Comment 7 for bug 1827206

Revision history for this message
wanghejun (wanghejun) wrote :

Hello,
    I recently mainly analyzed the log information of the command and the script code related to the http status code. Currently, I have not found a place to set the status code.In the course of the investigation, there are several speculations.
    1.code return value 200 indicates that the server and the client are successfully connected, and successfully received the POST request, and has not performed the related operations of the certificate installation, so it returns 200.
    2.The format of the command "system --debug certificate-install -m dummy mykey.pem" is correct. The parameter mode is set incorrectly (dummy). The http server does not recognize the error.
    3.http status code is a standard numeric code common to HTTP. In openstack, the corresponding code return value judgment processing, whether it may have been encapsulated, is directly obtained through system functions during use.

    The following are two cases (mode=default) that I debug this command, for reference only.
    case1:
      [sysadmin@controller-0 ~(keystone_admin)]$ system --debug certificate-install mykey.pem
      DEBUG (base:187) Making authentication request to http://192.178.204.2:5000/v3/auth/tokens
      DEBUG (connectionpool:207) Starting new HTTP connection (1): 192.178.204.2
      DEBUG (connectionpool:395) http://192.178.204.2:5000 "POST /v3/auth/tokens HTTP/1.1" 201 4540
      .......
      DEBUG (connectionpool:207) Starting new HTTP connection (1): 192.178.204.2
      DEBUG (connectionpool:395) http://192.178.204.2:6385 "POST /v1/certificate/certificate_install HTTP/1.1" 200 82
      Certificate mykey.pem not installed: No certificates have been added, https is not enabled.

    case2:
      [sysadmin@controller-0 ~(keystone_admin)]$ system modify --https_enabled=True
      [sysadmin@controller-0 ~(keystone_admin)]$ system --debug certificate-install mykey.pem
      DEBUG (base:187) Making authentication request to http://192.178.204.2:5000/v3/auth/tokens
      DEBUG (connectionpool:207) Starting new HTTP connection (1): 192.178.204.2
      DEBUG (connectionpool:395) http://192.178.204.2:5000 "POST /v3/auth/tokens HTTP/1.1" 201 4540
      ......
      DEBUG (connectionpool:207) Starting new HTTP connection (1): 192.178.204.2
      DEBUG (connectionpool:395) http://192.178.204.2:6385 "POST /v1/certificate/certificate_install HTTP/1.1" 500 0
      Certificate mykey.pem not installed: Expecting value: line 1 column 1 (char 0)

    The error in case 2 above (code=500) may be because HTTPS does not currently support container configuration, see https://wiki.openstack.org/wiki/StarlingX/Containers/Limitations.

    According to the code "/usr/lib64/python2.7/site-packages/sysinv/api/controllers/v1/certificate.py", the parameter mode in the command is defined as follows:
         default: install certificate for ssl
         tpm_mode: install certificate to tpm devices for ssl
         docker_registry: install certificate for docker registry
         openstack: install certificate for openstack
         openstack_ca: install ca certificate for openstack

    If you have good suggestions, welcome to share.