kolla

Magnum fail to create cluster template when using a self-signed certificate

  1. Series ocata
  2. Bug #1706170
Bug #1706170 reported by Simon Guyennet
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla
Fix Released
Medium
Unassigned
Ocata
Triaged
Medium
Eduardo Gonzalez

Bug Description

Hi,

I deployed OpenStack Ocata AIO with a self-signed certificate. The certificate is generated with the command 'kolla-genpwd'.

When I try to create a cluster template with Magnum, it failed. After investigation here is what I found in the magnum-api.log:

2017-07-24 19:30:49.683 18 INFO werkzeug [req-022d6f65-dab6-41a5-9d59-23a914dfc720 99799bbc61e5415dbdd9f27ac5b277c9 05d0cc5909e6447fbc26a60b52d42adc default - -] 10.10.20.31 - - [24/Jul/2017 19:30:49] "GET /v1/clustertemplates/detail HTTP/1.1" 200 -
2017-07-24 19:31:50.882 19 ERROR wsme.api [req-dd37aa12-1b12-4430-95f3-e687ef308bbf 99799bbc61e5415dbdd9f27ac5b277c9 05d0cc5909e6447fbc26a60b52d42adc default - -] Server-side error: "SSL certificate validation has failed: %(reason)s". Detail:
Traceback (most recent call last):

  File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/wsmeext/pecan.py", line 85, in callfunction
    result = f(self, *args, **kwargs)

  File "<decorator-gen-22>", line 2, in post

  File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/magnum/api/validation.py", line 89, in wrapper
    return func(*args, **kwargs)

  File "<decorator-gen-21>", line 2, in post

  File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/magnum/api/validation.py", line 52, in wrapper
    return func(*args, **kwargs)

  File "<decorator-gen-20>", line 2, in post

  File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/magnum/api/validation.py", line 104, in wrapper
    return func(*args, **kwargs)

  File "<decorator-gen-19>", line 2, in post

  File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/magnum/api/validation.py", line 114, in wrapper
    return func(*args, **kwargs)

  File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/magnum/api/controllers/v1/cluster_template.py", line 343, in post
    attr_validator.validate_os_resources(context, cluster_template_dict)

  File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/magnum/api/attr_validator.py", line 193, in validate_os_resources
    validate_method(cli, cluster_template[attr])

  File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/magnum/api/attr_validator.py", line 79, in validate_external_network
    networks = cli.neutron().list_networks(**ext_filter)

  File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 778, in list_networks
    **_params)

  File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 376, in list
    for r in self._pagination(collection, path, **params):

  File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 391, in _pagination
    res = self.get(path, params=params)

  File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 361, in get
    headers=headers, params=params)

  File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 338, in retry_request
    headers=headers, params=params)

  File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 289, in do_request
    resp, replybody = self.httpclient.do_request(action, method, body=body)

  File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/client.py", line 175, in do_request
    **kwargs)

  File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/client.py", line 105, in _cs_request
    raise exceptions.SslCertificateValidationError(reason=e)

SslCertificateValidationError: SSL certificate validation has failed: %(reason)s

2017-07-24 19:31:50.884 19 INFO werkzeug [req-dd37aa12-1b12-4430-95f3-e687ef308bbf 99799bbc61e5415dbdd9f27ac5b277c9 05d0cc5909e6447fbc26a60b52d42adc default - -] 10.10.20.31 - - [24/Jul/2017 19:31:50] "POST /v1/clustertemplates HTTP/1.1" 500 -

It looks like Magnum is trying to access the external API instead of the internal one.
Obviously if I deploy OpenStack without SSL everything is working fine.

Thanks a lot,

Simon Guyennet

Revision history for this message
Eduardo Gonzalez (egonzalez90) wrote :

Hi, this bug was fixes in master with this commit https://github.com/openstack/kolla-ansible/commit/fdc75cdd8c686d55ad2fcc5b86287a82b853cc78 .

Will backport the fix

Changed in kolla:
status: New → Triaged
importance: Undecided → Medium
assignee: nobody → Eduardo Gonzalez (egonzalez90)
status: Triaged → Fix Released
assignee: Eduardo Gonzalez (egonzalez90) → nobody
Revision history for this message
Simon Guyennet (sguyennet) wrote :

Thanks a lot.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 4.0.3

This issue was fixed in the openstack/kolla-ansible 4.0.3 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.