[magnum] podman fedora-coreos authorization failed: SSL exception connecting on keystone

Ionut Biru ionut at fleio.com
Wed Jan 22 07:53:31 UTC 2020 

Hello,

I don't have cafile configured in keystone_authtoken and keystone_auth. I
did copied letsencrypt cafile and configured it but now magnum cannot
communicate with keystone even at simple as coe cluster list.

 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Could
not find versioned identity endpoints when attempting to authenticate.
 (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines',
'tls_process_server_certificate', 'certificate verify ies exceeded with
url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines',
'tls_process_server_certificate', 'certificate verify failed')],)",),)

On Wed, Jan 22, 2020 at 3:02 AM Feilong Wang <feilong at catalyst.net.nz>
wrote:

> Hi Ionut,
>
> Would you mind sharing your magnum.conf? I think you may need the *cafile*
> config option for both *keystone_authtoken* and *keystone_auth.*
>
>
> On 22/01/20 11:01 AM, Ionut Biru wrote:
>
> Hello guys,
>
> I'm trying to deploy a kubernetes cluster using magnum 9.2
> with fedora-coreos-31.20200113.3.1-openstack.
>
> Master vm is deployed correctly but the cluster is never deployed since
> podman returns the following error:
>
>
> Jan 21 21:55:14 k8s-cluster002-mn5qgp6qlmw6-master-0 podman[2433]:
> Authorization failed: SSL exception connecting to
> https://api.mydomain.cloud:5000/v3/auth/tokens: HTTPSConnectionPool(host='api.mydomain.cloud',
> port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by
> SSLError(SSLError(185090184, u'[X509] no certificate or crl found
> (_ssl.c:3063)'),))
>
> I do have a valid letsencrypt certification on that particular domain.
>
>  curl https://api.mydomain.cloud:5000/v3/auth/tokens
>  {"error": {"message": "The request you have made requires
> authentication.", "code": 401, "title": "Unauthorized"}}
>
> I was wondering, do you guys seen this issue before? Below is the template.
>
> https://paste.xinu.at/OC0Ic/
> --
> Ionut Biru - https://fleio.com
>
> --
> Cheers & Best regards,
> Feilong Wang (王飞龙)
> Head of R&D
> Catalyst Cloud - Cloud Native New Zealand
> --------------------------------------------------------------------------
> Tel: +64-48032246
> Email: flwang at catalyst.net.nz
> Level 6, Catalyst House, 150 Willis Street, Wellington
> --------------------------------------------------------------------------
>
>

-- 
Ionut Biru - https://fleio.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20200122/bb43f85a/attachment.html>

More information about the openstack-discuss mailing list