Hi,
does anyone know how one can specify to use a file with CA certificates for
authentication with regards to deplyoments to on-premises openstack?
would I need to build the docker conainer and mount the file inside somehow
as when setting the export OS_CACERT=elasticluster/openstackca.pem I get
below error:
2021-02-10 21:05:47 074c653e4e12 elasticluster[1] ERROR Could not start
node `compute004`: Could not find a suitable TLS CA certificate bundle,
invalid path: elasticluster/openstackca.pem -- <type 'exceptions.IOError'>
Traceback (most recent call last):
File "elasticluster/cluster.py", line 580, in _start_node
node.start()
File "elasticluster/cluster.py", line 1319, in start
**self.extra)
File "elasticluster/providers/openstack.py", line 484, in start_instance
self._check_keypair(key_name, public_key_path, private_key_path)
File "elasticluster/providers/openstack.py", line 921, in _check_keypair
keypair = self.nova_client.keypairs.get(name)
File "/usr/local/lib/python2.7/site-packages/novaclient/api_versions.py",
line 393, in substitution
return methods[-1].func(obj, *args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/novaclient/v2/keypairs.py",
line 73, in get
"keypair")
File "/usr/local/lib/python2.7/site-packages/novaclient/base.py", line
353, in _get
resp, body = self.api.client.get(url)
File "/usr/local/lib/python2.7/site-packages/keystoneauth1/adapter.py",
line 386, in get
return self.request(url, 'GET', **kwargs)
File "/usr/local/lib/python2.7/site-packages/novaclient/client.py", line
72, in request
**kwargs)
File "/usr/local/lib/python2.7/site-packages/keystoneauth1/adapter.py",
line 545, in request
resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/keystoneauth1/adapter.py",
line 248, in request
return self.session.request(url, method, **kwargs)
File "/usr/local/lib/python2.7/site-packages/keystoneauth1/session.py",
line 747, in request
auth_headers = self.get_auth_headers(auth)
File "/usr/local/lib/python2.7/site-packages/keystoneauth1/session.py",
line 1158, in get_auth_headers
return auth.get_headers(self, **kwargs)
File "/usr/local/lib/python2.7/site-packages/keystoneauth1/plugin.py",
line 95, in get_headers
token = self.get_token(session)
File
"/usr/local/lib/python2.7/site-packages/keystoneauth1/identity/base.py",
line 88, in get_token
return self.get_access(session).auth_token
File
"/usr/local/lib/python2.7/site-packages/keystoneauth1/identity/base.py",
line 134, in get_access
self.auth_ref = self.get_auth_ref(session)
File
"/usr/local/lib/python2.7/site-packages/keystoneauth1/identity/v3/base.py",
line 184, in get_auth_ref
authenticated=False, log=False, **rkwargs)
File "/usr/local/lib/python2.7/site-packages/keystoneauth1/session.py",
line 1106, in post
return self.request(url, 'POST', **kwargs)
File "/usr/local/lib/python2.7/site-packages/keystoneauth1/session.py",
line 888, in request
resp = send(**kwargs)
File "/usr/local/lib/python2.7/site-packages/keystoneauth1/session.py",
line 979, in _send_request
resp = self.session.request(method, url, **kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line
533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line
646, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/adapters.py", line
416, in send
self.cert_verify(conn, request.url, verify, cert)
File "/usr/local/lib/python2.7/site-packages/requests/adapters.py", line
228, in cert_verify
"invalid path: {}".format(cert_loc))
IOError: Could not find a suitable TLS CA certificate bundle, invalid path:
elasticluster/openstackca.pem
would I need to build the docker conainer and mount the file inside somehow?
--
You received this message because you are subscribed to the Google Groups
"elasticluster" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticluster/66b24d45-fd5e-4776-a07b-9b1caf2943a0n%40googlegroups.com.
