[Openstack-operators] Problems with ec2-service on Ocata

Massimo Sgaravatto massimo.sgaravatto at gmail.com
Thu Jun 8 14:37:16 UTC 2017 

Looks like setting:

enable_proxy_headers_parsing=true

in nova,conf helped.

Actually it still doesn't work, but for other reasons (Expecting to find
domain in project. The server could not comply with the request since it is
either malformed or otherwise incorrect. The client is assumed to be in
error)

Cheers, Massimo

2017-06-08 9:40 GMT+02:00 Massimo Sgaravatto <massimo.sgaravatto at gmail.com>:

> I am indeed using a HAProxy which also acts as SSL proxy.
>
> And, indeed I have the same problem using the nova CLI:
>
> # nova list
> ERROR (ConnectFailure): Unable to establish connection to
> http://cloud-areapd-test.pd.infn.it:8774/v2.1/: ('Connection aborted.',
> BadStatusLine("''",))
>
> while the openstack cli works (i.e. "openstack server list" works).
>
> I tried to set:
>
> compute_link_prefix= https://cloud-areapd-test.pd.infn.it:8774/v2.
>
> as you suggested (I hope to had your comment right), but this didn't help
> ...
>
> Cheers, Massimo
>
> 2017-06-07 19:21 GMT+02:00 Sean Dague <sean at dague.net>:
>
>> Are you using a tls proxy in front of Nova API? if so, you need to
>> adjust the osapi compute_link_prefix -
>> https://docs.openstack.org/ocata/config-reference/compute/api.html to be
>> the https url, otherwise it will autodetect as http. The ec2-service (or
>> novaclient) is probably doing link following from returned links, and
>> thus fails hitting the http ones.
>>
>>         -Sean
>>
>> On 06/07/2017 12:18 PM, Massimo Sgaravatto wrote:
>> > Hi
>> >
>> > We are trying to configure the ec2-service on a Ocata OpenStack
>> > installation.
>> >
>> > If I try a euca-describe-images it works, but if I try to get the list
>> > of instances (euca-describe-instances) it fails.
>> > Looking at the log [*], it looks like to me that it initially uses the
>> > correct nova endpoint:
>> >
>> > https://cloud-areapd-test.pd.infn.it:8774/v2.1
>> >
>> > but then it tries to use:
>> >
>> > http://cloud-areapd-test.pd.infn.it:8774/v2.1
>> >
>> > i.e. http instead of https, and the connection fails, as expected.
>> > I am not able to understand why it tries to use that endpoint ...
>> >
>> > Any hints ?
>> >
>> > Thanks, Massimo
>> >
>> >
>> > [*]
>> > 2017-06-07 18:10:10.371 16470 DEBUG ec2api.wsgi.server [-] (16470)
>> > accepted ('192.168.60.24', 45185) server
>> > /usr/lib/python2.7/site-packages/eventlet/wsgi.py:867
>> > 2017-06-07 18:10:10.549 16470 DEBUG ec2api.api
>> > [req-7aa79c03-bf95-4e4d-9795-0c7d2d2b84a2
>> > 30de175a645a4258984bdb89cbf436f5 b9629ae5c480455397cfaa5ab0c2db43 - -
>> -]
>> > action: DescribeInstances __call__
>> > /usr/lib/python2.7/site-packages/ec2api/api/__init__.py:286
>> > 2017-06-07 18:10:10.565 16470 DEBUG novaclient.v2.client
>> > [req-7aa79c03-bf95-4e4d-9795-0c7d2d2b84a2
>> > 30de175a645a4258984bdb89cbf436f5 b9629ae5c480455397cfaa5ab0c2db43 - -
>> -]
>> > REQ: curl -g -i --cacert
>> > "/etc/grid-security/certificates/INFN-CA-2015.pem" -X GET
>> > https://cloud-areapd-test.pd.infn.it:8774/v2.1 -H "User-Agent:
>> > python-novaclient" -H "Accept: application/json" -H
>> > "X-OpenStack-Nova-API-Version: 2.1" -H "X-Auth-Token:
>> > {SHA1}9f9eb3c7cea14ac54b243338281afa0a59b3d06b" _http_log_request
>> > /usr/lib/python2.7/site-packages/keystoneclient/session.py:216
>> > 2017-06-07 18:10:11.320 16470 DEBUG novaclient.v2.client
>> > [req-7aa79c03-bf95-4e4d-9795-0c7d2d2b84a2
>> > 30de175a645a4258984bdb89cbf436f5 b9629ae5c480455397cfaa5ab0c2db43 - -
>> -]
>> > RESP: [302] Content-Type: text/plain; charset=utf8 Location:
>> > http://cloud-areapd-test.pd.infn.it:8774/v2.1/ X-Compute-Request-Id:
>> > req-6ed38429-784b-4fc9-a80d-f886b106ba6e Content-Length: 0 Date: Wed,
>> 07
>> > Jun 2017 16:10:11 GMT Connection: close
>> > RESP BODY: Omitted, Content-Type is set to text/plain; charset=utf8.
>> > Only application/json responses have their bodies logged.
>> >  _http_log_response
>> > /usr/lib/python2.7/site-packages/keystoneclient/session.py:256
>> > 2017-06-07 18:10:11.323 16470 ERROR ec2api.api
>> > [req-7aa79c03-bf95-4e4d-9795-0c7d2d2b84a2
>> > 30de175a645a4258984bdb89cbf436f5 b9629ae5c480455397cfaa5ab0c2db43 - -
>> -]
>> > Unexpected ConnectFailure raised: Unable to establish connection to
>> > http://cloud-areapd-test.pd.infn.it:8774/v2.1/
>> > 2017-06-07 18:10:11.323 16470 ERROR ec2api.api Traceback (most recent
>> > call last):
>> >
>> >
>> >
>> > _______________________________________________
>> > OpenStack-operators mailing list
>> > OpenStack-operators at lists.openstack.org
>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>> >
>>
>>
>> --
>> Sean Dague
>> http://dague.net
>>
>> _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20170608/404462c6/attachment.html>

More information about the OpenStack-operators mailing list