[Openstack] OpenStack Network API SSL error
Rob Crittenden
rcritten at redhat.com
Mon Apr 13 13:24:19 UTC 2015
Chris Mutchler wrote:
> Ive been searching Google for several hours tonight and have not found
> an answer yet to this SSL error message. I am trying to execute the
> following segment of code:
>
> 139 credentials = get_credentials()
>
> 140 neutron = client.Client('2.0',
>
> 141 username=credentials['username'],
>
> 142 password=credentials['password'],
>
> 143 auth_url=credentials['auth_url'],
>
> 144 tenant_name=credentials['tenant_name'],
>
> 145 endpoint_url=credentials['url'],
>
> 146 token=credentials['token'],
>
> 147 insecure=True)
>
> 148 response = neutron.list_ports()
>
>
> When I run the Python script, it errors out with the following:
>
> Traceback (most recent call last):
>
> File "getMACAddr.py", line 148, in <module>
>
> response = neutron.list_ports()
>
> File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py",
> line 111, in with_params
>
> ret = self.function(instance, *args, **kwargs)
>
> File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py",
> line 306, in list_ports
>
> **_params)
>
> File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py",
> line 1250, in list
>
> for r in self._pagination(collection, path, **params):
>
> File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py",
> line 1263, in _pagination
>
> res = self.get(path, params=params)
>
> File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py",
> line 1236, in get
>
> headers=headers, params=params)
>
> File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py",
> line 1221, in retry_request
>
> headers=headers, params=params)
>
> File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py",
> line 1156, in do_request
>
> resp, replybody = self.httpclient.do_request(action, method, body=body)
>
> File "/usr/lib/python2.7/dist-packages/neutronclient/client.py", line
> 192, in do_request
>
> **kwargs)
>
> File "/usr/lib/python2.7/dist-packages/neutronclient/client.py", line
> 148, in _cs_request
>
> raise exceptions.SslCertificateValidationError(reason=e)
>
> neutronclient.common.exceptions.SslCertificateValidationError: SSL
> certificate validation has failed: [Errno 1] _ssl.c:510:
> error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
>
>
> The /var/log/neutron/server.log file has the following corresponding
> entry for when the script tries to make the connection:
>
> 2015-04-11 07:17:31.941 2096 INFO neutron.wsgi [-] (2096) accepted
> ('10.27.16.164', 34495)
>
>
> When I run the CLI from the same controller node, I get the error with
> or without the insecure flag:
>
> root at controller02:/tmp# neutron port-list
>
> SSL certificate validation has failed: [Errno 1] _ssl.c:510:
> error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
>
> root at controller02:/tmp# neutron --insecure port-list
>
> SSL certificate validation has failed: [Errno 1] _ssl.c:510:
> error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
>
>
> If I run the CLI command from my local Macbook Pro, it works just fine.
> Ultimately, I am trying to add a port through the API but I am using the
> list_ports() as a test until I get it working.
>
> Any ideas how to solve this issue?
This type of error usually indicates that you're not talking to an
SSL-enabled server, but given that it works on one host and not another
that adds another twist.
What I'd do is add the --debug flag and see if there is any difference
between the working and non-working server. And I'd probably also try
the curl command that --debug spits out.
rob
More information about the Openstack
mailing list