Questions & Answers

Deploying pnda cluster on ssl enabled openstack

0 votes
asked Oct 11, 2017 by Saqib Arfeen (560 points)
Hi ,
I want to ask that does pnda supports openstack with ssl. ?
Basically, I have openstack ocata with ssl enabled for openstack keystone, swift etc.

The ./heat_cli -e cation  create command is stuck on :-
 [saltmaster_server]: CREATE_COMPLETE  state changed
 [deploy_package]: CREATE_IN_PROGRESS  state changed
and when I ssh the saltmaster server, there I find these messages in /var/log/syslog :-

Oct 11 14:59:45 den-saltmaster os-collect-config: /opt/stack/venvs/os-collect-config/local/lib/python2.7/site-packages/urllib3/util/ssl_.py:137: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
Oct 11 14:59:45 den-saltmaster os-collect-config:   InsecurePlatformWarning
Oct 11 14:59:45 den-saltmaster os-collect-config: HTTPSConnectionPool(host='overcloud.localdomain', port=13808): Max retries exceeded with url: /v1/AUTH_1770da95dc1d4b7397535b46e27f32ac/den-saltmaster_server-3rgvooi5xveb/72169c75-fa15-4a0c-8fab-f7aa0c1f62ab?temp_url_sig=688c3c0b504a4e11e840e736b3a5544103489669&temp_url_expires=2147483586 (Caused by SSLError(SSLError(1, '_ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed'),))
Oct 11 14:59:45 den-saltmaster os-collect-config: Source [request] Unavailable.

Any help is highly appreciated!
Saqib

1 Answer

0 votes
answered Nov 3, 2017 by trsmith2 (3,440 points)
We don't regularly test with SSL enabled OpenStack Ocata so we haven't run into this. It looks like a generic problem with certificate validation in os-collect-config and might be worth following up with them here https://github.com/openstack/os-collect-config .
...