OpenStack-Ansible

Production environment in openstack-ansible -aodh service

Bug #1824150 reported by bel
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
New
Undecided
Unassigned

Bug Description

Hi all

I use below link to deploy openstack with LVM cinder backedn
URL: https://docs.openstack.org/openstack-ansible/rocky/user/prod/example.html

but when i check aodh service it give me these errors

# openstack alarm list
SSL exception connecting to https://10.205.61.25:8042/v2/alarms: HTTPSConnectionPool(host='10.205.61.25', port=8042): Max retries exceeded with url: /v2/alarms (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))

# aodh alarm list
SSL exception connecting to https://10.192.129.173:8042/v2/alarms: HTTPSConnectionPool(host='10.192.129.173', port=8042): Max retries exceeded with url: /v2/alarms (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_record', 'wrong version number')],)",),))

so please any help

Tags: os-aodh
Revision history for this message
bel (varr) wrote :

some updates

after some investigation i found that all endpoints for aodh service is https

root@infra2-utility-container-d14558a5:~# openstack endpoint list | grep aod
| 5433404ea8104acaa21c298c3321a59e | RegionOne | aodh | alarming | True | public | https://10.205.61.25:8042 |
| a307f569d27c454c860a05c043b2b1f8 | RegionOne | aodh | alarming | True | admin | https://10.192.129.173:8042 |
| f718f9f2bb174da3b6d606c3a661b82a | RegionOne | aodh | alarming | True | internal | https://10.192.129.173:8042 |

tags: added: os-aodh
Revision history for this message
bel (varr) wrote :

another some update

I have update endpoints records for aodh in keystone db

MariaDB [keystone]> select * from endpoint where url like "%%8042";
+----------------------------------+--------------------+-----------+----------------------------------+----------------------------+-------+---------+-----------+
| id | legacy_endpoint_id | interface | service_id | url | extra | enabled | region_id |
 +----------------------------------+--------------------+-----------+----------------------------------+----------------------------+-------+---------+-----------+
| 5433404ea8104acaa21c298c3321a59e | NULL | public | 55fc663b0f944c98a6ce2d9a50b5d261 | https://10.205.61.25:8042 | {} | 1 | RegionOne |
| a307f569d27c454c860a05c043b2b1f8 | NULL | admin | 55fc663b0f944c98a6ce2d9a50b5d261 | http://10.192.129.173:8042 | {} | 1 | RegionOne |
| f718f9f2bb174da3b6d606c3a661b82a | NULL | internal | 55fc663b0f944c98a6ce2d9a50b5d261 | http://10.192.129.173:8042 | {} | 1 | RegionOne |
 +----------------------------------+--------------------+-----------+----------------------------------+----------------------------+-------+---------+-----------+

then it get successful for aodh commands like : aodh alarm list

but it still need certificate for openstack commands as i pass haproxy.pem to the commands to get workaround solution

openstack alarm list --os-cacert haproxy.pem

please any confirmation

Revision history for this message
bel (varr) wrote :

I have found that openstack alarm list use public url which need certificate indeed but other commands which not related to aodh are using internal url so we need to make the alarms related commands' to use internal url

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.