certificate verify failed error for heat collector

Bug #1836471 reported by Andreas Florath
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description


    os-collect-config --print heat

leads to the error

    Authorization failed: SSL exception connecting to https://keystone.XXX:5000/v3/auth/tokens: HTTPSConnectionPool(host='keystone.XXX', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)'),))

As far as I can see, there is no way to configure the ca-cert on client side for the heat collector.

This problem is similar as described in




but those both use the cfn collector and were never fixed.

As a workaround it is possible to append the ca-cert file, like

    cat MyCA.crt >>/opt/stack/venvs/os-collect-config/local/lib/python2.7/site-packages/certifi/cacert.pem

Revision history for this message
Andreas Florath (ansreas) wrote :

Another workaround:

Relying on the fact, that under the hood 'requests' is used, the REQUESTS_CA_BUNDLE environment variable can be used:

    export REQUESTS_CA_BUNDLE=MyCA.crt

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.