Issues with SSL enabled keystone endpoint - KILO

asked 2016-01-19 09:16:31 -0500

opstkusr gravatar image

updated 2016-01-19 09:20:34 -0500

Using KILO release of openstack to enable keystone ssl endpoint. Was able to update the keystone endpoint and > keystone catalog returns valid response.

Made modifications to nova.conf to talk to https keystone endpoint but > nova list command fails as follows:

 nova --debug list
DEBUG (session:195) REQ: curl -g -i --cacert "/etc/keystone/ssl/certs/ca.pem" -X GET https://test.lab.sample.com:5000/v2.0 -H "Accept: application/json" -H "User-Agent: python-keystoneclient"
INFO (connectionpool:735) Starting new HTTPS connection (1): test.lab.sample.com
/usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:251: SecurityWarning: Certificate has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
  SecurityWarning
DEBUG (connectionpool:383) "GET /v2.0 HTTP/1.1" 200 349
DEBUG (session:224) RESP: [200] content-length: 349 vary: X-Auth-Token connection: keep-alive date: Tue, 19 Jan 2016 15:03:08 GMT content-type: application/json x-openstack-request-id: req-ad7f6c3f-91e7-49c6-8900-2ff16905a2a3 
RESP BODY: {"version": {"status": "stable", "updated": "2014-04-17T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v2.0+json"}], "id": "v2.0", "links": [{"href": "https://test.lab.example.com:5000/v2.0/", "rel": "self"}, {"href": "http://docs.openstack.org/", "type": "text/html", "rel": "describedby"}]}}

DEBUG (v2:76) Making authentication request to https://test.lab.sample.com:5000/v2.0/tokens
DEBUG (connectionpool:383) "POST /v2.0/tokens HTTP/1.1" 200 3093
DEBUG (iso8601:184) Parsed 2016-01-19T16:03:08Z into {'tz_sign': None, 'second_fraction': None, 'hour': u'16', 'daydash': u'19', 'tz_hour': None, 'month': None, 'timezone': u'Z', 'second': u'08', 'tz_minute': None, 'year': u'2016', 'separator': u'T', 'monthdash': u'01', 'day': None, 'minute': u'03'} with default timezone <iso8601.iso8601.Utc object at 0x7feb722ccad0>
DEBUG (iso8601:140) Got u'2016' for 'year' with default None
DEBUG (iso8601:140) Got u'01' for 'monthdash' with default 1
DEBUG (iso8601:140) Got 1 for 'month' with default 1
DEBUG (iso8601:140) Got u'19' for 'daydash' with default 1
DEBUG (iso8601:140) Got 19 for 'day' with default 19
DEBUG (iso8601:140) Got u'16' for 'hour' with default None
DEBUG (iso8601:140) Got u'03' for 'minute' with default None
DEBUG (iso8601:140) Got u'08' for 'second' with default None
DEBUG (session:195) REQ: curl -g -i --cacert "/etc/keystone/ssl/certs/ca.pem" -X GET http://10.15.4.34:8774/v2/e6f18b749d7b40f188ae2d987cffc4ee/servers/detail -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}48e4b109cb1827e72d82cef8657fd9a8ca534c28"
INFO (connectionpool:203) Starting new HTTP connection (1): 10.15.4.34
DEBUG (connectionpool:383) "GET /v2/e6f18b749d7b40f188ae2d987cffc4ee/servers/detail HTTP/1.1" 401 23
DEBUG (session:224) RESP:
DEBUG (v2:76) Making authentication request to https://test.lab.example.com:5000/v2.0/tokens
DEBUG (connectionpool:383) "POST /v2.0/tokens HTTP/1.1" 200 3093
DEBUG (connectionpool:383) "GET /v2/e6f18b749d7b40f188ae2d987cffc4ee/servers/detail HTTP/1.1" 401 23
DEBUG (session:224) RESP:
DEBUG (shell:914) Unauthorized (HTTP ...
(more)
edit retag flag offensive close merge delete