Ask Your Question
0

Invalid cert to bundle http://173.203.107.207/ubuntu-lucid.tar

asked 2010-11-17 05:44:40 -0500

tonytkdk gravatar image

when I try to bundle the image i got from the link. http://wiki.openstack.org/NovaInstallFestInstructions?highlight=%28twisted%29 (http://wiki.openstack.org/NovaInstall...)

========================================================= root@openstack:~# euca-bundle-image -i vmlinuz-2.6.32-23-server --kernel true

Invalid cert

edit retag flag offensive close merge delete
add a comment

3 answers

Sort by ยป oldest newest most voted
0

answered 2010-11-18 03:28:00 -0500

tonytkdk gravatar image

solution:

before nova.sh run do nova-manage project zipfile <project_name> <you_name>

in novascript is admin admin, and if you want to change these, you have to delete admin admin and then add your own project_name & you_name.

edit flag offensive delete link more
add a comment
0

answered 2010-11-17 08:01:06 -0500

tonytkdk gravatar image

I think it might bcz i use novascript to install and run nova. there are no pk.pem in /nova or /nova/CA

how to create the certification ?

I use nova-manage to create certification by

root@openstack:/# nova-manage project zipfile admin admin

INFO:root:backend <module 'nova.db.sqlalchemy.api'="" from="" '="" nova="" nova="" db="" sqlalchemy="" api.pyc'=""> DEBUG:root:openssl genrsa -out /tmp/tmpppQPnM/temp.key 1024 DEBUG:root:Running openssl genrsa -out /tmp/tmpppQPnM/temp.key 1024 Generating RSA private key, 1024 bit long modulus ..++++++ ...............................++++++ e is 65537 (0x10001) DEBUG:root:Generating private key: 0 DEBUG:root:Running openssl req -new -key /tmp/tmpppQPnM/temp.key -out /tmp/tmpppQPnM/temp.csr -batch -subj /C=US/ST=California/L=MountainView/O=AnsoLabs/OU=NovaDev/CN=admin-2010-11-17T07:44:12Z DEBUG:root:Generating CSR: 0 DEBUG:root:Flags path: /nova/nova/../CA DEBUG:root:Running openssl ca -batch -out /tmp/tmpay2iF7/outbound.crt -config ./openssl.cnf -infiles /tmp/tmpay2iF7/inbound.csr Using configuration from ./openssl.cnf error loading the config file './openssl.cnf' 32067:error:02001002:system library:fopen:No such file or directory:bss_file.c:126:fopen('./openssl.cnf','rb') 32067:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:129: 32067:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:197: DEBUG:root:Signing cert: 1 Traceback (most recent call last): File "/nova/bin/nova-manage", line 508, in <module> main() File "/nova/bin/nova-manage", line 500, in main fn(*argv) File "/nova/bin/nova-manage", line 362, in zipfile zip_file = self.manager.get_credentials(user_id, project_id) File "/nova/nova/auth/manager.py", line 635, in get_credentials private_key, signed_cert = self._generate_x509_cert(user.id, pid) File "/nova/nova/auth/manager.py", line 697, in _generate_x509_cert signed_cert = crypto.sign_csr(csr, pid) File "/nova/nova/crypto.py", line 129, in sign_csr return _sign_csr(csr_text, FLAGS.ca_path) File "/nova/nova/crypto.py", line 152, in _sign_csr (tmpfolder, tmpfolder)) File "/nova/nova/utils.py", line 132, in runthis cmd=cmd) nova.exception.ProcessExecutionError: Unexpected error while running command. Command: openssl ca -batch -out /tmp/tmpay2iF7/outbound.crt -config ./openssl.cnf -infiles /tmp/tmpay2iF7/inbound.csr Exit code: 1 Stdout: None

Stderr: None

the result is failed ........

I tried to solve it by creating a new administrator or user of nova.

$root@openstack:/# nova-manage user create hugo INFO:root:backend <module 'nova.db.sqlalchemy.api'="" from="" '="" nova="" nova="" db="" sqlalchemy="" api.pyc'=""> export EC2_ACCESS_KEY=6379efc7-c12f-44cf-8e83-e1eeeecb4175 export EC2_SECRET_KEY=0824e427-97f7-4087-a457-4e77951461e0

$root@openstack:/# nova-manage project create hugopro hugo INFO:root:backend <module 'nova.db.sqlalchemy.api'="" from="" '="" nova="" nova="" db="" sqlalchemy="" api.pyc'="">

$root@openstack:/# nova-manage project zipfile hugopro hugo INFO:root:backend <module 'nova.db.sqlalchemy.api'="" from="" '="" nova="" nova="" db="" sqlalchemy="" api.pyc'=""> DEBUG:root:openssl genrsa -out /tmp/tmp4QcKtR/temp.key 1024 DEBUG:root:Running openssl genrsa -out /tmp/tmp4QcKtR/temp.key 1024 Generating RSA private key, 1024 bit long modulus ........++++++ .++++++ e is 65537 (0x10001) DEBUG:root:Generating private key: 0 DEBUG:root:Running openssl req -new -key /tmp/tmp4QcKtR/temp.key -out /tmp/tmp4QcKtR/temp ... (more)

edit flag offensive delete link more
add a comment
0

answered 2010-11-17 19:43:11 -0500

rlucio gravatar image

Ah! I know this one.

This is an oddity, since out of the box the Nova daemons usually fail to start... so you set the configuration and do the nova-manage steps before starting them. What I am trying to say is that its just an order of operations issue.

When you run nova-api the first time, it generates the CA stuff, including openssl.cnf. Then you should be able to go back to nova-manage to create your zipfile. This might be worth converting into a bug report or at least a documentation update IMHO.

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2010-11-17 05:44:40 -0500

Seen: 68 times

Last updated: Nov 18 '10

Related questions

No files in /var/lib/nova/instances

set bucket acl in nova-objectstore

Instance Limit of 10

Network configuration / Can't ping or ssh to our instances

AMQP ECONNREFUSED on Essex

nova get-vnc-console does not return VNC url. Fails with HTTP 500 error

OS API format of blob

nova-instancemonitor libvirt issue

the instance always stay in spawning state

VMware with nova compute issue br100 not found