certificate verify failed error for heat collector

Bug #1836471 reported by Andreas Florath
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
os-collect-config
Undecided
Unassigned

Bug Description

Running

    os-collect-config --print heat

leads to the error

    Authorization failed: SSL exception connecting to https://keystone.XXX:5000/v3/auth/tokens: HTTPSConnectionPool(host='keystone.XXX', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)'),))

As far as I can see, there is no way to configure the ca-cert on client side for the heat collector.

This problem is similar as described in

    https://bugs.launchpad.net/os-collect-config/+bug/1549797

or

    https://bugs.launchpad.net/os-collect-config/+bug/1482510

but those both use the cfn collector and were never fixed.

As a workaround it is possible to append the ca-cert file, like

    cat MyCA.crt >>/opt/stack/venvs/os-collect-config/local/lib/python2.7/site-packages/certifi/cacert.pem

Revision history for this message
Andreas Florath (ansreas) wrote :

Another workaround:

Relying on the fact, that under the hood 'requests' is used, the REQUESTS_CA_BUNDLE environment variable can be used:

    export REQUESTS_CA_BUNDLE=MyCA.crt

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers