[Openstack-operators] Kilo upgrade challenges
Mike Dorman
mdorman at godaddy.com
Thu Nov 12 15:54:09 UTC 2015
We’ve run into this, too, and it’s been a frustration for a while. No way to tell python-requests to use a different cacert file (that I know of), and (at least in the packaging we use), the packaged cacert.pem file isn’t marked as a configuration file, meaning that it gets overwritten any time the package is upgraded.
Glad you got it figured out.
From: Xav Paice <xavpaice at gmail.com<mailto:xavpaice at gmail.com>>
Date: Wednesday, November 11, 2015 at 7:07 PM
To: OpenStack Operators <openstack-operators at lists.openstack.org<mailto:openstack-operators at lists.openstack.org>>
Subject: Re: [Openstack-operators] Kilo upgrade challenges
Follow up to this...
It turns out that using a self signed SSL cert is problematic when python requests bundles it's cacerts separately to the system list of ca certs (in a virtual env).
This was solved by cat'ing the ca cert for our ca >> /usr/share/python/python-heat/lib/python2.7/site-packages/requests/cacert.pem
It was bound to be something daft like that!
Many thanks for the replies, very much appreciated.
On 12 November 2015 at 13:20, Matt Kassawara <mkassawara at gmail.com<mailto:mkassawara at gmail.com>> wrote:
Did you change anything under [keystone_authtoken] in the heat.conf file?
On Wed, Nov 11, 2015 at 4:43 PM, Leslie-Alexandre DENIS <contact at ladenis.fr<mailto:contact at ladenis.fr>> wrote:
Le 11/11/2015 05:46, Xav Paice a écrit :
Hi,
Late to the party, I'm only just doing the Kilo upgrade now (with a couple of projects going direct to Liberty). I seem to have hit a bit of a snag, and I've now spent a bit too long banging my head against this, was wondering if anyone else has advice/experiences to share.
If it's a "you Muppet, you did X wrong" thing, I'd love to hear about it - I'm 99.9% sure I've stuffed up a config somewhere.
In short, after upgrading, say, Heat, to Kilo, and running the db migration, restarting etc, the CLI is returning 'Authentication required'. My user is admin, and nothing has changed that I'm aware of. I can't see anything particularly new in the logs for keystone, nor in heat, except that I now see "WARNING keystonemiddleware.auth_token [-] Authorization failed for token". I'm not sure if that's a problem or not though.
Some details etc are in http://paste.openstack.org/show/478501/ -> from a dev environment so not even sanitized.
Anyone been there?
Thanks
Xav
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators at lists.openstack.org<mailto:OpenStack-operators at lists.openstack.org>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Hello Xav,
I faced similar problems last few weeks, during an Icehouse to Kilo upgrade, regarding to Cinder and I found out that it was due to client version.
You can find the correct version in https://github.com/openstack/heat/blob/stable/kilo/requirements.txt
At least, you can double check it and eventually solve this.
My 2 cents,
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators at lists.openstack.org<mailto:OpenStack-operators at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators at lists.openstack.org<mailto:OpenStack-operators at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20151112/0a0b0d0a/attachment.html>
More information about the OpenStack-operators
mailing list