zaqar

Enabling TLS will cause SSLError

Bug #1890558 reported by Zijian Guo on 2020-08-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	zaqar	Fix Released	High	Zijian Guo	zaqar victoria-2

Bug Description

The verify parameter is not passed in when creating a session in zaqar/common/auth.py

2020-08-06 11:27:02.192 8 WARNING keystoneauth.identity.generic.base [req-b07405a0-5e91-4fc2-80ad-01f23a3cd82e a68fc37955074d509bfd321e7063d72e 7f61ef0c1ff74236b8f917189a921e3e - default default] [project_id:7f61ef0c1ff74236b8f917189a921e3e] Failed to discover available identity versions when contacting https://vip.qs.in:35357. Attempting to parse version from URL.: SSLError: SSL exception connecting to https://vip.qs.in:35357: HTTPSConnectionPool(host='vip.qs.in', port=35357): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)'),))
2020-08-06 11:27:02.195 8 ERROR zaqar.transport.wsgi.driver [req-b07405a0-5e91-4fc2-80ad-01f23a3cd82e a68fc37955074d509bfd321e7063d72e 7f61ef0c1ff74236b8f917189a921e3e - default default] [project_id:7f61ef0c1ff74236b8f917189a921e3e] Could not find versioned identity endpoints when attempting to authenticate. Please check that your auth_url is correct. SSL exception connecting to https://vip.qs.in:35357: HTTPSConnectionPool(host='vip.qs.in', port=35357): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)'),)): DiscoveryFailure: Could not find versioned identity endpoints when attempting to authenticate. Please check that your auth_url is correct. SSL exception connecting to https://vip.qs.in:35357: HTTPSConnectionPool(host='vip.qs.in', port=35357): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)'),))
2020-08-06 11:27:02.195 8 ERROR zaqar.transport.wsgi.driver Traceback (most recent call last):
2020-08-06 11:27:02.195 8 ERROR zaqar.transport.wsgi.driver File "falcon/api.py", line 244, in falcon.api.API.__call__
2020-08-06 11:27:02.195 8 ERROR zaqar.transport.wsgi.driver responder(req, resp, **params)
2020-08-06 11:27:02.195 8 ERROR zaqar.transport.wsgi.driver File "/usr/lib/python2.7/site-packages/zaqar/common/decorators.py", line 48, in wrapper
2020-08-06 11:27:02.195 8 ERROR zaqar.transport.wsgi.driver return func(*args, **kwargs)
2020-08-06 11:27:02.195 8 ERROR zaqar.transport.wsgi.driver File "/usr/lib/python2.7/site-packages/zaqar/transport/acl.py", line 48, in handler
2020-08-06 11:27:02.195 8 ERROR zaqar.transport.wsgi.driver return func(*args, **kwargs)
2020-08-06 11:27:02.195 8 ERROR zaqar.transport.wsgi.driver File "/usr/lib/python2.7/site-packages/zaqar/transport/wsgi/v2_0/subscriptions.py", line 241, in on_post
2020-08-06 11:27:02.195 8 ERROR zaqar.transport.wsgi.driver str(expires), api_version)
2020-08-06 11:27:02.195 8 ERROR zaqar.transport.wsgi.driver File "/usr/lib/python2.7/site-packages/zaqar/notification/notifier.py", line 117, in send_confirm_notification
2020-08-06 11:27:02.195 8 ERROR zaqar.transport.wsgi.driver endpoint_dict = auth.get_public_endpoint()
2020-08-06 11:27:02.195 8 ERROR zaqar.transport.wsgi.driver File "/usr/lib/python2.7/site-packages/zaqar/common/auth.py", line 84, in get_public_endpoint
2020-08-06 11:27:02.195 8 ERROR zaqar.transport.wsgi.driver catalogs = auth.get_auth_ref(zaqar_session).service_catalog
2020-08-06 11:27:02.195 8 ERROR zaqar.transport.wsgi.driver File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/generic/base.py", line 206, in get_auth_ref
2020-08-06 11:27:02.195 8 ERROR zaqar.transport.wsgi.driver self._plugin = self._do_create_plugin(session)
2020-08-06 11:27:02.195 8 ERROR zaqar.transport.wsgi.driver File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/generic/base.py", line 161, in _do_create_plugin
2020-08-06 11:27:02.195 8 ERROR zaqar.transport.wsgi.driver 'auth_url is correct. %s' % e)
2020-08-06 11:27:02.195 8 ERROR zaqar.transport.wsgi.driver DiscoveryFailure: Could not find versioned identity endpoints when attempting to authenticate. Please check that your auth_url is correct. SSL exception connecting to https://vip.qs.in:35357: HTTPSConnectionPool(host='vip.qs.in', port=35357): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)'),))

wanghao (wanghao749) on 2020-08-10

Changed in zaqar:
importance:	Undecided → High
assignee:	nobody → Zijian Guo (zijianguo)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-08-19: Fix merged to zaqar (master)

Reviewed: https://review.opendev.org/745099
Committed: https://git.openstack.org/cgit/openstack/zaqar/commit/?id=d4cece4b815a67132f7522fb2dd84a02b478756d
Submitter: Zuul
Branch: master

commit d4cece4b815a67132f7522fb2dd84a02b478756d
Author: ZijianGuo <email address hidden>
Date: Thu Aug 6 17:07:37 2020 +0800

Fix SSLError caused by not passing the cafile

When tls is enabled, the cafile needs to be passed in the session.

    Change-Id: I176e3876f2652608aaf51b0f74f4d971d31253e2
    Closes-Bug: #1890558
    Signed-off-by: ZijianGuo <email address hidden>

Changed in zaqar:
status:	In Progress → Fix Released

wanghao (wanghao749) on 2020-08-27

Changed in zaqar:
milestone:	none → victoria-2

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.