[Openstack] OpenStack Network API SSL error

Chris Mutchler cmutchle at adobe.com
Mon Apr 13 15:12:43 UTC 2015 

Rob,

Thank you for the response. It turns out it was a mixture of HTTP and HTTPS not functioning identically when I go through the load balancer to the controllers versus running the code directly on the controller itself. Once I changed the Neutron endpoint to simply use HTTP, it began working.

[cid:41160A80-A359-4D03-B257-CC28E4F51C3F]

Chris Mutchler
Compute Platform Engineer
Adobe

385.345.1038 (tel)
801.722.8555 (cell)
cmutchle at adobe.com

3900 Adobe Way
Lehi, Utah, 84043, USA
www.adobe.com




From: Rob Crittenden <rcritten at redhat.com<mailto:rcritten at redhat.com>>
Date: Monday, April 13, 2015 at 7:24 AM
To: Chris Mutchler <cmutchle at adobe.com<mailto:cmutchle at adobe.com>>, "openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>" <openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>>
Subject: Re: [Openstack] OpenStack Network API SSL error

Chris Mutchler wrote:
I've been searching Google for several hours tonight and have not found
an answer yet to this SSL error message. I am trying to execute the
following segment of code:
139         credentials = get_credentials()
140         neutron = client.Client('2.0',
141                                 username=credentials['username'],
142                                 password=credentials['password'],
143                                 auth_url=credentials['auth_url'],
144                                 tenant_name=credentials['tenant_name'],
145                                 endpoint_url=credentials['url'],
146                                 token=credentials['token'],
147                                 insecure=True)
148         response = neutron.list_ports()
When I run the Python script, it errors out with the following:
Traceback (most recent call last):
   File "getMACAddr.py", line 148, in <module>
     response = neutron.list_ports()
   File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py",
line 111, in with_params
     ret = self.function(instance, *args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py",
line 306, in list_ports
     **_params)
   File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py",
line 1250, in list
     for r in self._pagination(collection, path, **params):
   File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py",
line 1263, in _pagination
     res = self.get(path, params=params)
   File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py",
line 1236, in get
     headers=headers, params=params)
   File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py",
line 1221, in retry_request
     headers=headers, params=params)
   File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py",
line 1156, in do_request
     resp, replybody = self.httpclient.do_request(action, method, body=body)
   File "/usr/lib/python2.7/dist-packages/neutronclient/client.py", line
192, in do_request
     **kwargs)
   File "/usr/lib/python2.7/dist-packages/neutronclient/client.py", line
148, in _cs_request
     raise exceptions.SslCertificateValidationError(reason=e)
neutronclient.common.exceptions.SslCertificateValidationError: SSL
certificate validation has failed: [Errno 1] _ssl.c:510:
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
The /var/log/neutron/server.log file has the following corresponding
entry for when the script tries to make the connection:
2015-04-11 07:17:31.941 2096 INFO neutron.wsgi [-] (2096) accepted
('10.27.16.164', 34495)
When I run the CLI from the same controller node, I get the error with
or without the -insecure flag:
root at controller02:/tmp# neutron port-list
SSL certificate validation has failed: [Errno 1] _ssl.c:510:
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
root at controller02:/tmp# neutron --insecure port-list
SSL certificate validation has failed: [Errno 1] _ssl.c:510:
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
If I run the CLI command from my local Macbook Pro, it works just fine.
Ultimately, I am trying to add a port through the API but I am using the
list_ports() as a test until I get it working.
Any ideas how to solve this issue?

This type of error usually indicates that you're not talking to an
SSL-enabled server, but given that it works on one host and not another
that adds another twist.

What I'd do is add the --debug flag and see if there is any difference
between the working and non-working server. And I'd probably also try
the curl command that --debug spits out.

rob


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150413/8756e392/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 973BE342-7BE6-4CA6-BA5C-A53E1D5B8973[15].png
Type: image/png
Size: 3581 bytes
Desc: 973BE342-7BE6-4CA6-BA5C-A53E1D5B8973[15].png
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150413/8756e392/attachment.png>

More information about the Openstack mailing list