Ask Your Question
0

[Ocata] nova.api.openstack Caught error: Could not determine a suitable URL for the plugin

asked 2017-09-26 09:28:18 -0500

insecure-it gravatar image

updated 2017-09-27 07:37:17 -0500

I ran yum update and now any request to the nova api fails with nova.api.openstack [-] Caught error: Could not determine a suitable URL for the plugin. I can get the token from keystone but when I use it to lookup hypervisors or a server it results in error.

List of updated packages and versions:

---> Package openstack-cinder.noarch 1:10.0.1-1.el7 will be updated
---> Package openstack-cinder.noarch 1:10.0.5-1.el7 will be an update
---> Package openstack-dashboard.noarch 1:11.0.1-2.el7 will be updated
---> Package openstack-dashboard.noarch 1:11.0.3-1.el7 will be an update
---> Package openstack-heat-api.noarch 1:8.0.1-1.el7 will be updated
---> Package openstack-heat-api.noarch 1:8.0.4-1.el7 will be an update
---> Package openstack-heat-api-cfn.noarch 1:8.0.1-1.el7 will be updated
---> Package openstack-heat-api-cfn.noarch 1:8.0.4-1.el7 will be an update
---> Package openstack-heat-common.noarch 1:8.0.1-1.el7 will be updated
---> Package openstack-heat-common.noarch 1:8.0.4-1.el7 will be an update
---> Package openstack-heat-engine.noarch 1:8.0.1-1.el7 will be updated
---> Package openstack-heat-engine.noarch 1:8.0.4-1.el7 will be an update
---> Package openstack-keystone.noarch 1:11.0.0-1.el7 will be updated
---> Package openstack-keystone.noarch 1:11.0.3-1.el7 will be an update
---> Package openstack-magnum-api.noarch 0:4.1.0-2.el7 will be updated
---> Package openstack-magnum-api.noarch 0:4.1.3-1.el7 will be an update
---> Package openstack-magnum-common.noarch 0:4.1.0-2.el7 will be updated
---> Package openstack-magnum-common.noarch 0:4.1.3-1.el7 will be an update
---> Package openstack-magnum-conductor.noarch 0:4.1.0-2.el7 will be updated
---> Package openstack-magnum-conductor.noarch 0:4.1.3-1.el7 will be an update
---> Package openstack-neutron.noarch 1:10.0.1-1.el7 will be updated
---> Package openstack-neutron.noarch 1:10.0.3-1.el7 will be an update
---> Package openstack-neutron-common.noarch 1:10.0.1-1.el7 will be updated
---> Package openstack-neutron-common.noarch 1:10.0.3-1.el7 will be an update
---> Package openstack-neutron-fwaas.noarch 1:10.0.1-1.el7 will be updated
---> Package openstack-neutron-fwaas.noarch 1:10.1.0-1.el7 will be an update
---> Package openstack-neutron-ml2.noarch 1:10.0.1-1.el7 will be updated
---> Package openstack-neutron-ml2.noarch 1:10.0.3-1.el7 will be an update
---> Package openstack-neutron-openvswitch.noarch 1:10.0.1-1.el7 will be updated
---> Package openstack-neutron-openvswitch.noarch 1:10.0.3-1.el7 will be an update
---> Package openstack-nova-api.noarch 1:15.0.3-2.el7 will be updated
---> Package openstack-nova-api.noarch 1:15.0.7-1.el7 will be an update
---> Package openstack-nova-common.noarch 1:15.0.3-2.el7 will be updated
---> Package openstack-nova-common.noarch 1:15.0.7-1.el7 will be an update
---> Package openstack-nova-conductor.noarch 1:15.0.3-2.el7 will be updated
---> Package openstack-nova-conductor.noarch 1:15.0.7-1.el7 will be an update
---> Package openstack-nova-console.noarch 1:15.0.3-2.el7 will be updated
---> Package openstack-nova-console.noarch 1:15.0.7-1.el7 will be an update
---> Package openstack-nova-novncproxy.noarch 1:15.0.3-2 ...
(more)
edit retag flag offensive close merge delete

Comments

1

Nova uses these settings from the config file to access Keystone:

auth_uri = https://hostname.domain.com:5000
auth_url = https://hostname.domain.com:35357

Are they correct? Can you try to obtain a token using the settings under [keystone_authtoken]?

Bernd Bausch gravatar imageBernd Bausch ( 2017-09-26 10:36:00 -0500 )edit

Yes, I can get a token just fine.

insecure-it gravatar imageinsecure-it ( 2017-09-27 05:04:55 -0500 )edit

Just for grins I added /v3 to auth_uri and auth_url, then I started getting [SSL: CERTIFICATE_VERIFY_FAILED] errors. I then added cafile, cert errors are gone but now it's getting an even more generic error. I've updated the post.

insecure-it gravatar imageinsecure-it ( 2017-09-27 07:25:45 -0500 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2017-09-27 10:43:09 -0500

insecure-it gravatar image

updated 2017-09-27 10:53:57 -0500

Figured it out. Thanks to Bernd Bausch, I started poking around with [keystone_authtoken] and it appears that for every config file that has [keystone_authtoken] I had to add the following:

cafile = /etc/pki/tls/certs/gd_bundle-g2-g1.crt # <= added
auth_port = 35357 # <= added
auth_protocol = https # <= added
auth_host = controller00.critical-sec.com # <= added
auth_uri = https://host.domain.com:5000/v3 # <= added /v3
auth_url = https://host.domain.com:35357/v3 # <= added /v3

Not 100% sure auth_port, auth_protocol or auth_host matter too much, but adding /v3 and cafile was absolutely needed.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2017-09-26 09:28:18 -0500

Seen: 502 times

Last updated: Sep 27 '17