We are seeing the following problem when deploying OSA with queens. The deployment uses openstacksdk-0.12.0. If we revert back to 0.11.3, everything is working OK it seems. We are using the '--insecure' option (as you can see from the logs) so self-signed certificates should be accepted.
~$ openstack network list
SSL exception connecting to https://192.168.122.3:5000/v3/auth/tokens: HTTPSConnectionPool(host='192.168.122.3', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
When using the --debug option we find the following info
---------------------------------
[...]
https://192.168.122.3:5000 "POST /v3/auth/tokens HTTP/1.1" 201 6629 [114/1852]
{"token": {"is_domain": false, "methods": ["password"], "roles": [{"id": "3c52e002ccd5487ea61fae95488f0d64", "name": "heat_stack_owner"}, {"id": "1ee90c77f43a477cba7b113d73d177ba", "name": "admin"}], "expires_at": "2018-03-08T23:08:52.000
000Z", "project": {"domain": {"id": "default", "name": "Default"}, "id": "555b4a59028e4106ac0366b70fcea856", "name": "admin"}, "catalog": [{"endpoints": [{"url": "https://192.168.122.3:8776/v2/555b4a59028e4106ac0366b70fcea856", "interface
": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "0d22a9f5b3774aefbc6d0d906d3f8bf4"}, {"url": "http://172.29.236.11:8776/v2/555b4a59028e4106ac0366b70fcea856", "interface": "admin", "region": "RegionOne", "region_id": "R
egionOne", "id": "c989da0d970741d280135c3e8139c773"}, {"url": "http://172.29.236.11:8776/v2/555b4a59028e4106ac0366b70fcea856", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "f4c336b69f9d4e0cbb46554d1e9d13
14"}], "type": "volumev2", "id": "180e449dcf244e11a7588cfb90a054f4", "name": "cinderv2"}, {"endpoints": [{"url": "https://192.168.122.3:8000/v1", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "10297c0d36ac4
63986b207e8e47af844"}, {"url": "http://172.29.236.11:8000/v1", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "20cae9261ba54bc7a7f88150291376de"}, {"url": "http://172.29.236.11:8000/v1", "interface": "admi
n", "region": "RegionOne", "region_id": "RegionOne", "id": "3eb7b464b3034bca8e86acc119d29985"}], "type": "cloudformation", "id": "24f64da3e74c436fb81e2dc03ec8e469", "name": "heat-cfn"}, {"endpoints": [{"url": "https://192.168.122.3:8004/v
1/555b4a59028e4106ac0366b70fcea856", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "315bd34eaf01453b8dbf0af07ca523ea"}, {"url": "http://172.29.236.11:8004/v1/555b4a59028e4106ac0366b70fcea856", "interface":
"admin", "region": "RegionOne", "region_id": "RegionOne", "id": "7615fd428f064175bf4b209594637c69"}, {"url": "http://172.29.236.11:8004/v1/555b4a59028e4106ac0366b70fcea856", "interface": "internal", "region": "RegionOne", "region_id": "Re
gionOne", "id": "9abdfe69c72f40f39bf0c5c81f129231"}], "type": "orchestration", "id": "28a31b63ebe641b8bdaadd087588afae", "name": "heat"}, {"endpoints": [{"url": "https://192.168.122.3:9292", "interface": "public", "region": "RegionOne", "
region_id": "RegionOne", "id": "09fe1c1545a846bb87eb73419bce13fa"}, {"url": "http://172.29.236.11:9292", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "7bca62ecd16c451e94196fd6e20f079f"}, {"url": "http://172
.29.236.11:9292", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "96763daa373742f9b3e7a46c26268df7"}], "type": "image", "id": "2a8cb1ec27c948e8a11c1adb81549fb1", "name": "glance"}, {"endpoints": [{"url": "
https://192.168.122.3:5000", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "2c904d58acc0443c9593c74e77852242"}, {"url": "http://172.29.236.11:5000", "interface": "internal", "region": "RegionOne", "region_i
d": "RegionOne", "id": "89dda988c70441fd85816270a644c40d"}, {"url": "http://172.29.236.11:35357", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "b0c21b48e1e84e1b9afbacf9494768d2"}], "type": "identity", "id":
"2b0abb5c61fb4d6289c7064acfe4ce85", "name": "keystone"}, {"endpoints": [{"url": "http://172.29.236.11:9696", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "2c47c66b9d2c483cb90954ec840f1496"}, {"url": "ht
tps://192.168.122.3:9696", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "f73be3b440384ee1bd747fc25a3710ff"}, {"url": "http://172.29.236.11:9696", "interface": "admin", "region": "RegionOne", "region_id": "
RegionOne", "id": "ff9c7526a9fe467281ce537bb18e85d0"}], "type": "network", "id": "652c2a8b8e4d4791a36e71ec1997a99a", "name": "neutron"}, {"endpoints": [{"url": "http://172.29.236.11:8774/v2.1", "interface": "internal", "region": "RegionOn
e", "region_id": "RegionOne", "id": "77d5b61ac8ad48bf80b0911851798cb8"}, {"url": "https://192.168.122.3:8774/v2.1", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "9647637f735d4a4ab049f7bc9a84e2a0"}, {"url":
"http://172.29.236.11:8774/v2.1", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "fdba31316c16424dbcd08a870b6c98b4"}], "type": "compute", "id": "6a5917ae212046c08ca5acecf625fb64", "name": "nova"}, {"endpoint
s": [{"url": "https://192.168.122.3:8776/v3/555b4a59028e4106ac0366b70fcea856", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "079b0bd1f3cc474f825ed204a7874570"}, {"url": "http://172.29.236.11:8776/v3/555b4a
59028e4106ac0366b70fcea856", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "114e39cd53d44bc197d2b98e02adf229"}, {"url": "http://172.29.236.11:8776/v3/555b4a59028e4106ac0366b70fcea856", "interface": "internal
", "region": "RegionOne", "region_id": "RegionOne", "id": "16d69a8751cc4073bfa3036a8f8c931b"}], "type": "volumev3", "id": "a15c3e548d1c446ab3c359dba9312602", "name": "cinderv3"}, {"endpoints": [{"url": "https://192.168.122.3:8776/v1/555b4
a59028e4106ac0366b70fcea856", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "0f23ba248c8b4a018f7862e6f893f2af"}, {"url": "http://172.29.236.11:8776/v1/555b4a59028e4106ac0366b70fcea856", "interface": "admin"
, "region": "RegionOne", "region_id": "RegionOne", "id": "cd58568dfe7e47aab6cb379f564693bd"}, {"url": "http://172.29.236.11:8776/v1/555b4a59028e4106ac0366b70fcea856", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne
", "id": "d06fefe17cdc4dc2b9232cd62bfaac15"}], "type": "volume", "id": "a23d7ca72ebf4798847a669048a3cad6", "name": "cinder"}, {"endpoints": [{"url": "http://172.29.236.11:8780", "interface": "admin", "region": "RegionOne", "region_id": "R
egionOne", "id": "1eb818f693434ac3aaffe42f547f67d6"}, {"url": "https://192.168.122.3:8780", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "6c13a2f39a7f46afa6bcff244245ee37"}, {"url": "http://172.29.236.11:8
780", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "7ab901ee8e294bb09243313de1558af8"}], "type": "placement", "id": "a62a4570cf6b4c3eae69ba1a17131438", "name": "placement"}], "user": {"domain": {"id": "d
efault", "name": "Default"}, "password_expires_at": null, "name": "admin", "id": "30ac504f45bf49278d85659e5e44e6a3"}, "audit_ids": ["OSNQUpIBRGGs_9N5pToGFQ"], "issued_at": "2018-03-08T11:08:52.000000Z"}}
get_parser(openstack network list)
common parser: ArgumentParser(prog=u'openstack network list', usage=None, description=u'List networks', version=None, formatter_class=<class 'cliff.command._SmartHelpFormatter'>, conflict_handler='error', add_help=True)
network endpoint in service catalog
run(Namespace(agent_id=None, any_tags=None, columns=[], disable=False, enable=False, external=False, fit_width=False, formatter='table', internal=False, long=False, max_width=0, name=None, no_share=False, noindent=False, not_any_tags=None
, not_tags=None, physical_network=None, print_empty=False, project=None, project_domain=None, provider_network_type=None, quote_mode='nonnumeric', segmentation_id=None, share=False, sort_columns=[], status=None, tags=None))
network endpoint in service catalog
Connection: <openstack.connection.Connection object at 0x7f8da68b6f90>
Network client initialized using OpenStack SDK: <openstack.network.v2._proxy.Proxy object at 0x7f8da6835d90>
Instantiating identity client: <class 'keystoneclient.v3.client.Client'>
Manager RegionOne running task network.GET.networks
Making authentication request to https://192.168.122.3:5000/v3/auth/tokens
Starting new HTTPS connection (1): 192.168.122.3
Manager RegionOne ran task network.GET.networks in 0.0207979679108s
SSL exception connecting to https://192.168.122.3:5000/v3/auth/tokens: HTTPSConnectionPool(host='192.168.122.3', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines
', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/cliff/app.py", line 400, in run_subcommand
result = cmd.run(parsed_args)
File "/usr/lib/python2.7/site-packages/osc_lib/command/command.py", line 41, in run
return super(Command, self).run(parsed_args)
File "/usr/lib/python2.7/site-packages/cliff/display.py", line 119, in run
self.produce_output(parsed_args, column_names, data)
File "/usr/lib/python2.7/site-packages/cliff/lister.py", line 82, in produce_output
parsed_args,
File "/usr/lib/python2.7/site-packages/cliff/formatters/table.py", line 101, in emit_list
self.add_rows(x, column_names, data)
File "/usr/lib/python2.7/site-packages/cliff/formatters/table.py", line 80, in add_rows
first_row = next(data_iter)
File "/usr/lib/python2.7/site-packages/openstackclient/network/v2/network.py", line 550, in <genexpr> [57/1852]
(utils.get_item_properties(
File "/usr/lib/python2.7/site-packages/openstack/resource.py", line 899, in list
params=query_params.copy())
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 304, in get
return self.request(url, 'GET', **kwargs)
File "/usr/lib/python2.7/site-packages/openstack/_adapter.py", line 145, in request
**kwargs)
File "/usr/lib/python2.7/site-packages/openstack/task_manager.py", line 138, in submit_function
return self.submit_task(task)
File "/usr/lib/python2.7/site-packages/openstack/task_manager.py", line 127, in submit_task
return self.run_task(task=task)
File "/usr/lib/python2.7/site-packages/openstack/task_manager.py", line 159, in run_task
return self._run_task(task)
File "/usr/lib/python2.7/site-packages/openstack/task_manager.py", line 179, in _run_task
return task.wait()
File "/usr/lib/python2.7/site-packages/openstack/task_manager.py", line 81, in wait
self._traceback)
File "/usr/lib/python2.7/site-packages/openstack/task_manager.py", line 89, in run
self.done(self.main())
File "/usr/lib/python2.7/site-packages/openstack/task_manager.py", line 61, in main
return self._main(*self.args, **self.kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 189, in request
return self.session.request(url, method, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 573, in request
auth_headers = self.get_auth_headers(auth)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 900, in get_auth_headers
return auth.get_headers(self, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/plugin.py", line 95, in get_headers
token = self.get_token(session)
File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 88, in get_token
return self.get_access(session).auth_token
File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 134, in get_access
self.auth_ref = self.get_auth_ref(session)
File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/generic/base.py", line 198, in get_auth_ref
return self._plugin.get_auth_ref(session, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/v3/base.py", line 165, in get_auth_ref
authenticated=False, log=False, **rkwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 848, in post
return self.request(url, 'POST', **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 698, in request
resp = send(**kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 760, in _send_request
raise exceptions.SSLError(msg)
SSLError: SSL exception connecting to https://192.168.122.3:5000/v3/auth/tokens: HTTPSConnectionPool(host='192.168.122.3', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by SSLError(SSLError("bad handshake: Error([('SS
L routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
clean_up ListNetwork: SSL exception connecting to https://192.168.122.3:5000/v3/auth/tokens: HTTPSConnectionPool(host='192.168.122.3', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by SSLError(SSLError("bad handshake:
Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/osc_lib/shell.py", line 134, in run
ret_val = super(OpenStackShell, self).run(argv)
File "/usr/lib/python2.7/site-packages/cliff/app.py", line 279, in run
result = self.run_subcommand(remainder)
File "/usr/lib/python2.7/site-packages/osc_lib/shell.py", line 169, in run_subcommand
ret_value = super(OpenStackShell, self).run_subcommand(argv)
File "/usr/lib/python2.7/site-packages/cliff/app.py", line 400, in run_subcommand
result = cmd.run(parsed_args)
File "/usr/lib/python2.7/site-packages/osc_lib/command/command.py", line 41, in run
return super(Command, self).run(parsed_args)
File "/usr/lib/python2.7/site-packages/cliff/display.py", line 119, in run
self.produce_output(parsed_args, column_names, data)
File "/usr/lib/python2.7/site-packages/cliff/lister.py", line 82, in produce_output
parsed_args,
File "/usr/lib/python2.7/site-packages/cliff/formatters/table.py", line 101, in emit_list
self.add_rows(x, column_names, data)
File "/usr/lib/python2.7/site-packages/cliff/formatters/table.py", line 80, in add_rows
first_row = next(data_iter)
File "/usr/lib/python2.7/site-packages/openstackclient/network/v2/network.py", line 550, in <genexpr>
(utils.get_item_properties(
File "/usr/lib/python2.7/site-packages/openstack/resource.py", line 899, in list
params=query_params.copy())
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 304, in get
return self.request(url, 'GET', **kwargs)
File "/usr/lib/python2.7/site-packages/openstack/_adapter.py", line 145, in request
**kwargs)
File "/usr/lib/python2.7/site-packages/openstack/task_manager.py", line 138, in submit_function
return self.submit_task(task)
File "/usr/lib/python2.7/site-packages/openstack/task_manager.py", line 127, in submit_task
return self.run_task(task=task)
File "/usr/lib/python2.7/site-packages/openstack/task_manager.py", line 159, in run_task
return self._run_task(task)
File "/usr/lib/python2.7/site-packages/openstack/task_manager.py", line 179, in _run_task
return task.wait()
File "/usr/lib/python2.7/site-packages/openstack/task_manager.py", line 81, in wait
self._traceback)
File "/usr/lib/python2.7/site-packages/openstack/task_manager.py", line 89, in run
self.done(self.main())
File "/usr/lib/python2.7/site-packages/openstack/task_manager.py", line 61, in main
return self._main(*self.args, **self.kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 189, in request
return self.session.request(url, method, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 573, in request
auth_headers = self.get_auth_headers(auth)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 900, in get_auth_headers
return auth.get_headers(self, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/plugin.py", line 95, in get_headers
token = self.get_token(session)
File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 88, in get_token
return self.get_access(session).auth_token
File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 134, in get_access
self.auth_ref = self.get_auth_ref(session)
File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/generic/base.py", line 198, in get_auth_ref
return self._plugin.get_auth_ref(session, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/v3/base.py", line 165, in get_auth_ref
authenticated=False, log=False, **rkwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 848, in post
return self.request(url, 'POST', **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 698, in request
resp = send(**kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 760, in _send_request
raise exceptions.SSLError(msg)
SSLError: SSL exception connecting to https://192.168.122.3:5000/v3/auth/tokens: HTTPSConnectionPool(host='192.168.122.3', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
Looks like our upper-constrains file was wrong and 0.12.0 shouldn't have been pulled in the first place. Closing as invalid