os-collect-config

certificate verify failed error for heat collector

Bug #1836471 reported by Andreas Florath
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
os-collect-config
New
Undecided
Unassigned

Bug Description

Running

    os-collect-config --print heat

leads to the error

    Authorization failed: SSL exception connecting to https://keystone.XXX:5000/v3/auth/tokens: HTTPSConnectionPool(host='keystone.XXX', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)'),))

As far as I can see, there is no way to configure the ca-cert on client side for the heat collector.

This problem is similar as described in

    https://bugs.launchpad.net/os-collect-config/+bug/1549797

or

    https://bugs.launchpad.net/os-collect-config/+bug/1482510

but those both use the cfn collector and were never fixed.

As a workaround it is possible to append the ca-cert file, like

    cat MyCA.crt >>/opt/stack/venvs/os-collect-config/local/lib/python2.7/site-packages/certifi/cacert.pem

Revision history for this message
Andreas Florath (ansreas) wrote :

Another workaround:

Relying on the fact, that under the hood 'requests' is used, the REQUESTS_CA_BUNDLE environment variable can be used:

    export REQUESTS_CA_BUNDLE=MyCA.crt

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.