When using python-neutronclient CLI against HTTPS endpoints,
it still validate the server certificate even invoking with --insecure option.
python-neutronclient git:(read-insecure) ✗ neutron --insecure --debug net-list
DEBUG: keystoneauth.session REQ: curl -g -i -X GET https://10.155.21.24:5000/v2.0 -H "Accept: application/json" -H "User-Agent: keystoneauth1/2.2.0 python-requests/2.9.1 CPython/2.7.10"
WARNING: keystoneauth.identity.generic.base Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL.
DEBUG: keystoneauth.identity.v2 Making authentication request to https://10.155.21.24:5000/v2.0/tokens
ERROR: neutronclient.shell SSL exception connecting to https://10.155.21.24:5000/v2.0/tokens: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
Traceback (most recent call last):
File "/Users/admin/python-dev/lib/python2.7/site-packages/neutronclient/shell.py", line 823, in run_subcommand
return run_command(cmd, cmd_parser, sub_argv)
File "/Users/admin/python-dev/lib/python2.7/site-packages/neutronclient/shell.py", line 105, in run_command
return cmd.run(known_args)
File "/Users/admin/python-dev/lib/python2.7/site-packages/cliff/display.py", line 92, in run
column_names, data = self.take_action(parsed_args)
File "/Users/admin/python-dev/lib/python2.7/site-packages/neutronclient/neutron/v2_0/__init__.py", line 697, in take_action
data = self.retrieve_list(parsed_args)
File "/Users/admin/python-dev/lib/python2.7/site-packages/neutronclient/neutron/v2_0/__init__.py", line 638, in retrieve_list
neutron_client = self.get_client()
File "/Users/admin/python-dev/lib/python2.7/site-packages/neutronclient/neutron/v2_0/__init__.py", line 406, in get_client
return self.app.client_manager.neutron
File "/Users/admin/python-dev/lib/python2.7/site-packages/neutronclient/common/clientmanager.py", line 39, in __get__
self._handle = self.factory(instance)
File "/Users/admin/python-dev/lib/python2.7/site-packages/neutronclient/neutron/client.py", line 34, in make_client
instance.initialize()
File "/Users/admin/python-dev/lib/python2.7/site-packages/neutronclient/common/clientmanager.py", line 116, in initialize
httpclient.authenticate()
File "/Users/admin/python-dev/lib/python2.7/site-packages/neutronclient/client.py", line 323, in authenticate
self.get_token()
File "/Users/admin/python-dev/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 113, in get_token
return self.session.get_token(auth or self.auth)
File "/Users/admin/python-dev/lib/python2.7/site-packages/keystoneauth1/session.py", line 618, in get_token
return (self.get_auth_headers(auth) or {}).get('X-Auth-Token')
File "/Users/admin/python-dev/lib/python2.7/site-packages/keystoneauth1/session.py", line 597, in get_auth_headers
return auth.get_headers(self, **kwargs)
File "/Users/admin/python-dev/lib/python2.7/site-packages/keystoneauth1/plugin.py", line 84, in get_headers
token = self.get_token(session)
File "/Users/admin/python-dev/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 89, in get_token
return self.get_access(session).auth_token
File "/Users/admin/python-dev/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 135, in get_access
self.auth_ref = self.get_auth_ref(session)
File "/Users/admin/python-dev/lib/python2.7/site-packages/keystoneauth1/identity/generic/base.py", line 181, in get_auth_ref
return self._plugin.get_auth_ref(session, **kwargs)
File "/Users/admin/python-dev/lib/python2.7/site-packages/keystoneauth1/identity/v2.py", line 64, in get_auth_ref
authenticated=False, log=False)
File "/Users/admin/python-dev/lib/python2.7/site-packages/keystoneauth1/session.py", line 545, in post
return self.request(url, 'POST', **kwargs)
File "/Users/admin/python-dev/lib/python2.7/site-packages/keystoneauth1/_utils.py", line 180, in inner
return func(*args, **kwargs)
File "/Users/admin/python-dev/lib/python2.7/site-packages/keystoneauth1/session.py", line 425, in request
resp = send(**kwargs)
File "/Users/admin/python-dev/lib/python2.7/site-packages/keystoneauth1/session.py", line 463, in _send_request
raise exceptions.SSLError(msg)
SSLError: SSL exception connecting to https://10.155.21.24:5000/v2.0/tokens: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
SSL exception connecting to https://10.155.21.24:5000/v2.0/tokens: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
It looks like the --insecure has not been passed to python-neutronclient.
Fix proposed to branch: master /review. openstack. org/273408
Review: https:/