Ask Your Question
2

Error while installing openstack 'newton' using rdo packstack

asked 2016-10-08 00:40:40 -0500

linuxtechi gravatar image

Hi Folks ,

I am trying to install 3 node openstack newton on CentOS 7 using packstack. But getting below error. In the answer file i have mentioned that packstack script will create selfsign certificate at the mentioned location.

Preparing Nova VNC Proxy entries [ ERROR ]

ERROR : [Errno 2] No such file or directory: '/etc/pki/tls/certs/selfcert.crt'

~]# tail -f /var/tmp/packstack/20161008-104443-u_wbaC/openstack-setup.log File "/usr/lib/python2.7/site-packages/packstack/modules/ospluginutils.py", line 101, in generate_ssl_cert ca_file = open(config['CONFIG_SSL_CACERT_FILE'], 'rt').read() IOError: [Errno 2] No such file or directory: '/etc/pki/tls/certs/selfcert.crt'

2016-10-08 10:56:33::INFO::shell::94::root:: [192.168.43.70] Executing script: rm -rf /var/tmp/packstack/8a47dc48454c40a0a8c7856728604812 2016-10-08 10:56:34::INFO::shell::94::root:: [192.168.43.80] Executing script: rm -rf /var/tmp/packstack/844988cf4be74a6cb5b95a22c7eab220 2016-10-08 10:56:34::INFO::shell::94::root:: [192.168.43.90] Executing script: rm -rf /var/tmp/packstack/d2e704b6b353457aac455dca91efc2d6

edit retag flag offensive close merge delete

9 answers

Sort by » oldest newest most voted
0

answered 2017-01-27 02:23:22 -0500

luxusv gravatar image

It has been some time since this question was asked but today I ran into the same problem and found the solution. When CONFIG_SSL_CACERT_SELFSIGN is set to y in the config files it should automatically generate the certificates.

When looking at the sourcecode of packstack I found that you also need to set CONFIG_AMQP_ENABLE_SSL to y

If not, the certificate is not generated.

Hope this still helps in for some people running into the same problem.

edit flag offensive delete link more

Comments

Thanks, This worked. This is the simplest one.

harshamore gravatar imageharshamore ( 2017-03-09 07:14:47 -0500 )edit
2

answered 2016-10-25 08:18:51 -0500

sbikram gravatar image

Create Self-signed Certs with private keys for below. store the certs @/etc/pki/tls/certs/ and private key @ /etc/pki/tls/private/

selfcert.crt/selfcert.key

ssl_vnc.crt/ssl_vnc.key

ssl_dashboard.crt/ssl_dashboard.key

update the answer file with these locations

CONFIG_SSL_CACERT_FILE=/etc/pki/tls/certs/selfcert.crt

CONFIG_SSL_CACERT_KEY_FILE=/etc/pki/tls/private/selfkey.key

CONFIG_VNC_SSL_CERT=/etc/pki/tls/certs/ssl_vnc.crt

CONFIG_VNC_SSL_KEY=/etc/pki/tls/private/ssl_vnc.key

CONFIG_HORIZON_SSL_CERT=/etc/pki/tls/certs/ssl_dashboard.crt

CONFIG_HORIZON_SSL_KEY=/etc/pki/tls/private/ssl_dashboard.key

CONFIG_HORIZON_SSL_CACERT=/etc/pki/tls/certs/selfcert.crt

Use below command to generate certs and keys for all mentioned above openssl req -x509 -sha256 -newkey rsa:2048 -keyout /etc/pki/tls/private/selfkey.key -out /etc/pki/tls/certs/selfcert.crt -days 365 -nodes

edit flag offensive delete link more

Comments

This helped me. I installed successfully after doing all the above items. Thanks.

docularxu gravatar imagedocularxu ( 2016-12-26 22:48:26 -0500 )edit
0

answered 2016-10-22 17:29:33 -0500

efner gravatar image

Hi,

I'm also facing the same problem while I'm trying to install packstack on centos 7 . I've tried the solution which was offered here - set the CONFIG_HORIZON_SSL=n , but it didn;t help. here is a part from the log:

File "/usr/lib/python2.7/site-packages/packstack/plugins/nova_300.py", line 746, in create_vncproxy_manifest ssl_cert_file) File "/usr/lib/python2.7/site-packages/packstack/modules/ospluginutils.py", line 101, in generate_ssl_cert ca_file = open(config['CONFIG_SSL_CACERT_FILE'], 'rt').read() IOError: [Errno 2] No such file or directory: '/etc/pki/tls/certs/selfcert.crt'

2016-10-22 17:48:15::INFO::shell::94::root:: [10.0.2.15] Executing script: rm -rf /var/tmp/packstack/a8a42523289a4b0c9254d17f66b205e4

I''ll glad to get help with that.

Efner

edit flag offensive delete link more
4

answered 2016-10-18 08:13:45 -0500

Pradeep_bs gravatar image

updated 2016-10-19 02:46:48 -0500

openssl req -x509 -sha256 -newkey rsa:2048 -keyout selfkey.key -out selfcert.crt -days 1024 -nodes

run the above command on controller to generate the certificate and key and copy the selfkey.key to /etc/pki/tls/private and .crt to /etc/pki/tls/certs and proceed with installation

edit flag offensive delete link more

Comments

This helped but still failed. Packstack then tried to create and link a vnc cert, but fails. I edited CONFIG_SSL_CERT_DIR=/root/packstackca then I created /root/packtackca/certs. Finally I linked the SSL cert. ln -s /etc/pki/tls/certs/ssl_vnc.crt /root/packstackca/certs/192.168.2.100ssl_vnc.crt

ivrhall gravatar imageivrhall ( 2016-10-30 16:23:18 -0500 )edit

it's work, thanks you.

supachai.ja gravatar imagesupachai.ja ( 2016-11-01 06:18:27 -0500 )edit

Thanks, @Pradeep & @ivrhall - very helpful

M10vir gravatar imageM10vir ( 2016-11-22 14:02:42 -0500 )edit

“ ln -s /etc/pki/tls/certs/ssl_vnc.crt /root/packstackca/certs/192.168.2.100ssl_vnc.crt”

This doesn‘t work for me. Even I did ln -s, i still saw: Preparing Nova VNC Proxy entries [ ERROR ] ERROR : [Errno 2] No such file or directory: '~/packstackca/certs/10.211.55.4ssl_vnc.crt

docularxu gravatar imagedocularxu ( 2016-12-26 22:47:23 -0500 )edit
0

answered 2016-10-16 05:20:07 -0500

Rez7 gravatar image

< Just set the below parameter to NO in answers.txt file:- CONFIG_HORIZON_SSL=n >

But, what if we need to config Horizon to use SSL?!

edit flag offensive delete link more
2

answered 2016-10-15 17:14:36 -0500

RS gravatar image

Hey Guys, It is Solved

Just set the below parameter to NO in answers.txt file:- CONFIG_HORIZON_SSL=n

edit flag offensive delete link more

Comments

Correct! I also solved it by setting CONFIG_HORIZON_SSL=n At first, I set it as CONFIG_HORIZON_SSL=y; and happened the same errors. Thanks!

Helen_L gravatar imageHelen_L ( 2016-11-23 09:27:42 -0500 )edit

However, after configuring it to CONFIG_HORIZON_SSL=n, I can not have access to Horizon dashboard any more but can only the the index directory. How to solve it?

Ted Tang gravatar imageTed Tang ( 2016-12-02 08:05:14 -0500 )edit
0

answered 2016-10-12 21:30:18 -0500

long gravatar image

Nobody knows how to fix this issue?

edit flag offensive delete link more

Comments

I fixed this issue by using openstack-packstack-8.0.2-1.el7.noarch

long gravatar imagelong ( 2016-11-15 01:10:50 -0500 )edit
0

answered 2016-10-11 11:57:21 -0500

I m also facing same error during installation

edit flag offensive delete link more
0

answered 2016-10-09 09:57:09 -0500

cj308 gravatar image

I"m having same problem too..

[root@servera ~]# packstack --answer-file /root/answers.txt Welcome to the Packstack setup utility

The installation log file is available at: /var/tmp/packstack/20161009-105155-7LhBmf/openstack-setup.log

Installing: Clean Up [ DONE ] Discovering ip protocol version [ DONE ] Setting up ssh keys [ DONE ] Preparing servers [ DONE ] Pre installing Puppet and discovering hosts' details [ DONE ] Preparing pre-install entries [ DONE ] Setting up CACERT [ DONE ] Preparing AMQP entries [ DONE ] Preparing MariaDB entries [ DONE ] Fixing Keystone LDAP config parameters to be undef if empty[ DONE ] Preparing Keystone entries [ DONE ] Preparing Glance entries [ DONE ] Checking if the Cinder server has a cinder-volumes vg[ DONE ] Preparing Cinder entries [ DONE ] Preparing Nova API entries [ DONE ] Creating ssh keys for Nova migration [ DONE ] Gathering ssh host keys for Nova migration [ DONE ] Preparing Nova Compute entries [ DONE ] Preparing Nova Scheduler entries [ DONE ] Preparing Nova VNC Proxy entries [ ERROR ]

ERROR : [Errno 2] No such file or directory: '/etc/pki/tls/certs/selfcert.crt' Please check log file /var/tmp/packstack/20161009-105155-7LhBmf/openstack-setup.log for more information Additional information: * Time synchronization installation was skipped. Please note that unsynchronized time on server instances might be problem for some OpenStack components. [root@servera ~]#

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-10-08 00:40:40 -0500

Seen: 6,902 times

Last updated: Oct 22 '16