For an existing environment that was functional, after upgrading to 2023.2, it can no longer create load balancers.
2024-01-16 21:47:18.081 10 ERROR wsme.api [None req-1768fc21-085d-48e4-95e1-18b19248e6a8 - 4cb4feb4eed947b8a686fb21be17eea0 - - default default] Server-side error: "SSL exception connecting to https://network.199-204-45-49.nip.io/v2.0/extensions/security-group: HTTPSConnectionPool(host='network.199-204-45-49.nip.io', port=443): Max retries exceeded with url: /v2.0/extensions/security-group (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)')))". Detail:
Traceback (most recent call last):
File "/var/lib/openstack/lib/python3.10/site-packages/urllib3/connectionpool.py", line 703, in urlopen
httplib_response = self._make_request(
File "/var/lib/openstack/lib/python3.10/site-packages/urllib3/connectionpool.py", line 386, in _make_request
self._validate_conn(conn)
File "/var/lib/openstack/lib/python3.10/site-packages/urllib3/connectionpool.py", line 1042, in _validate_conn
conn.connect()
File "/var/lib/openstack/lib/python3.10/site-packages/urllib3/connection.py", line 419, in connect
self.sock = ssl_wrap_socket(
File "/var/lib/openstack/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
ssl_sock = _ssl_wrap_socket_impl(
File "/var/lib/openstack/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/var/lib/openstack/lib/python3.10/site-packages/eventlet/green/ssl.py", line 446, in wrap_socket
return GreenSSLSocket(sock, *a, _context=self, **kw)
File "/var/lib/openstack/lib/python3.10/site-packages/eventlet/green/ssl.py", line 140, in __init__
self.do_handshake()
File "/var/lib/openstack/lib/python3.10/site-packages/eventlet/green/ssl.py", line 312, in do_handshake
return self._call_trampolining(
File "/var/lib/openstack/lib/python3.10/site-packages/eventlet/green/ssl.py", line 162, in _call_trampolining
return func(*a, **kw)
File "/usr/lib/python3.10/ssl.py", line 1371, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/var/lib/openstack/lib/python3.10/site-packages/requests/adapters.py", line 489, in send
resp = conn.urlopen(
File "/var/lib/openstack/lib/python3.10/site-packages/urllib3/connectionpool.py", line 787, in urlopen
retries = retries.increment(
File "/var/lib/openstack/lib/python3.10/site-packages/urllib3/util/retry.py", line 592, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='network.199-204-45-49.nip.io', port=443): Max retries exceeded with url: /v2.0/extensions/security-group (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/var/lib/openstack/lib/python3.10/site-packages/keystoneauth1/session.py", line 1014, in _send_request
resp = self.session.request(method, url, **kwargs)
File "/var/lib/openstack/lib/python3.10/site-packages/requests/sessions.py", line 587, in request
resp = self.send(prep, **send_kwargs)
File "/var/lib/openstack/lib/python3.10/site-packages/requests/sessions.py", line 701, in send
r = adapter.send(request, **kwargs)
File "/var/lib/openstack/lib/python3.10/site-packages/requests/adapters.py", line 563, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='network.199-204-45-49.nip.io', port=443): Max retries exceeded with url: /v2.0/extensions/security-group (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/var/lib/openstack/lib/python3.10/site-packages/wsmeext/pecan.py", line 82, in callfunction
result = f(self, *args, **kwargs)
File "/var/lib/openstack/lib/python3.10/site-packages/octavia/api/v2/controllers/load_balancer.py", line 453, in post
self._validate_vip_request_object(load_balancer, context=context)
File "/var/lib/openstack/lib/python3.10/site-packages/octavia/api/v2/controllers/load_balancer.py", line 293, in _validate_vip_request_object
subnet = validate.subnet_exists(
File "/var/lib/openstack/lib/python3.10/site-packages/octavia/common/validate.py", line 344, in subnet_exists
network_driver = utils.get_network_driver()
File "/var/lib/openstack/lib/python3.10/site-packages/octavia/common/utils.py", line 66, in get_network_driver
network_driver = stevedore_driver.DriverManager(
File "/var/lib/openstack/lib/python3.10/site-packages/stevedore/driver.py", line 54, in __init__
super(DriverManager, self).__init__(
File "/var/lib/openstack/lib/python3.10/site-packages/stevedore/named.py", line 78, in __init__
extensions = self._load_plugins(invoke_on_load,
File "/var/lib/openstack/lib/python3.10/site-packages/stevedore/extension.py", line 218, in _load_plugins
self._on_load_failure_callback(self, ep, err)
File "/var/lib/openstack/lib/python3.10/site-packages/stevedore/extension.py", line 206, in _load_plugins
ext = self._load_one_plugin(ep,
File "/var/lib/openstack/lib/python3.10/site-packages/stevedore/named.py", line 156, in _load_one_plugin
return super(NamedExtensionManager, self)._load_one_plugin(
File "/var/lib/openstack/lib/python3.10/site-packages/stevedore/extension.py", line 242, in _load_one_plugin
obj = plugin(*invoke_args, **invoke_kwds)
File "/var/lib/openstack/lib/python3.10/site-packages/octavia/network/drivers/neutron/allowed_address_pairs.py", line 45, in __init__
super().__init__()
File "/var/lib/openstack/lib/python3.10/site-packages/octavia/network/drivers/neutron/base.py", line 41, in __init__
self.sec_grp_enabled = self._check_extension_enabled(SEC_GRP_EXT_ALIAS)
File "/var/lib/openstack/lib/python3.10/site-packages/octavia/network/drivers/neutron/base.py", line 60, in _check_extension_enabled
if self.network_proxy.find_extension(extension_alias):
File "/var/lib/openstack/lib/python3.10/site-packages/openstack/network/v2/_proxy.py", line 1170, in find_extension
return self._find(
File "/var/lib/openstack/lib/python3.10/site-packages/openstack/proxy.py", line 500, in _find
return resource_type.find(
File "/var/lib/openstack/lib/python3.10/site-packages/openstack/resource.py", line 2297, in find
return match.fetch(session, microversion=microversion, **params)
File "/var/lib/openstack/lib/python3.10/site-packages/openstack/resource.py", line 1698, in fetch
response = session.get(
File "/var/lib/openstack/lib/python3.10/site-packages/keystoneauth1/adapter.py", line 395, in get
return self.request(url, 'GET', **kwargs)
File "/var/lib/openstack/lib/python3.10/site-packages/openstack/proxy.py", line 190, in request
response = super().request(
File "/var/lib/openstack/lib/python3.10/site-packages/keystoneauth1/adapter.py", line 257, in request
return self.session.request(url, method, **kwargs)
File "/var/lib/openstack/lib/python3.10/site-packages/keystoneauth1/session.py", line 923, in request
resp = send(**kwargs)
File "/var/lib/openstack/lib/python3.10/site-packages/keystoneauth1/session.py", line 1018, in _send_request
raise exceptions.SSLError(msg)
keystoneauth1.exceptions.connection.SSLError: SSL exception connecting to https://network.199-204-45-49.nip.io/v2.0/extensions/security-group: HTTPSConnectionPool(host='network.199-204-45-49.nip.io', port=443): Max retries exceeded with url: /v2.0/extensions/security-group (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)')))
: keystoneauth1.exceptions.connection.SSLError: SSL exception connecting to https://network.199-204-45-49.nip.io/v2.0/extensions/security-group: HTTPSConnectionPool(host='network.199-204-45-49.nip.io', port=443): Max retries exceeded with url: /v2.0/extensions/security-group (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)')))
You'll see that it's using the public address even when `[neutron]/endpoint_type` is set to `internalURL`
I tried this but it didn't work:
https:/ /review. opendev. org/c/openstack /octavia/ +/905794