[Openstack-operators] [cloudkitty] Anyone running Cloudkitty with SSL?

Christophe Sauthier christophe.sauthier at objectif-libre.com
Tue Sep 4 09:50:13 UTC 2018


Hello

Thanks for those elements.

It is really surprising because as you can imagine this is something we 
set up many times...
I'll take care to set up the same environment than you and I'll let you 
know if I am facing the same issues... I am trying to do that quickly...

Regards

     Christophe

----
Christophe Sauthier
CEO

Objectif Libre : Au service de votre Cloud

+33 (0) 6 16 98 63 96 | christophe.sauthier at objectif-libre.com

https://www.objectif-libre.com | @objectiflibre
Recevez la Pause Cloud Et DevOps : https://olib.re/abo-pause

Le 2018-08-31 23:40, jonmills at gmail.com a écrit :
> On Fri, 2018-08-31 at 23:20 +0200, Christophe Sauthier wrote:
>> Hello Jonathan
>> 
>> Can you describe a little more your setup (release/method of
>> installation/linux distribution) /issues that you are facing ?
> 
> 
> It is OpenStack Queens, on CentOS 7.5, using the packages from the
> centos-cloud repo (which I suppose is the same is RDO).
> 
> # uname -msr
> Linux 3.10.0-862.3.2.el7.x86_64 x86_64
> 
> # rpm -qa |grep cloudkitty |sort
> openstack-cloudkitty-api-7.0.0-1.el7.noarch
> openstack-cloudkitty-common-7.0.0-1.el7.noarch
> openstack-cloudkitty-processor-7.0.0-1.el7.noarch
> openstack-cloudkitty-ui-7.0.0-1.el7.noarch
> python2-cloudkittyclient-1.2.0-1.el7.noarch
> 
> It is 'deployed' with custom puppet code only.  I follow exactly the
> installation guides posted here:
> https://docs.openstack.org/cloudkitty/queens/index.html
> 
> I'd prefer not to post full config files, but my [keystone_authtoken]
> section of cloudkitty.conf is identical (aside from service
> credentials) to the ones found in my glance, nova, cinder, neutron,
> gnocchi, ceilometer, etc, all of those services are working perfectly.
> 
> 
> My processor.log file is full of
> 
> 2018-08-31 16:38:04.086 30471 WARNING cloudkitty.orchestrator [-] 
> Error
> while collecting service network.floating: SSL exception connecting to
> https://keystone.gpcprod:5000/v3/auth/tokens: ("bad handshake:
> Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate
> verify failed')],)",): SSLError: SSL exception connecting to
> https://keystone.gpcprod:5000/v3/auth/tokens: ("bad handshake:
> Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate
> verify failed')],)",)
> 2018-08-31 16:38:04.094 30471 WARNING cloudkitty.orchestrator [-] 
> Error
> while collecting service image: SSL exception connecting to
> https://keystone.gpcprod:5000/v3/auth/tokens: ("bad handshake:
> Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate
> verify failed')],)",): SSLError: SSL exception connecting to
> https://keystone.gpcprod:5000/v3/auth/tokens: ("bad handshake:
> Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate
> verify failed')],)",)
> 
> and so on
> 
> 
> But, I mean, there's other little things too.  I can see from running
> 
> 'openstack --debug rating info-config-get'
> 
> that it never even loads the cacert from my env, so it fails talking 
> to
> keystone trying to get a token; the request never even gets to the
> cloudkitty api endpoint.
> 
> 
> 
>> 
>> Because we have deployed it/used it many times with SSL without
>> issue...
>> 
>> It could be great also that you step up on #cloudkitty to discuss it.
>> 
>>       Christophe
>> 
>> ----
>> Christophe Sauthier
>> CEO
>> 
>> Objectif Libre : Au service de votre Cloud
>> 
>> +33 (0) 6 16 98 63 96 | christophe.sauthier at objectif-libre.com
>> 
>> https://www.objectif-libre.com | @objectiflibre
>> Recevez la Pause Cloud Et DevOps : https://olib.re/abo-pause
>> 
>> Le 2018-08-31 23:15, jonmills at gmail.com a écrit :
>>> Anyone out there have Cloudkitty successfully working with SSL?  By
>>> which I mean that Cloudkitty is able to talk to keystone over https
>>> without cert errors, and also talk to SSL'd rabbitmq?  Oh, and the
>>> client tools also?
>>> 
>>> Asking for a friend...
>>> 
>>> 
>>> 
>>> Jonathan
>>> 
>>> 
>>> _______________________________________________
>>> OpenStack-operators mailing list
>>> OpenStack-operators at lists.openstack.org
>>> 
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators



More information about the OpenStack-operators mailing list