Open Stack

On Fri, 2018-08-31 at 23:20 +0200, Christophe Sauthier wrote:
> Hello Jonathan
> 
> Can you describe a little more your setup (release/method of 
> installation/linux distribution) /issues that you are facing ?


It is OpenStack Queens, on CentOS 7.5, using the packages from the
centos-cloud repo (which I suppose is the same is RDO).

# uname -msr
Linux 3.10.0-862.3.2.el7.x86_64 x86_64

# rpm -qa |grep cloudkitty |sort
openstack-cloudkitty-api-7.0.0-1.el7.noarch
openstack-cloudkitty-common-7.0.0-1.el7.noarch
openstack-cloudkitty-processor-7.0.0-1.el7.noarch
openstack-cloudkitty-ui-7.0.0-1.el7.noarch
python2-cloudkittyclient-1.2.0-1.el7.noarch

It is 'deployed' with custom puppet code only.  I follow exactly the
installation guides posted here: 
https://docs.openstack.org/cloudkitty/queens/index.html

I'd prefer not to post full config files, but my [keystone_authtoken]
section of cloudkitty.conf is identical (aside from service
credentials) to the ones found in my glance, nova, cinder, neutron,
gnocchi, ceilometer, etc, all of those services are working perfectly.


My processor.log file is full of 

2018-08-31 16:38:04.086 30471 WARNING cloudkitty.orchestrator [-] Error
while collecting service network.floating: SSL exception connecting to 
https://keystone.gpcprod:5000/v3/auth/tokens: ("bad handshake:
Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate
verify failed')],)",): SSLError: SSL exception connecting to 
https://keystone.gpcprod:5000/v3/auth/tokens: ("bad handshake:
Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate
verify failed')],)",)
2018-08-31 16:38:04.094 30471 WARNING cloudkitty.orchestrator [-] Error
while collecting service image: SSL exception connecting to 
https://keystone.gpcprod:5000/v3/auth/tokens: ("bad handshake:
Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate
verify failed')],)",): SSLError: SSL exception connecting to 
https://keystone.gpcprod:5000/v3/auth/tokens: ("bad handshake:
Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate
verify failed')],)",)

and so on


But, I mean, there's other little things too.  I can see from running

'openstack --debug rating info-config-get'

that it never even loads the cacert from my env, so it fails talking to
keystone trying to get a token; the request never even gets to the
cloudkitty api endpoint.



> 
> Because we have deployed it/used it many times with SSL without 
> issue...
> 
> It could be great also that you step up on #cloudkitty to discuss it.
> 
>       Christophe
> 
> ----
> Christophe Sauthier
> CEO
> 
> Objectif Libre : Au service de votre Cloud
> 
> +33 (0) 6 16 98 63 96 | christophe.sauthier at objectif-libre.com
> 
> https://www.objectif-libre.com | @objectiflibre
> Recevez la Pause Cloud Et DevOps : https://olib.re/abo-pause
> 
> Le 2018-08-31 23:15, jonmills at gmail.com a écrit :
> > Anyone out there have Cloudkitty successfully working with SSL?  By
> > which I mean that Cloudkitty is able to talk to keystone over https
> > without cert errors, and also talk to SSL'd rabbitmq?  Oh, and the
> > client tools also?
> > 
> > Asking for a friend...
> > 
> > 
> > 
> > Jonathan
> > 
> > 
> > _______________________________________________
> > OpenStack-operators mailing list
> > OpenStack-operators at lists.openstack.org
> > 
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators