Brief Description
-----------------
The insecure option works on the system and the dcmanager commands but not the fm commands. It should work consistently. In addition, if the
commands don’t work with an ICA certificate they should. Priority is on the --insecure option.
Severity
--------
<Major: System/Feature is usable but degraded>
Expected Behavior
------------------
fm should support --insecure parameter and allow to connect against system configured with self-signed certificates or private ICA certificate.
Actual Behavior
----------------
fm does not support --insecure parameter
Brief Description
-----------------
The insecure option works on the system and the dcmanager commands but not the fm commands. It should work consistently. In addition, if the
commands don’t work with an ICA certificate they should. Priority is on the --insecure option.
Severity
--------
<Major: System/Feature is usable but degraded>
Steps to Reproduce enabled= true /(public_ fm_endpoint) :18002 --os-auth-url https:/ /(public_ keystone_ endpoint) :5000/v3 alarm-list /10.20. 2.3:18002 --os-auth-url https:/ /10.20. 2.3:5000/ v3 alarm-list
------------------
1. Enable https: system modify --https_
2. Configure remote-cli
3. Run fm alarm-list (from cli)
4. Or fm --fm-url https:/
for instance: fm --fm-url https:/
Expected Behavior
------------------
fm should support --insecure parameter and allow to connect against system configured with self-signed certificates or private ICA certificate.
Actual Behavior
----------------
fm does not support --insecure parameter
fm --insecure alarm-list domain- id OS_USER_DOMAIN_ID] domain- name OS_USER_ DOMAIN_ NAME] domain- id OS_PROJECT_ DOMAIN_ ID] domain- name OS_PROJECT_ DOMAIN_ NAME]
usage: fm [--version] [--debug] [-v] [--timeout TIMEOUT]
[--os-username OS_USERNAME] [--os-password OS_PASSWORD]
[--os-tenant-id OS_TENANT_ID] [--os-tenant-name OS_TENANT_NAME]
[--os-auth-url OS_AUTH_URL] [--os-region-name OS_REGION_NAME]
[--os-auth-token OS_AUTH_TOKEN] [--fm-url FM_URL]
[--fm-api-version FM_API_VERSION]
[--os-service-type OS_SERVICE_TYPE]
[--os-endpoint-type OS_ENDPOINT_TYPE]
[--os-user-
[--os-user-
[--os-project-id OS_PROJECT_ID] [--os-project-name OS_PROJECT_NAME]
[--os-project-
[--os-project-
<subcommand> ...
fm: error: unrecognized arguments: --insecure
Reproducibility
---------------
100% reproducible.
System Configuration ------- ------
-------
Any system with https self-signed or ICA certificate activated.
Branch/Pull Time/Commit ------- ------- --
-------
Last Pass
---------
N/A
Timestamp/Logs
--------------
after remote-cli has been configured and https_enabled enabled.
fm --debug alarm-list parse(' noauth = cinderclient. contrib. noauth: CinderNoAuthLoa der') parse(' v2token = keystoneauth1. loading. _plugins. identity. v2:Token' ) parse(' none = keystoneauth1. loading. _plugins. noauth: NoAuth' ) parse(' v3oauth1 = keystoneauth1. extras. oauth1. _loading: V3OAuth1' ) parse(' admin_token = keystoneauth1. loading. _plugins. admin_token: AdminToken' ) parse(' v3oidcauthcode = keystoneauth1. loading. _plugins. identity. v3:OpenIDConnec tAuthorizationC ode') parse(' v2password = keystoneauth1. loading. _plugins. identity. v2:Password' ) parse(' v3samlpassword = keystoneauth1. extras. _saml2. _loading: Saml2Password' ) parse(' v3password = keystoneauth1. loading. _plugins. identity. v3:Password' ) parse(' v3adfspassword = keystoneauth1. extras. _saml2. _loading: ADFSPassword' ) parse(' v3oidcaccesstok en = keystoneauth1. loading. _plugins. identity. v3:OpenIDConnec tAccessToken' ) parse(' v3oidcpassword = keystoneauth1. loading. _plugins. identity. v3:OpenIDConnec tPassword' ) parse(' v3kerberos = keystoneauth1. extras. kerberos. _loading: Kerberos' ) parse(' v3totp = keystoneauth1. loading. _plugins. identity. v3:TOTP' ) parse(' token = keystoneauth1. loading. _plugins. identity. generic: Token') parse(' v3oidcclientcre dentials = keystoneauth1. loading. _plugins. identity. v3:OpenIDConnec tClientCredenti als') parse(' v3tokenlessauth = keystoneauth1. loading. _plugins. identity. v3:TokenlessAut h') parse(' v3token = keystoneauth1. loading. _plugins. identity. v3:Token' ) parse(' v3multifactor = keystoneauth1. loading. _plugins. identity. v3:MultiFactor' ) parse(' v3applicationcr edential = keystoneauth1. loading. _plugins. identity. v3:ApplicationC redential' ) parse(' password = keystoneauth1. loading. _plugins. identity. generic: Password' ) parse(' v3fedkerb = keystoneauth1. extras. kerberos. _loading: MappedKerberos' ) /10.20. 2.3:5000/ v3 -H "Accept: application/json" -H "User-Agent: fm keystoneauth1/ 3.17.1 python- requests/ 2.22.0 CPython/2.7.5" :815) Starting new HTTPS connection (1): 10.20.2.3:5000 /10.20. 2.3:5000/ v3. Attempting to parse version from URL. /10.20. 2.3:5000/ v3/auth/ tokens :815) Starting new HTTPS connection (2): 10.20.2.3:5000 /10.20. 2.3:5000/ v3/auth/ tokens: HTTPSConnection Pool(host= '10.20. 2.3', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by SSLError( SSLError( "bad handshake: Error([('SSL routines', 'tls_process_ server_ certificate' , 'certificate verify failed')],)",),))
DEBUG (extension:189) found extension EntryPoint.
DEBUG (extension:189) found extension EntryPoint.
DEBUG (extension:189) found extension EntryPoint.
DEBUG (extension:189) found extension EntryPoint.
DEBUG (extension:189) found extension EntryPoint.
DEBUG (extension:189) found extension EntryPoint.
DEBUG (extension:189) found extension EntryPoint.
DEBUG (extension:189) found extension EntryPoint.
DEBUG (extension:189) found extension EntryPoint.
DEBUG (extension:189) found extension EntryPoint.
DEBUG (extension:189) found extension EntryPoint.
DEBUG (extension:189) found extension EntryPoint.
DEBUG (extension:189) found extension EntryPoint.
DEBUG (extension:189) found extension EntryPoint.
DEBUG (extension:189) found extension EntryPoint.
DEBUG (extension:189) found extension EntryPoint.
DEBUG (extension:189) found extension EntryPoint.
DEBUG (extension:189) found extension EntryPoint.
DEBUG (extension:189) found extension EntryPoint.
DEBUG (extension:189) found extension EntryPoint.
DEBUG (extension:189) found extension EntryPoint.
DEBUG (extension:189) found extension EntryPoint.
DEBUG (session:494) REQ: curl -g -i -X GET https:/
DEBUG (connectionpool
WARNING (base:145) Failed to discover available identity versions when contacting https:/
DEBUG (base:182) Making authentication request to https:/
DEBUG (connectionpool
Must provide Keystone credentials or user-defined endpoint and token, error was: SSL exception connecting to https:/
Test Activity
-------------
Customer Testing
Workaround
----------
There is not workaround.