OS::Heat::WaitCondition does not work with https endpoint

asked 2016-05-10 09:05:34 -0500

sergio.traldi gravatar image

Hi, we have an Openstack production cloud in Kilo distribution with public endpoint exposed by https with ssl certificate in ha controler node, and internal endpoint in LAN in plain http. We configure heat metadata_server and heat waitcondition_server_url using https and adding the ca_files in section [clients]. We try also to configure [clients_heat] and [client_nova], but in any configuration tried (changing endpoint_type to internaURL instead of publicURL and/or putting insecure true instead false and/or putting ca_files and cert_file and key_file). When we try to use the OS::Heat:WaitCondition the template stucks after the first condition usually after the firt instance. We observe that inside the unique virtual machine created when we try to curl the heat_waitcondition_server_url endpoint exposing to port 8000 with https, the is an error because the host can not connect to https. <errorresponse><error><message>The request signature does not conform to AWS standards</message>IncompleteSignature<type>Sender</type></error></errorresponse>

If we use in template AWS::CloudFormation::WaitCondition and use curl inside template with -k option the wait condition works fine.

Can someone help us? Cheers Sergio

edit retag flag offensive close merge delete