python-watcherclient

watcher client does not support SSL

Bug #1545007 reported by David TARDIVEL
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-watcherclient
Triaged
Medium
Unassigned

Bug Description

env : devstack with USE_SSL=TRUE + patches to be able to deploy Watcher with SSL ('https' enpoints)

If I run, for instance, watcher audit-list, I've got this error on client side

vagrant@controller:~$ watcher --debug audit-list
DEBUG (session:198) REQ: curl -g -i -X GET https://192.168.99.11:5000/v2.0 -H "Accept: application/json" -H "User-Agent: python-keystoneclient"
INFO (connectionpool:756) Starting new HTTPS connection (1): 192.168.99.11
/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:100: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
DEBUG (connectionpool:387) "GET /v2.0 HTTP/1.1" 200 340
DEBUG (session:216) RESP: [200] Content-Length: 340 Vary: X-Auth-Token Keep-Alive: timeout=5, max=100 Server: Apache/2.4.7 (Ubuntu) Connection: Keep-Alive Date: Fri, 12 Feb 2016 13:22:53 GMT Content-Type: application/json x-openstack-request-id: req-4b9dd432-d25a-4dc6-911e-764e1831f033
RESP BODY: {"version": {"status": "stable", "updated": "2014-04-17T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v2.0+json"}], "id": "v2.0", "links": [{"href": "https://192.168.99.11:5000/v2.0/", "rel": "self"}, {"href": "http://docs.openstack.org/", "type": "text/html", "rel": "describedby"}]}}

WARNING (base:316) Plugin cannot return an endpoint without knowing the service type that is required. Add service_type to endpoint filtering data.
DEBUG (v2:86) Making authentication request to https://192.168.99.11:5000/v2.0/tokens
DEBUG (connectionpool:387) "POST /v2.0/tokens HTTP/1.1" 200 3523
DEBUG (session:198) REQ: curl -g -i -X GET https://192.168.99.11:9322/v1/audits -H "User-Agent: python-watcherclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}79e88d64bc5734705e5daa937048bc79d6a8a5d6"
INFO (connectionpool:756) Starting new HTTPS connection (1): 192.168.99.11
/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:100: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
SSL exception connecting to https://192.168.99.11:9322/v1/audits: [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

It seems that SSL certidicate is not set into HTTPS request sent to Watcher-API

David TARDIVEL (david-tardivel)
Changed in python-watcherclient:
status: New → Confirmed
Antoine Cabot (antoinecabot)
Changed in python-watcherclient:
status: Confirmed → Triaged
importance: Undecided → Medium
milestone: none → newton-3
Antoine Cabot (antoinecabot)
Changed in python-watcherclient:
milestone: newton-3 → none
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.