Tacker and Heat API

asked 2017-06-04 15:40:40 -0500

felix001 gravatar image

On installing Tacker within Ocata. I hit the following error,

root@infra1:~# tacker vnf-create --vnfd-id 276b9aed-910a-45ca-82a9-86c05d67c4d3 test
Request Failed: internal server error while processing your request.

On digging into the tacker logs I saw,

2017-06-02 12:05:33.490 22372 ERROR tacker.api.v1.resource   File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 678, in _send_request
2017-06-02 12:05:33.490 22372 ERROR tacker.api.v1.resource     raise exceptions.SSLError(msg)
2017-06-02 12:05:33.490 22372 ERROR tacker.api.v1.resource SSLError: SSL exception connecting to https://192.168.3.11:8004/v1/18d6c1d6d36f41fb81c02e9c5451ddfc/resource_types/OS%3A%3ANeutron%3A%3APort: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)

Based on this it looked like Tacker was hitting the pubic endpoint for heat. The public endpoints are HTTPS, but it was unable to verify the cert and in turn the SSL handshake failed. Any ideas of solutions or if anyone has seen this before?

As a workaround I change the heat endpoint to be HTTP only, Which has worked as a temp workaround. But would be good to know if there is a way to resolve this by switching tacker to use the internal endpoint, so I could keeo SSL on the heat public endpoint.

Thanks,

edit retag flag offensive close merge delete