Hi all,

this is my first post on this mailing list especially for "kolla" related issues.

Hope you can help and hope this is the right channel to reuqest support.

I have a problem with Magnum during the creation of a K8S cluster.

The request gets timed out.

Looking at the magnum-conductor logs I can see:

Failed to contact the endpoint at https://<External IP>:5000 for discovery. Fallback to using that endpoint as the base url.: SSLError: SSL exception connecting to https:// <External IP> :5000: HTTPSConnectionPool(host=' <External IP> ', port=5000): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))

I had a similar issue with Kuryr. the service is trying to contact keystone over the external IP address without certificates.

In kuryr, the workaround was to set the "endpoint_type" for neutron to "internal".

In magnum.conf that's already the situation.

Any suggestion on how to address this issue ?

Here you can find some details about the deployment:

---------------------------

Host nodes: Baremetal

OS: Queens

kolla-ansible: 6.1.0

Deployment: multinode (1+1). Kolla installed on the controller host

kolla_install_type: source

kolla_base_distro: ubuntu

External/internal interfaces: separated

kolla_enable_tls_external: "yes"

Services:

enable_cinder: "yes"

enable_cinder_backend_lvm: "yes"

enable_etcd: "yes"

enable_fluentd: "yes"

enable_haproxy: "yes"

enable_heat: "yes"

enable_horizon: "yes"

enable_horizon_magnum: "{{ enable_magnum | bool }}"

enable_horizon_zun: "{{ enable_zun | bool }}"

enable_kuryr: "yes"

enable_magnum: "yes"

enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' }}"

enable_zun: "yes"

glance_backend_file: "yes"

nova_compute_virt_type: "qemu"

---------------------------

BR and many thanks in advance

/Giuseppe