Bug 1258109 - ERROR: openstack SSL exception connecting to https://192.168.89.26:13000/v2.0/tokens: hostname '192.168.89.26' doesn't match u'manager.lab'
Summary: ERROR: openstack SSL exception connecting to https://192.168.89.26:13000/v2.0...
Keywords:
Status: CLOSED DUPLICATE of bug 1253529
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: rhosp-director
Version: 7.0 (Kilo)
Hardware: x86_64
OS: All
unspecified
high
Target Milestone: ---
: 8.0 (Liberty)
Assignee: chris alfonso
QA Contact: yeylon@redhat.com
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-08-29 07:09 UTC by anand.lingaraj
Modified: 2016-04-18 07:01 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-09-02 16:23:24 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Error Log (596.68 KB, text/plain)
2015-08-29 07:09 UTC, anand.lingaraj 		no flags Details
View All

Description anand.lingaraj 2015-08-29 07:09:58 UTC 
Created attachment 1068216 [details]
Error Log

Description of problem:

I tried installing openstack director on RHEL 7. Tried install and reinstall 25 times and still encounter the same issue

Version-Release number of selected component (if applicable):
7.1

How reproducible:
1. Install RHEl7
2. Attach subscription
3. Yum Update
4. yum install python-rdomanager-oscplugin
5. Configure undercloud.conf
6. openstack undercloud install

Actual results:

2015-08-29 15:00:03,693 INFO: 2015-08-29 15:00:03 - requests.packages.urllib3.connectionpool - INFO - Starting new HTTP connection (1): 192.168.89.25
2015-08-29 15:00:03,830 INFO: Warning: Permanently added '192.168.89.25' (ECDSA) to the list of known hosts.
2015-08-29 15:00:05,040 INFO: The following cert files already exist, use --rebuild to remove the existing files before regenerating:
2015-08-29 15:00:05,041 INFO: /etc/keystone/ssl/certs/ca.pem already exists
2015-08-29 15:00:05,041 INFO: /etc/keystone/ssl/private/signing_key.pem already exists
2015-08-29 15:00:05,041 INFO: /etc/keystone/ssl/certs/signing_cert.pem already exists
2015-08-29 15:00:05,104 INFO: Connection to 192.168.89.25 closed.
2015-08-29 15:00:05,116 INFO: PKI initialization in init-keystone is deprecated and will be removed.
2015-08-29 15:00:05,169 INFO: + openstack role show ResellerAdmin
2015-08-29 15:00:05,788 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
2015-08-29 15:00:05,788 INFO:   InsecurePlatformWarning
2015-08-29 15:00:05,797 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:251: SecurityWarning: Certificate has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
2015-08-29 15:00:05,798 INFO:   SecurityWarning
2015-08-29 15:00:05,798 INFO: WARNING: keystoneclient.auth.identity.generic.base Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL.
2015-08-29 15:00:05,799 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
2015-08-29 15:00:05,800 INFO:   InsecurePlatformWarning
2015-08-29 15:00:05,810 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:251: SecurityWarning: Certificate has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
2015-08-29 15:00:05,810 INFO:   SecurityWarning
2015-08-29 15:00:05,813 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
2015-08-29 15:00:05,813 INFO:   InsecurePlatformWarning
2015-08-29 15:00:05,821 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:251: SecurityWarning: Certificate has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
2015-08-29 15:00:05,821 INFO:   SecurityWarning
2015-08-29 15:00:05,823 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
2015-08-29 15:00:05,823 INFO:   InsecurePlatformWarning
2015-08-29 15:00:05,843 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:251: SecurityWarning: Certificate has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
2015-08-29 15:00:05,844 INFO:   SecurityWarning
2015-08-29 15:00:05,844 INFO: ERROR: openstack SSL exception connecting to https://192.168.89.26:13000/v2.0/tokens: hostname '192.168.89.26' doesn't match u'manager.lab'
2015-08-29 15:00:05,887 INFO: + openstack role create ResellerAdmin
2015-08-29 15:00:06,377 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
2015-08-29 15:00:06,377 INFO:   InsecurePlatformWarning
2015-08-29 15:00:06,385 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:251: SecurityWarning: Certificate has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
2015-08-29 15:00:06,386 INFO:   SecurityWarning
2015-08-29 15:00:06,386 INFO: WARNING: keystoneclient.auth.identity.generic.base Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL.
2015-08-29 15:00:06,387 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
2015-08-29 15:00:06,387 INFO:   InsecurePlatformWarning
2015-08-29 15:00:06,396 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:251: SecurityWarning: Certificate has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
2015-08-29 15:00:06,397 INFO:   SecurityWarning
2015-08-29 15:00:06,397 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
2015-08-29 15:00:06,398 INFO:   InsecurePlatformWarning
2015-08-29 15:00:06,409 INFO: /usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:251: SecurityWarning: Certificate has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
2015-08-29 15:00:06,410 INFO:   SecurityWarning
2015-08-29 15:00:06,410 INFO: ERROR: openstack SSL exception connecting to https://192.168.89.26:13000/v2.0/tokens: hostname '192.168.89.26' doesn't match u'manager.lab'
2015-08-29 15:00:06,455 INFO: [2015-08-29 15:00:06,454] (os-refresh-config) [ERROR] during post-configure phase. [Command '['dib-run-parts', '/usr/libexec/os-refresh-config/post-configure.d']' returned non-zero exit status 1]
2015-08-29 15:00:06,455 INFO: 
2015-08-29 15:00:06,455 INFO: [2015-08-29 15:00:06,455] (os-refresh-config) [ERROR] Aborting...
Expected results:


Additional info:
image_path = /home/stack/images
local_ip = 192.168.89.25/24
undercloud_public_vip = 192.168.89.26
undercloud_admin_vip = 192.168.89.27
undercloud_service_certificate = /etc/haproxy/undercloud.pem
local_interface = eth1
masquerade_network = 192.168.89.0/24
dhcp_start = 192.168.89.51
dhcp_end = 192.168.89.60
network_cidr = 192.168.89.0/24
network_gateway = 192.168.89.254
discovery_interface = br-ctlplane
discovery_iprange = 192.168.89.61,192.168.89.80
discovery_runbench = false
undercloud_debug = true
Comment 3 anand.lingaraj 2015-08-29 08:03:21 UTC 
instack-undercloud-2.1.2-23.el7ost.noarch
instack-0.0.7-1.el7ost.noarch
selinux-policy-3.13.1-23.el7_1.13.noarch
selinux-policy-targeted-3.13.1-23.el7_1.13.noarch
selinux-policy-3.13.1-23.el7_1.13.noarch
libselinux-python-2.2.2-6.el7.x86_64
libselinux-2.2.2-6.el7.x86_64
Comment 4 chris alfonso 2015-09-02 16:23:24 UTC 

*** This bug has been marked as a duplicate of bug 1253529 ***
Comment 5 Sachin 2016-04-08 08:47:14 UTC 
Looks like one of th customer encounter this error in packstack installation


---
packstack --allinone
---

    raise PuppetError(message)
PuppetError: Error appeared during Puppet run: 10.xxx.x.xx_keystone.pp
Error: Could not prefetch keystone_service provider 'openstack': Execution of '/usr/bin/openstack service list --quiet --format csv --long' returned 1: ERROR: openstack SSL exception connecting to http://127.0.0.1:35357/v2.0/OS-KSADM/services: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:765)
Comment 6 Mike Burns 2016-04-08 10:55:05 UTC 
(In reply to Sachin from comment #5)
> Looks like one of th customer encounter this error in packstack installation
> 
> 
> ---
> packstack --allinone
> ---
> 
>     raise PuppetError(message)
> PuppetError: Error appeared during Puppet run: 10.xxx.x.xx_keystone.pp
> Error: Could not prefetch keystone_service provider 'openstack': Execution
> of '/usr/bin/openstack service list --quiet --format csv --long' returned 1:
> ERROR: openstack SSL exception connecting to
> http://127.0.0.1:35357/v2.0/OS-KSADM/services: [SSL: UNKNOWN_PROTOCOL]
> unknown protocol (_ssl.c:765)

Issues found with packstack should be filed seperately against openstack-packstack.  This bug is only for director deployments.
Note You need to log in before you can comment on or make changes to this bug.