kwargs)
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift File "/var/lib/kolla/venv/lib/python3.8/site-packages/requests/adapters.py", line 514, in send
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift raise SSLError(e, request=request)
2024-02-01 21:00:30.208 1033 ERROR cinder.backup.drivers.swift requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.44.40', port=8080): Max retries exceeded with url: /info (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)')))

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-02-01: Fix proposed to kolla-ansible (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/907495

Changed in kolla-ansible:
status:	New → In Progress

Maksim Malchuk (mmalchuk) on 2024-02-01

Changed in kolla-ansible:
importance:	Undecided → Medium
assignee:	nobody → Maksim Malchuk (mmalchuk)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-04-24: Fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/907495
Committed: https://opendev.org/openstack/kolla-ansible/commit/8fb7929bfa0c525f225d0bd45958ffc73bbe8be4
Submitter: "Zuul (22348)"
Branch: master

commit 8fb7929bfa0c525f225d0bd45958ffc73bbe8be4
Author: Maksim Malchuk <email address hidden>
Date: Thu Feb 1 19:18:18 2024 +0300

Fix 'cinder-backup' service when Swift with TLS enabled

    Closes-Bug: #2051986
    Depends-On: https://review.opendev.org/c/openstack/cinder/+/907494
    Change-Id: I6a17e689d62ab467b7dcc2650e7f63813ce84a12
    Signed-off-by: Maksim Malchuk <email address hidden>

Changed in kolla-ansible:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-04-24: Fix proposed to kolla-ansible (stable/2023.2)

Fix proposed to branch: stable/2023.2
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/916774

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-04-26: Fix proposed to kolla-ansible (stable/2023.1)

Fix proposed to branch: stable/2023.1
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/917088

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-04-26: Fix merged to kolla-ansible (stable/2023.2)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/916774
Committed: https://opendev.org/openstack/kolla-ansible/commit/1fa4d718e3e95c09157fdea520e205b0f6613210
Submitter: "Zuul (22348)"
Branch: stable/2023.2

commit 1fa4d718e3e95c09157fdea520e205b0f6613210
Author: Maksim Malchuk <email address hidden>
Date: Thu Feb 1 19:18:18 2024 +0300

Fix 'cinder-backup' service when Swift with TLS enabled

    Closes-Bug: #2051986
    Depends-On: https://review.opendev.org/c/openstack/cinder/+/909242
    Change-Id: I6a17e689d62ab467b7dcc2650e7f63813ce84a12
    Signed-off-by: Maksim Malchuk <email address hidden>
    (cherry picked from commit 8fb7929bfa0c525f225d0bd45958ffc73bbe8be4)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.