python-keystoneclient

  1. Bug #1064835
  2. Comment #15

Comment 15 for bug 1064835

Revision history for this message
Sina Sadeghi (sina-sa) wrote :

I updated the package from quantal-proposed successfully. I checked the contents of shell.py to ensure the patch had been applied and removed all *.pyc files from /usr/lib/python2.7/dist-packages/keystoneclient/ to ensure no files from the previous version remained.

Unfortunately, it seems the bug still persists. I cannot interact with keystone using SSL, unless I use the --insecure flag, or specify the default cacerts.txt file by hand. Please see below.

# dpkg -l python-keystoneclient
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Description
+++-====================================-====================================-========================================================================================
ii python-keystoneclient 1:0.1.3-0ubuntu1.1 Client libary for Openstack Keystone API

# grep -B 4 CACERT /usr/share/pyshared/keystoneclient/shell.py

        parser.add_argument('--os-cacert',
                            metavar='<ca-certificate>',
                            default=env('OS_CA_CERT', default=None),
                            help='Defaults to env[OS_CACERT]')

# keystone service-list
No handlers could be found for logger "keystoneclient.client"
Unable to communicate with identity service: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed. (HTTP 400)

# keystone --insecure service-list
+----------------------------------+----------+--------------+------------------------------+
| id | name | type | description |
+----------------------------------+----------+--------------+------------------------------+
| 26b4ab0f46904930bc907ddf8204f09b | volume | volume | Nova Volume Service |
| 39d9a621022543c3aecc52734080725e | glance | image | Glance Image Service |
| 5b5d4d9edd2d45fab7a64a284349988c | swift | object-store | Swift Object Storage Service |
| 769f19f0d056482988558d6c611f2df8 | nova | compute | Nova Compute Service |
| a59de4515aae4e36b7a94ed2ad008fbe | ec2 | ec2 | EC2 Compatibility Layer |
| c77e502d8a8e42b18cfed9a6c4d35b9e | keystone | identity | Keystone Identity Service |
+----------------------------------+----------+--------------+------------------------------+

# keystone --os-cacert /usr/share/pyshared/httplib2/cacerts.txt service-list
+----------------------------------+----------+--------------+------------------------------+
| id | name | type | description |
+----------------------------------+----------+--------------+------------------------------+
| 26b4ab0f46904930bc907ddf8204f09b | volume | volume | Nova Volume Service |
| 39d9a621022543c3aecc52734080725e | glance | image | Glance Image Service |
| 5b5d4d9edd2d45fab7a64a284349988c | swift | object-store | Swift Object Storage Service |
| 769f19f0d056482988558d6c611f2df8 | nova | compute | Nova Compute Service |
| a59de4515aae4e36b7a94ed2ad008fbe | ec2 | ec2 | EC2 Compatibility Layer |
| c77e502d8a8e42b18cfed9a6c4d35b9e | keystone | identity | Keystone Identity Service |
+----------------------------------+----------+--------------+------------------------------+

# env | grep http
OS_AUTH_URL=https://keystone.sy3.aptira.com:5000
SERVICE_ENDPOINT=https://auth.aptira.com:35357/v2.0