<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:396365231;
mso-list-type:hybrid;
mso-list-template-ids:-1925694330 -776994634 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0D8;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hello Jesse,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I tried turning SSL on quantum and I am running into a problem. I have a compute node with nova running on it and everything else running on a controller node.
When I change quantum to use its wsgi interface, I am getting an error from the quantum-server.log file:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:11.0pt;font-family:Wingdings;color:#1F497D"><span style="mso-list:Ignore">Ø<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 14:08:56 2013] [debug] ssl_engine_kernel.c(1879): OpenSSL: Read: SSLv3 read client certificate A<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:11.0pt;font-family:Wingdings;color:#1F497D"><span style="mso-list:Ignore">Ø<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 14:08:56 2013] [debug] ssl_engine_kernel.c(1898): OpenSSL: Exit: failed in SSLv3 read client certificate A<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:11.0pt;font-family:Wingdings;color:#1F497D"><span style="mso-list:Ignore">Ø<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 14:08:56 2013] [info] [client 192.168.124.81] SSL library error 1 in handshake (server 192.168.124.81:<span style="background:yellow;mso-highlight:yellow">443</span>)<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:11.0pt;font-family:Wingdings;color:#1F497D"><span style="mso-list:Ignore">Ø<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 14:08:56 2013] [info] SSL Library Error: 336151576 error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">What catches my eye is number 443. I have no idea where that is getting set. Nova is configured on the compute node to respond to port 8774.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I am also getting an error in the nova/osapi.log file:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [info] Initial (No.1) HTTPS request received for child 3 (server d00-50-56-8e-79-e7.cloudos.org:8774)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 ERROR nova.api.openstack [req-5183001e-8ca2-4f52-9c56-47ced4cf0570 45c1e6999c0145348d889c5184e4cae5
bf916cad55494d548b4a3a5de78b87a6] Caught error: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack Traceback (most recent call last):<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/nova/api/openstack/__init__.py",
line 81, in __call__<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack return req.get_response(self.application)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1296,
in send<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack application, catch_exc_info=False)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1260,
in call_application<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack app_iter = application(self.environ, start_response)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 144,
in __call__<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack return resp(environ, start_response)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py",
line 450, in __call__<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack return self.app(env, start_response)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 144,
in __call__<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack return resp(environ, start_response)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 144,
in __call__<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack return resp(environ, start_response)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/routes/middleware.py", line
131, in __call__<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack response = self.app(environ, start_response)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 144,
in __call__<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack return resp(environ, start_response)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 130,
in __call__<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack resp = self.call_func(req, *args, **self.kwargs)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 195,
in call_func<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack return self.func(req, *args, **kwargs)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/nova/api/openstack/wsgi.py",
line 890, in __call__<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack content_type, body, accept)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/nova/api/openstack/wsgi.py",
line 969, in _process_stack<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack request, action_args)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/nova/api/openstack/wsgi.py",
line 863, in post_process_extensions<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack **action_args)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/nova/api/openstack/compute/contrib/security_groups.py",
line 537, in detail<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack self._extend_servers(req, list(resp_obj.obj['servers']))<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/nova/api/openstack/compute/contrib/security_groups.py",
line 487, in _extend_servers<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack .get_instances_security_groups_bindings(context))<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/nova/network/security_group/quantum_driver.py",
line 252, in get_instances_security_groups_bindings<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack ports = quantum.list_ports().get('ports')<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py",
line 107, in with_params<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack ret = self.function(instance, *args, **kwargs)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py",
line 255, in list_ports<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack **_params)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py",
line 996, in list<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack for r in self._pagination(collection, path, **params):<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py",
line 1009, in _pagination<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack res = self.get(path, params=params)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py",
line 982, in get<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack headers=headers, params=params)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py",
line 967, in retry_request<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack headers=headers, params=params)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py",
line 912, in do_request<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack self._handle_fault_response(status_code, replybody)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py",
line 893, in _handle_fault_response<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack exception_handler_v20(status_code, des_error_body)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py",
line 87, in exception_handler_v20<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack message=message)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack QuantumClientException: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [error] 2013-11-27 16:50:35.617 31236 TRACE nova.api.openstack<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">10.1.184.2 - - [27/Nov/2013:16:50:35 -0600] "GET /v2/bf916cad55494d548b4a3a5de78b87a6/servers/detail?project_id=bf916cad55494d548b4a3a5de78b87a6 HTTP/1.1" 500
3120 "-" "python-novaclient"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [debug] ssl_engine_kernel.c(1884): OpenSSL: Write: SSL negotiation finished successfully<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">[Wed Nov 27 16:50:35 2013] [info] [client 10.1.184.2] Connection closed to child 3 with standard shutdown (server d00-50-56-8e-79-e7.cloudos.org:8774)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Do you have any suggestions? I have also been unable to find any vhost templates for quantum. I have created my own CA and used it to sign server certificates.
To enable using a single certificate for multiple IP addresses for the same server, I have implemented alt_names.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Mark<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Jesse Pretorius [mailto:jesse.pretorius@gmail.com]
<br>
<b>Sent:</b> Thursday, November 14, 2013 12:43 AM<br>
<b>To:</b> OpenStack Development Mailing List (not for usage questions)<br>
<b>Subject:</b> Re: [openstack-dev] Nova SSL Apache2 Question<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 13 November 2013 23:39, Miller, Mark M (EB SW Cloud - R&D - Corvallis) <<a href="mailto:mark.m.miller@hp.com" target="_blank">mark.m.miller@hp.com</a>> wrote:<o:p></o:p></p>
<div>
<div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<p class="MsoNormal" style="margin-bottom:12.0pt">I finally found a set of web pages that has a working set of configuration files for the major OpenStack services "
<a href="http://andymc-stack.co.uk/2013/07/apache2-mod_wsgi-openstack-pt-2-nova-api-os-compute-nova-api-ec2/" target="_blank">
http://andymc-stack.co.uk/2013/07/apache2-mod_wsgi-openstack-pt-2-nova-api-os-compute-nova-api-ec2/</a> " by Andy Mc. I skipped ceilometer and have the rest of the services working except quantum with self-signed certificates on a Grizzly-3 OpenStack instance.
Now I am stuck trying to figure out how to get quantum to accept self-signed certificates.<br>
<br>
My goal is to harden my Grizzly-3 OpenStack instance using SSL and self-signed certificates. Later I will do the same for Havana bits and use real/valid certificates.<o:p></o:p></p>
</blockquote>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I struggled with getting this all to work correctly for a few weeks, then eventually gave up and opted instead to use an Apache reverse proxy to front-end the native services. I just found that using an Apache/wsgi configuration doesn't
completely work. It would certainly help if this configuration was implemented into the Openstack testing regime to help all the services become first-class citizens as a wsgi process behind Apache.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I would suggest that you review the wsgi files and vhost templates in the rcbops chef cookbooks for each service. They include my updates to Andy's original blog items to make things work properly.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I found that while Andy's stuff appears to work, it becomes noticeable that it works in a read-only fashion. I managed to get keystone/nova confirmed to work properly, but glance just would not work - I could never upload any images and
if caching/management was turned off in the glance service then downloading images didn't work either.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Good luck - if you do get a fully working config it'd be great to get feedback on the adjustments you had to make to get it working.<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>