[Openstack-operators] Nova-compute cannot connect to Keystone/SSL

Alvise Dorigo alvise.dorigo at pd.infn.it
Wed May 28 17:27:22 UTC 2014 

Hi
I’ve successfully setup the Keystone with SSL, and the services glance/nova/neutron/cinder/Horizon (API and server) to talk to Keystone/SSL (all running on the same host).

I’ve also setup the /etc/nova/nova.conf and /etc/nova/api-paste.ini to allow the nova-compute process (running on a separate host) to talk to Keystone/SSL:

api-paste.ini:

[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = cloud-areapd.pd.infn.it
auth_port = 35357
auth_protocol = https
admin_tenant_name = services
admin_user = nova
admin_password = NOVA_PASS
auth_uri = https://cloud-areapd.pd.infn.it:5000/v2.0

nova.conf:

[DEFAULT]
neutron_admin_auth_url = https://cloud-areapd.pd.infn.it:35357/v2.0

[keystone_authtoken]
auth_host = cloud-areapd.pd.infn.it
auth_protocol = https
auth_port = 35357
admin_user = nova
admin_tenant_name = services
admin_password = NOVA_PASS
cafile = /etc/grid-security/certificates/INFN-CA-2006.pem
auth_uri = https://cloud-areapd.pd.infn.it:35357/v2.0
auth_url = https://cloud-areapd.pd.infn.it:35357/v2.0

When I start a VM I get the following error in the compute.log:

2014-05-28 19:24:35.696 10673 ERROR nova.compute.manager [-] Instance failed network setup after 1 attempt(s)
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager Traceback (most recent call last):
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager   File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 1244, in _allocate_network_async
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager     dhcp_options=dhcp_options)
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager   File "/usr/lib/python2.6/site-packages/nova/network/neutronv2/api.py", line 358, in allocate_for_instance
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager     LOG.exception(msg, port_id)
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager   File "/usr/lib/python2.6/site-packages/nova/network/neutronv2/api.py", line 323, in allocate_for_instance
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager     port_req_body)
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager   File "/usr/lib/python2.6/site-packages/nova/network/neutronv2/api.py", line 393, in _populate_neutron_extension_values
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager     self._refresh_neutron_extensions_cache()
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager   File "/usr/lib/python2.6/site-packages/nova/network/neutronv2/api.py", line 377, in _refresh_neutron_extensions_cache
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager     extensions_list = neutron.list_extensions()['extensions']
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager   File "/usr/lib/python2.6/site-packages/neutronclient/v2_0/client.py", line 111, in with_params
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager     ret = self.function(instance, *args, **kwargs)
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager   File "/usr/lib/python2.6/site-packages/neutronclient/v2_0/client.py", line 294, in list_extensions
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager     return self.get(self.extensions_path, params=_params)
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager   File "/usr/lib/python2.6/site-packages/neutronclient/v2_0/client.py", line 1236, in get
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager     headers=headers, params=params)
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager   File "/usr/lib/python2.6/site-packages/neutronclient/v2_0/client.py", line 1221, in retry_request
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager     headers=headers, params=params)
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager   File "/usr/lib/python2.6/site-packages/neutronclient/v2_0/client.py", line 1150, in do_request
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager     self.httpclient.authenticate_and_fetch_endpoint_url()
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager   File "/usr/lib/python2.6/site-packages/neutronclient/client.py", line 179, in authenticate_and_fetch_endpoint_url
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager     self.authenticate()
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager   File "/usr/lib/python2.6/site-packages/neutronclient/client.py", line 239, in authenticate
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager     content_type="application/json")
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager   File "/usr/lib/python2.6/site-packages/neutronclient/client.py", line 148, in _cs_request
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager     raise exceptions.SslCertificateValidationError(reason=e)
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager SslCertificateValidationError: SSL certificate validation has failed: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-05-28 19:24:35.696 10673 TRACE nova.compute.manager 


Have I missed some configuration ?

many thanks,

	Alvise

More information about the OpenStack-operators mailing list