Bug 1258109

Summary:

ERROR: openstack SSL exception connecting to https://192.168.89.26:13000/v2.0/tokens: hostname '192.168.89.26' doesn't match u'manager.lab'

Product:

Red Hat OpenStack

Reporter:

anand.lingaraj

Component:

rhosp-director

Assignee:

chris alfonso <calfonso>

Status:

CLOSED DUPLICATE

QA Contact:

yeylon <yeylon>

Severity:

high

Docs Contact:

Priority:

unspecified

Version:

7.0 (Kilo)

CC:

hbrock, mburns, rhel-osp-director-maint, sacpatil, srevivo

Target Milestone:

---

Target Release:

8.0 (Liberty)

Hardware:

x86_64

OS:

All

Whiteboard:

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2015-09-02 16:23:24 UTC

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
Error Log	none

Description anand.lingaraj 2015-08-29 07:09:58 UTC

Created attachment 1068216 [details]
Error Log

Description of problem:

I tried installing openstack director on RHEL 7. Tried install and reinstall 25 times and still encounter the same issue

Version-Release number of selected component (if applicable):
7.1

How reproducible:
1. Install RHEl7
2. Attach subscription
3. Yum Update
4. yum install python-rdomanager-oscplugin
5. Configure undercloud.conf
6. openstack undercloud install

Actual results:

2015-08-29 15:00:03,693 INFO: 2015-08-29 15:00:03 - requests.packages.urllib3.connectionpool - INFO - Starting new HTTP connection (1): 192.168.89.25
2015-08-29 15:00:03,830 INFO: Warning: Permanently added '192.168.89.25' (ECDSA) to the list of known hosts.
2015-08-29 15:00:05,040 INFO: The following cert files already exist, use --rebuild to remove the existing files before regenerating:
2015-08-29 15:00:05,041 INFO: /etc/keystone/ssl/certs/ca.pem already exists
2015-08-29 15:00:05,041 INFO: /etc/keystone/ssl/private/signing_key.pem already exists
2015-08-29 15:00:05,041 INFO: /etc/keystone/ssl/certs/signing_cert.pem already exists
2015-08-29 15:00:05,104 INFO: Connection to 192.168.89.25 closed.
2015-08-29 15:00:05,116 INFO: PKI initialization in init-keystone is deprecated and will be removed.
2015-08-29 15:00:05,169 INFO: + openstack role show ResellerAdmin
2015-08-29 15:00:05,788 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
2015-08-29 15:00:05,788 INFO:   InsecurePlatformWarning
2015-08-29 15:00:05,797 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:251: SecurityWarning: Certificate has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
2015-08-29 15:00:05,798 INFO:   SecurityWarning
2015-08-29 15:00:05,798 INFO: WARNING: keystoneclient.auth.identity.generic.base Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL.
2015-08-29 15:00:05,799 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
2015-08-29 15:00:05,800 INFO:   InsecurePlatformWarning
2015-08-29 15:00:05,810 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:251: SecurityWarning: Certificate has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
2015-08-29 15:00:05,810 INFO:   SecurityWarning
2015-08-29 15:00:05,813 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
2015-08-29 15:00:05,813 INFO:   InsecurePlatformWarning
2015-08-29 15:00:05,821 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:251: SecurityWarning: Certificate has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
2015-08-29 15:00:05,821 INFO:   SecurityWarning
2015-08-29 15:00:05,823 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
2015-08-29 15:00:05,823 INFO:   InsecurePlatformWarning
2015-08-29 15:00:05,843 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:251: SecurityWarning: Certificate has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
2015-08-29 15:00:05,844 INFO:   SecurityWarning
2015-08-29 15:00:05,844 INFO: ERROR: openstack SSL exception connecting to https://192.168.89.26:13000/v2.0/tokens: hostname '192.168.89.26' doesn't match u'manager.lab'
2015-08-29 15:00:05,887 INFO: + openstack role create ResellerAdmin
2015-08-29 15:00:06,377 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
2015-08-29 15:00:06,377 INFO:   InsecurePlatformWarning
2015-08-29 15:00:06,385 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:251: SecurityWarning: Certificate has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
2015-08-29 15:00:06,386 INFO:   SecurityWarning
2015-08-29 15:00:06,386 INFO: WARNING: keystoneclient.auth.identity.generic.base Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL.
2015-08-29 15:00:06,387 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
2015-08-29 15:00:06,387 INFO:   InsecurePlatformWarning
2015-08-29 15:00:06,396 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:251: SecurityWarning: Certificate has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
2015-08-29 15:00:06,397 INFO:   SecurityWarning
2015-08-29 15:00:06,397 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
2015-08-29 15:00:06,398 INFO:   InsecurePlatformWarning
2015-08-29 15:00:06,409 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:251: SecurityWarning: Certificate has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
2015-08-29 15:00:06,410 INFO:   SecurityWarning
2015-08-29 15:00:06,410 INFO: ERROR: openstack SSL exception connecting to https://192.168.89.26:13000/v2.0/tokens: hostname '192.168.89.26' doesn't match u'manager.lab'
2015-08-29 15:00:06,455 INFO: [2015-08-29 15:00:06,454] (os-refresh-config) [ERROR] during post-configure phase. [Command '['dib-run-parts', '/usr/libexec/os-refresh-config/post-configure.d']' returned non-zero exit status 1]
2015-08-29 15:00:06,455 INFO: 
2015-08-29 15:00:06,455 INFO: [2015-08-29 15:00:06,455] (os-refresh-config) [ERROR] Aborting...
Expected results:


Additional info:
image_path = /home/stack/images
local_ip = 192.168.89.25/24
undercloud_public_vip = 192.168.89.26
undercloud_admin_vip = 192.168.89.27
undercloud_service_certificate = /etc/haproxy/undercloud.pem
local_interface = eth1
masquerade_network = 192.168.89.0/24
dhcp_start = 192.168.89.51
dhcp_end = 192.168.89.60
network_cidr = 192.168.89.0/24
network_gateway = 192.168.89.254
discovery_interface = br-ctlplane
discovery_iprange = 192.168.89.61,192.168.89.80
discovery_runbench = false
undercloud_debug = true

Comment 3 anand.lingaraj 2015-08-29 08:03:21 UTC

instack-undercloud-2.1.2-23.el7ost.noarch
instack-0.0.7-1.el7ost.noarch
selinux-policy-3.13.1-23.el7_1.13.noarch
selinux-policy-targeted-3.13.1-23.el7_1.13.noarch
selinux-policy-3.13.1-23.el7_1.13.noarch
libselinux-python-2.2.2-6.el7.x86_64
libselinux-2.2.2-6.el7.x86_64

Comment 4 chris alfonso 2015-09-02 16:23:24 UTC


*** This bug has been marked as a duplicate of bug 1253529 ***

Comment 5 Sachin 2016-04-08 08:47:14 UTC

Looks like one of th customer encounter this error in packstack installation


---
packstack --allinone
---

    raise PuppetError(message)
PuppetError: Error appeared during Puppet run: 10.xxx.x.xx_keystone.pp
Error: Could not prefetch keystone_service provider 'openstack': Execution of '/usr/bin/openstack service list --quiet --format csv --long' returned 1: ERROR: openstack SSL exception connecting to http://127.0.0.1:35357/v2.0/OS-KSADM/services: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:765)

Comment 6 Mike Burns 2016-04-08 10:55:05 UTC

(In reply to Sachin from comment #5)
> Looks like one of th customer encounter this error in packstack installation
> 
> 
> ---
> packstack --allinone
> ---
> 
>     raise PuppetError(message)
> PuppetError: Error appeared during Puppet run: 10.xxx.x.xx_keystone.pp
> Error: Could not prefetch keystone_service provider 'openstack': Execution
> of '/usr/bin/openstack service list --quiet --format csv --long' returned 1:
> ERROR: openstack SSL exception connecting to
> http://127.0.0.1:35357/v2.0/OS-KSADM/services: [SSL: UNKNOWN_PROTOCOL]
> unknown protocol (_ssl.c:765)

Issues found with packstack should be filed seperately against openstack-packstack.  This bug is only for director deployments.