Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1245212

Summary: rhel-osp-director: Running "ahc-match" on a setup with enabled SSL yields error: ironicclient.openstack.common.apiclient.exceptions.ConnectionRefused: Error communicating with https://[IP]:13385/ [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL
Product: Red Hat OpenStack Reporter: Alexander Chuzhoy <sasha>
Component: ahc-toolsAssignee: John Trowbridge <jtrowbri>
Status: CLOSED ERRATA QA Contact: Alexander Chuzhoy <sasha>
Severity: unspecified Docs Contact:
Priority: high    
Version: unspecifiedCC: bnemec, calfonso, djuran, dmacpher, jliberma, jslagle, mburns, rhel-osp-director-maint, sasha
Target Milestone: y1Keywords: Triaged, ZStream
Target Release: 7.0 (Kilo)   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: ahc-tools-0.1.1-6.el7ost Doc Type: Bug Fix
Doc Text:
SSL configuration on the director caused the Automated Health Check (AHC) tools to fail due to not using internal endpoints for certain components. This fix changes the configuration to use internal endpoints. The AHC tools now run without SSL errors.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-10-08 12:15:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alexander Chuzhoy 2015-07-21 13:37:29 UTC 
rhel-osp-director: Running "ahc-match" on a setup with enabled SSL yields error: ironicclient.openstack.common.apiclient.exceptions.ConnectionRefused: Error communicating with https://[IP]:13385/ [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL 

Environment:
instack-undercloud-2.1.2-21.el7ost.noarch
ahc-tools-0.1.1-5.el7ost.noarch


Steps to reproduce:
1. Deploy undercloud with SSL enabled.
2. Register some hosts.
3. Install ahc-tools.
4. Run sudo  sed 's/\[discoverd/\[ironic/' /etc/ironic-discoverd/discoverd.conf > /etc/ahc-tools/ahc-tools.conf
5. chmod 0600 /etc/ahc-tools/ahc-tools.conf
6. sudo cp /etc/ahc-tools/edeploy/compute.specs /etc/ahc-tools/edeploy/foo.specs
7. sudo echo [('foo','*')] > /etc/ahc-tools/edeploy/state
8. run 'ahc-match'

Result:
Traceback (most recent call last):
  File "/bin/ahc-match", line 10, in <module>
    sys.exit(main())
  File "/usr/lib/python2.7/site-packages/ahc_tools/match.py", line 100, in main
    nodes = utils.get_ironic_nodes(ironic_client)
  File "/usr/lib/python2.7/site-packages/ahc_tools/utils.py", line 77, in get_ironic_nodes
    all_nodes = ironic_client.node.list(detail=True, limit=0)
  File "/usr/lib/python2.7/site-packages/ironicclient/v1/node.py", line 91, in list
    limit=limit)
  File "/usr/lib/python2.7/site-packages/ironicclient/common/base.py", line 96, in _list_pagination
    resp, body = self.api.json_request('GET', url)
  File "/usr/lib/python2.7/site-packages/ironicclient/common/http.py", line 353, in json_request
    resp, body_iter = self._http_request(url, method, **kwargs)
  File "/usr/lib/python2.7/site-packages/ironicclient/common/http.py", line 162, in wrapper
    return func(self, url, method, **kwargs)
  File "/usr/lib/python2.7/site-packages/ironicclient/common/http.py", line 318, in _http_request
    raise exc.ConnectionRefused(message)
ironicclient.openstack.common.apiclient.exceptions.ConnectionRefused: Error communicating with https://192.0.2.2:13385/ [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


Expected result:
No errors.
Comment 5 Ben Nemec 2015-09-02 16:58:59 UTC 
*** Bug 1255468 has been marked as a duplicate of this bug. ***
Comment 8 Alexander Chuzhoy 2015-09-15 16:05:16 UTC 
Verified:
Environment:
ahc-tools-0.1.1-6.el7ost.noarch


No errors are reported.
Comment 10 errata-xmlrpc 2015-10-08 12:15:33 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2015:1862