How to fix Ceilometer SSLError: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

asked 2015-05-18 15:24:15 -0600

Jet gravatar image

updated 2015-05-19 08:28:05 -0600

I have a test instance of Mirantis OpenStack setup where I have all the services listening only on the managment network and HAproxy is setup with HTTPS for the public endpoints. So my endpoint list looks like

+---------------------------------------------------+--------------------------------------------------+-----------------------------------------------+
|                    publicurl                      |                  internalurl                     |                  adminurl                     |
+---------------------------------------------------+--------------------------------------------------+-----------------------------------------------+
|    https://PBC.EXT.IP.ADR:8773/services/Cloud     |     http://MGM.INT.IP.ADR:8773/services/Cloud    |   http://MGM.INT.IP.ADR:8773/services/Admin   |
|            https://PBC.EXT.IP.ADR:8777            |            http://MGM.INT.IP.ADR:8777            |          http://MGM.INT.IP.ADR:8777           |
|           https://PBC.EXT.IP.ADR:9696/            |            http://MGM.INT.IP.ADR:9696/           |          http://MGM.INT.IP.ADR:9696/          |
|          https://PBC.EXT.IP.ADR:8000/v1/          |          http://MGM.INT.IP.ADR:8000/v1/          |        http://MGM.INT.IP.ADR:8000/v1/         |
|  https://PBC.EXT.IP.ADR:8386/v1.1/%(tenant_id)s   |   http://MGM.INT.IP.ADR:8386/v1.1/%(tenant_id)s  | http://MGM.INT.IP.ADR:8386/v1.1/%(tenant_id)s |
|   https://PBC.EXT.IP.ADR:8082/v1/%(tenant_id)s    |    http://MGM.INT.IP.ADR:8082/v1/%(tenant_id)s   |  http://MGM.INT.IP.ADR:8082/v1/%(tenant_id)s  |
|   https://PBC.EXT.IP.ADR:8774/v2/%(tenant_id)s    |    http://MGM.INT.IP.ADR:8774/v2/%(tenant_id)s   |  http://MGM.INT.IP.ADR:8774/v2/%(tenant_id)s  |
|            https://PBC.EXT.IP.ADR:9292            |            http://MGM.INT.IP.ADR:9292            |          http://MGM.INT.IP.ADR:9292           |
|   https://PBC.EXT.IP.ADR:8776/v2/%(tenant_id)s    |    http://MGM.INT.IP.ADR:8776/v2/%(tenant_id)s   |  http://MGM.INT.IP.ADR:8776/v2/%(tenant_id)s  |
|   https://PBC.EXT.IP.ADR:8776/v1/%(tenant_id)s    |    http://MGM.INT.IP.ADR:8776/v1/%(tenant_id)s   |  http://MGM.INT.IP.ADR:8776/v1/%(tenant_id)s  |
|         https://PBC.EXT.IP.ADR:5000/v2.0          |          http://MGM.INT.IP.ADR:5000/v2.0         |       http://MGM.INT.IP.ADR:35357/v2.0        |
|   https://PBC.EXT.IP.ADR:8004/v1/%(tenant_id)s    |    http://MGM.INT.IP.ADR:8004/v1/%(tenant_id)s   |  http://MGM.INT.IP.ADR:8004/v1/%(tenant_id)s  |
| https://PBC.EXT.IP.ADR:8080/v1/AUTH_%(tenant_id)s | http://MGM.INT.IP.ADR:8080/v1/AUTH_%(tenant_id)s |          http://MGM.INT.IP.ADR:8080/          |
|            https://PBC.EXT.IP.ADR:8080            |            http://MGM.INT.IP.ADR:8080            |          http://MGM.INT.IP.ADR:8080           |
+---------------------------------------------------+--------------------------------------------------+-----------------------------------------------+

Now I'm using a self signed certificate and it looks like ceilometer doesn't have a way to tell it not to verify the certificate. Here is what I see in the logs (I'm guessing it is trying to use the public URL to talk to nova)

<131>May 18 20:16:04 node-51 ceilometer-agent-central Unable to discover resources: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2015-05-18 20:16:04.889 31763 TRACE ceilometer.agent Traceback (most recent call last):
2015-05-18 20:16:04.889 31763 TRACE ceilometer.agent   File "/usr/lib/python2.6/site-packages/ceilometer/agent.py", line 233, in discover
2015-05-18 20:16:04.889 31763 TRACE ceilometer.agent     discovered = discoverer.discover(self, param)
2015-05-18 20:16:04 ...
(more)
edit retag flag offensive close merge delete

Comments

The solution to your problem: https://bugs.launchpad.net/fuel/+bug/1388745 (https://bugs.launchpad.net/fuel/+bug/...)

TV gravatar imageTV ( 2015-05-21 05:41:51 -0600 )edit