Zun

SSL Error: kuryr container always restarting with kolla rocky

Bug #1811262 reported by PrinzElvis on 2019-01-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Zun	Invalid	Undecided	hongbin
	kolla-ansible	Fix Released	Undecided	hongbin

Bug Description

hi Stackers,
Am running Kolla und Kolla-ansible Release Rocky with Ubuntu_18TLS
Trying Kolla deploy Zun with SSL but having problem with SSL Error: kuryr container always restarting with kolla rocky.

And need some help from you Stackers.

230ada87999 kolladeploy.enostack.net:443/kolla/ubuntu-source-kuryr-libnetwork:rocky "kolla_start" 2 hours ago Restarting (1) 1 second ago kuryr
05c3f0e94801 kolladeploy.enostack.net:443/kolla/ubuntu-source-zun-compute:rocky "kolla_start" 5 hours ago Up 5 hours zun_compute
9c0a5cb2e04f kolladeploy.enostack.net:443/kolla/ubuntu-source-zun-wsproxy:rocky "kolla_start" 5 hours ago Up 5 hours zun_wsproxy
455e68c80c9f kolladeploy.enostack.net:443/kolla/ubuntu-source-zun-api:rocky "kolla_start" 5 hours ago Up 5 hours zun_api

2019-01-10 16:51:11.427 8 ERROR kuryr Traceback (most recent call last):
2019-01-10 16:51:11.427 8 ERROR kuryr File "/var/lib/kolla/venv/bin/kuryr-server", line 10, in <module>
2019-01-10 16:51:11.427 8 ERROR kuryr sys.exit(start())
2019-01-10 16:51:11.427 8 ERROR kuryr File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/kuryr_libnetwork/server.py", line 53, in start
2019-01-10 16:51:11.427 8 ERROR kuryr configure_app()
2019-01-10 16:51:11.427 8 ERROR kuryr File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/kuryr_libnetwork/server.py", line 28, in configure_app
2019-01-10 16:51:11.427 8 ERROR kuryr controllers.check_for_neutron_ext_support()
2019-01-10 16:51:11.427 8 ERROR kuryr File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/kuryr_libnetwork/controllers.py", line 78, in check_for_neutron_ext_support
2019-01-10 16:51:11.427 8 ERROR kuryr app.neutron.show_extension(MANDATORY_NEUTRON_EXTENSION)
2019-01-10 16:51:11.427 8 ERROR kuryr File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 780, in show_extension
2019-01-10 16:51:11.427 8 ERROR kuryr return self.get(self.extension_path % ext_alias, params=_params)
2019-01-10 16:51:11.427 8 ERROR kuryr File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 354, in get
2019-01-10 16:51:11.427 8 ERROR kuryr headers=headers, params=params)
2019-01-10 16:51:11.427 8 ERROR kuryr File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 331, in retry_request
2019-01-10 16:51:11.427 8 ERROR kuryr headers=headers, params=params)
2019-01-10 16:51:11.427 8 ERROR kuryr File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 282, in do_request
2019-01-10 16:51:11.427 8 ERROR kuryr headers=headers)
2019-01-10 16:51:11.427 8 ERROR kuryr File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/client.py", line 343, in do_request
2019-01-10 16:51:11.427 8 ERROR kuryr return self.request(url, method, **kwargs)
2019-01-10 16:51:11.427 8 ERROR kuryr File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutronclient/client.py", line 331, in request
2019-01-10 16:51:11.427 8 ERROR kuryr resp = super(SessionClient, self).request(*args, **kwargs)
2019-01-10 16:51:11.427 8 ERROR kuryr File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 213, in request
2019-01-10 16:51:11.427 8 ERROR kuryr return self.session.request(url, method, **kwargs)
2019-01-10 16:51:11.427 8 ERROR kuryr File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/keystoneauth1/session.py", line 814, in request
2019-01-10 16:51:11.427 8 ERROR kuryr resp = send(**kwargs)
2019-01-10 16:51:11.427 8 ERROR kuryr File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/keystoneauth1/session.py", line 907, in _send_request
2019-01-10 16:51:11.427 8 ERROR kuryr raise exceptions.SSLError(msg)
2019-01-10 16:51:11.427 8 ERROR kuryr SSLError: SSL exception connecting to https://api.enostack.net:9696/v2.0/extensions/subnet_allocation: HTTPSConnectionPool(host='api.enostack.net', port=9696): Max retries exceeded with url: /v2.0/extensions/subnet_allocation (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
2019-01-10 16:51:11.427 8 ERROR kuryr

Cheers
Prinz

Tags:

Revision history for this message

hongbin (hongbin034) wrote on 2019-01-11:

I will try to reproduce the error in this or next week.

Changed in zun:
assignee:	nobody → hongbin (hongbin034)

hongbin (hongbin034) on 2019-01-13

Changed in zun:
status:	New → Invalid
Changed in kolla-ansible:
assignee:	nobody → hongbin (hongbin034)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-01-13: Fix proposed to kolla-ansible (master)

Fix proposed to branch: master
Review: https://review.openstack.org/630519

Changed in kolla-ansible:
status:	New → In Progress

Revision history for this message

PrinzElvis (eno237) wrote on 2019-01-14:

Hi hongbin,

is working.

Thanks
Prinz.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-01-14: Fix merged to kolla-ansible (master)

Reviewed: https://review.openstack.org/630519
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=a98c06f1fd1c541d627b7b80ee6acd655f4963a3
Submitter: Zuul
Branch: master

commit a98c06f1fd1c541d627b7b80ee6acd655f4963a3
Author: Hongbin Lu <email address hidden>
Date: Sun Jan 13 22:36:33 2019 +0000

kuryr: use internal neutron endpoint

Kuryr-neutron communication should use internal endpoint because
public endpoint might be protected by SSL which fails the API call.

Change-Id: I3f98f14d4f481c17a4368cc5c2a184323c548193
Closes-Bug: #1811262

Changed in kolla-ansible:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-05: Fix included in openstack/kolla-ansible 8.0.0.0rc1

This issue was fixed in the openstack/kolla-ansible 8.0.0.0rc1 release candidate.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.