[kolla-ansible][Xena] SSL certificate expired

wodel youchi wodel.youchi at gmail.com
Tue Oct 11 12:33:35 UTC 2022


Hi,

I disabled TLS in globals.yml then tried to deploy openstack, but it does
not work, the deployment still uses https.
How can I make a workaround?

Le mar. 11 oct. 2022 à 12:08, wodel youchi <wodel.youchi at gmail.com> a
écrit :

> Anyone???
>
> Le lun. 10 oct. 2022 à 12:21, wodel youchi <wodel.youchi at gmail.com> a
> écrit :
>
>> Hi,
>>
>> I tried to deploy a new certificate using :kolla-ansible reconfigure
>> But I got :
>>
>> "module_stderr": "*Failed to discover available identity versions when
>> contacting https://dashint.cloud.exemple.com:35357
>> <https://dashint.cloud.exemple.com:35357>*. Attemptin
>> g to parse version from URL.\nTraceback (most recent call last):\n  File
>> \"/opt/ansible/lib/python3.6/site-packages/urllib3/connectio
>> npool.py\", line 706, in urlopen\n    chunked=chunked,\n  File
>> \"/opt/ansible/lib/python3.6/site-packages/urllib3/connectionpool.py\"
>> , line 382, in _make_request\n    self._validate_conn(conn)\n  File
>> \"/opt/ansible/lib/python3.6/site-packages/urllib3/connectionpool
>> .py\", line 1010, in _validate_conn\n    conn.connect()\n  File
>> \"/opt/ansible/lib/python3.6/site-packages/urllib3/connection.py\", l
>> ine 421, in connect\n    tls_in_tls=tls_in_tls,\n  File
>> \"/opt/ansible/lib/python3.6/site-packages/urllib3/util/ssl_.py\", line 450,
>> in ssl_wrap_socket\n    sock, context, tls_in_tls,
>> server_hostname=server_hostname\n  File
>> \"/opt/ansible/lib/python3.6/site-packages
>> /urllib3/util/ssl_.py\", line 493, in _ssl_wrap_socket_impl\n    return
>> ssl_context.wrap_socket(sock, server_hostname=server_hostname
>> )\n  File \"/usr/lib64/python3.6/ssl.py\", line 365, in wrap_socket\n
>>  _context=self, _session=session)\n  File \"/usr/lib64/python
>> 3.6/ssl.py\", line 776, in __init__\n    self.do_handshake()\n  File
>> \"/usr/lib64/python3.6/ssl.py\", line 1036, in do_handshake\n
>>  self._sslobj.do_handshake()\n  File \"/usr/lib64/python3.6/ssl.py\",
>> line 648, in do_handshake\n    self._sslobj.do_handshake()\nssl
>> .*SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed*
>>
>> Some help please
>>
>>
>>
>> Regards.
>>
>> Le dim. 9 oct. 2022 à 16:19, wodel youchi <wodel.youchi at gmail.com> a
>> écrit :
>>
>>> Hi,
>>>
>>> My SSL certificate has expired, and now I cannot authenticate into
>>> horizon and I have these errors :
>>> *WARNING keystoneauth.identity.generic.base [-] Failed to discover
>>> available identity versions when contacting
>>> https://dashint.cloud.exemple.com:35357
>>> <https://dashint.cloud.exemple.com:35357>. Attempting to parse version from
>>> URL.: keystoneauth1.exceptions.connection.SSLError: SSL exception
>>> connecting to https:// dashint.cloud.exemple.com
>>> <http://dashint.cloud.exemple.com> :35357: HTTPSConnectionPool(host='
>>> dashint.cloud.exemple.com <http://dashint.cloud.exemple.com>', port=35357):
>>> Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL:
>>> CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))*
>>>
>>> In my globals.yml I have this parameter :
>>> kolla_verify_tls_backend: "no"
>>>
>>> 1 - How do I disable SSL verification for now?
>>> 2 - How to install a new SSL certificate?
>>>
>>>
>>>
>>> Regards.
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20221011/c7ff49ab/attachment.htm>


More information about the openstack-discuss mailing list