1245212 – rhel-osp-director: Running "ahc-match" on a setup with enabled SSL yields error: ironicclient.openstack.common.apiclient.exceptions.ConnectionRefused: Error communicating with https://[IP]:13385/ [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL

Bug 1245212 - rhel-osp-director: Running "ahc-match" on a setup with enabled SSL yields error: ironicclient.openstack.common.apiclient.exceptions.ConnectionRefused: Error communicating with https://[IP]:13385/ [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL

Summary: rhel-osp-director: Running "ahc-match" on a setup with enabled SSL yields err...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	ahc-tools
Sub Component:
Version:	unspecified
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	unspecified
Target Milestone:	y1
Target Release:	7.0 (Kilo)
Assignee:	John Trowbridge
QA Contact:	Alexander Chuzhoy
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1255468 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-07-21 13:37 UTC by Alexander Chuzhoy
Modified:	2023-02-22 23:02 UTC (History)
CC List:	9 users (show)
Fixed In Version:	ahc-tools-0.1.1-6.el7ost
Doc Type:	Bug Fix
Doc Text:	SSL configuration on the director caused the Automated Health Check (AHC) tools to fail due to not using internal endpoints for certain components. This fix changes the configuration to use internal endpoints. The AHC tools now run without SSL errors.
Clone Of:
Environment:
Last Closed:	2015-10-08 12:15:33 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Gerrithub.io	240778	0	None	None	None	Never
Red Hat Product Errata	RHSA-2015:1862	0	normal	SHIPPED_LIVE	Moderate: Red Hat Enterprise Linux OpenStack Platform 7 director update	2015-10-08 16:05:50 UTC

Description Alexander Chuzhoy 2015-07-21 13:37:29 UTC

rhel-osp-director: Running "ahc-match" on a setup with enabled SSL yields error: ironicclient.openstack.common.apiclient.exceptions.ConnectionRefused: Error communicating with https://[IP]:13385/ [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL 

Environment:
instack-undercloud-2.1.2-21.el7ost.noarch
ahc-tools-0.1.1-5.el7ost.noarch


Steps to reproduce:
1. Deploy undercloud with SSL enabled.
2. Register some hosts.
3. Install ahc-tools.
4. Run sudo  sed 's/\[discoverd/\[ironic/' /etc/ironic-discoverd/discoverd.conf > /etc/ahc-tools/ahc-tools.conf
5. chmod 0600 /etc/ahc-tools/ahc-tools.conf
6. sudo cp /etc/ahc-tools/edeploy/compute.specs /etc/ahc-tools/edeploy/foo.specs
7. sudo echo [('foo','*')] > /etc/ahc-tools/edeploy/state
8. run 'ahc-match'

Result:
Traceback (most recent call last):
  File "/bin/ahc-match", line 10, in <module>
    sys.exit(main())
  File "/usr/lib/python2.7/site-packages/ahc_tools/match.py", line 100, in main
    nodes = utils.get_ironic_nodes(ironic_client)
  File "/usr/lib/python2.7/site-packages/ahc_tools/utils.py", line 77, in get_ironic_nodes
    all_nodes = ironic_client.node.list(detail=True, limit=0)
  File "/usr/lib/python2.7/site-packages/ironicclient/v1/node.py", line 91, in list
    limit=limit)
  File "/usr/lib/python2.7/site-packages/ironicclient/common/base.py", line 96, in _list_pagination
    resp, body = self.api.json_request('GET', url)
  File "/usr/lib/python2.7/site-packages/ironicclient/common/http.py", line 353, in json_request
    resp, body_iter = self._http_request(url, method, **kwargs)
  File "/usr/lib/python2.7/site-packages/ironicclient/common/http.py", line 162, in wrapper
    return func(self, url, method, **kwargs)
  File "/usr/lib/python2.7/site-packages/ironicclient/common/http.py", line 318, in _http_request
    raise exc.ConnectionRefused(message)
ironicclient.openstack.common.apiclient.exceptions.ConnectionRefused: Error communicating with https://192.0.2.2:13385/ [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


Expected result:
No errors.

Comment 5 Ben Nemec 2015-09-02 16:58:59 UTC

*** Bug 1255468 has been marked as a duplicate of this bug. ***

Comment 8 Alexander Chuzhoy 2015-09-15 16:05:16 UTC

Verified:
Environment:
ahc-tools-0.1.1-6.el7ost.noarch


No errors are reported.

Comment 10 errata-xmlrpc 2015-10-08 12:15:33 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2015:1862

Note You need to log in before you can comment on or make changes to this bug.