keystone-admin-vip/1: SSL handshake failure
Hi,
I am having a heck of a time trouble shooting a problem I am having with my glance and cinder services on my controller nodes.
When I execute ...
# source openrc
# openstack-status
... I get this output ...
== Glance services ==
openstack-glance-api: active
openstack-glance-registry: active
== Keystone service ==
openstack-keystone: active (disabled on boot)
== neutron services ==
neutron-server: inactive (disabled on boot)
neutron-dhcp-agent: inactive (disabled on boot)
neutron-l3-agent: inactive (disabled on boot)
neutron-metadata-agent: inactive (disabled on boot)
neutron-lbaas-agent: inactive (disabled on boot)
== Cinder services ==
openstack-cinder-api: active
openstack-cinder-scheduler: active
openstack-cinder-volume: active
openstack-cinder-backup: active
== Support services ==
mysqld: inactive (disabled on boot)
dbus: active
target: inactive (disabled on boot)
memcached: active
== Keystone users ==
+----------------------------------+------------+---------+--------------------+
| id | name | enabled | email |
+----------------------------------+------------+---------+--------------------+
| bx055dx4eb3640x38cx667c6eef82e8d | admin | True | keystone@example.com |
| x7e6f0981e8b4431x74149e0421c3c5e | ceilometer | True | keystone@example.com |
| c519fed3cd1443a18de0b006eab4xb7e | cinder | True | keystone@example.com |
| 4bxd6c54cfe849148e8c1614415x664d | glance | True | keystone@example.com |
| 2dx96c5164074d99916b59b7b6be9658 | heat | True | keystone@example.com |
| 265d50582fdc4x5ex4160040f1e598ab | neutron | True | keystone@example.com |
| 4ccb96df211141d795207eexe78fe55b | nova | True | keystone@example.com |
+----------------------------------+------------+---------+--------------------+
== Glance images ==
Unable to establish connection to http://my-ost-rhel7.example.com:35357/v2.0/tokens
... and on my haproxy server's /var/log/messages
I see this ...
... keystone-admin-vip/1: SSL handshake failure
Also, I have noted the http
in the response Unable to establish connection to http://my-ost-rhel7.example.com:35357/v2.0/tokens
but I have throughly checked my config files on the haproxy and on the controller nodes and we are using https
anywhere a protocol is asked for. But who knows maybe I missed one.
I have even done this ...
# curl -k https://my-ost-rhel7.example.com:35357/v2.0 ; echo
{"version": {"status": "stable", "updated": "2014-04-17T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v2.0+json"}, {"base": "application/xml", "type": "application/vnd.openstack.identity-v2.0+xml"}], "id": "v2.0", "links": [{"href": "http://my-ost-rhel7.example.com:35357/v2.0/", "rel": "self"}, {"href": "http://docs.openstack.org/", "type": "text/html", "rel": "describedby"}]}}
... note the links bit of the json comes back with http and not https.
Does anyone know what would cause the keystone-admin-vip/1: SSL handshake failure
error?
I have googled and asked co-workers and nobody knows what is causing this?
Update:
Here's the output (shortened for readability) keystone endpoint-list:
----------------------------------------------------+-----------------------------------------------------+-----------------------------------------------------+
publicurl | internalurl | adminurl |
----------------------------------------------------+-----------------------------------------------------+-----------------------------------------------------+
https://my-ost-rhel7.example.com:9292 | https://my-ost-rhel7.example.com:9292 | https://my-ost-rhel7.example.com:9292
https://my-ost-rhel7.example.com:8777 | https://my-ost-rhel7.example.com:8777 | https://my-ost-rhel7.example.com:8777
http://my-ost-rhel7.example.com:8004/v1/%(tenant_id)s | http://my-ost-rhel7.example.com:8004/v1/%(tenant_id)s | http://my-ost-rhel7.example.com:8004/v1/%(tenant_id)s
https://my-ost-cloud-rhel7.example.com/swift/v1 | https://my-ost-cloud-rhel7.example.com/swift/v1 | https://my-ost-cloud-rhel7.example.com/swift/v1
https://my-ost-rhel7.example.com:8774/v2/$(tenant_id)s | https://my-ost-rhel7.example.com:8774/v2/$(tenant_id)s | https://my-ost-rhel7.example.com:8774/v2/$(tenant_id)s
https://my-ost-rhel7.example.com:5000/v2.0 | https://my-ost-rhel7.example.com:5000/v2.0 | https://my-ost-rhel7.example.com:35357/v2.0
https://my-ost-rhel7.example.com:9696 | https://my-ost-rhel7.example.com:9696 | https://my-ost-rhel7.example.com:9696
https://my-ost-rhel7.example.com:8776/v1/$(tenant_id)s | https://my-ost-rhel7.example.com:8776/v1/$(tenant_id)s | https://my-ost-rhel7.example.com:8776/v1/$(tenant_id)s