We’ve run into this, too, and it’s been a frustration for a while. No way to tell python-requests to use a different cacert file (that I know of), and (at least in the packaging we use), the packaged cacert.pem file isn’t marked as a configuration file, meaning that it gets overwritten any time the package is upgraded.
Glad you got it figured out. From: Xav Paice <[email protected]<mailto:[email protected]>> Date: Wednesday, November 11, 2015 at 7:07 PM To: OpenStack Operators <[email protected]<mailto:[email protected]>> Subject: Re: [Openstack-operators] Kilo upgrade challenges Follow up to this... It turns out that using a self signed SSL cert is problematic when python requests bundles it's cacerts separately to the system list of ca certs (in a virtual env). This was solved by cat'ing the ca cert for our ca >> /usr/share/python/python-heat/lib/python2.7/site-packages/requests/cacert.pem It was bound to be something daft like that! Many thanks for the replies, very much appreciated. On 12 November 2015 at 13:20, Matt Kassawara <[email protected]<mailto:[email protected]>> wrote: Did you change anything under [keystone_authtoken] in the heat.conf file? On Wed, Nov 11, 2015 at 4:43 PM, Leslie-Alexandre DENIS <[email protected]<mailto:[email protected]>> wrote: Le 11/11/2015 05:46, Xav Paice a écrit : Hi, Late to the party, I'm only just doing the Kilo upgrade now (with a couple of projects going direct to Liberty). I seem to have hit a bit of a snag, and I've now spent a bit too long banging my head against this, was wondering if anyone else has advice/experiences to share. If it's a "you Muppet, you did X wrong" thing, I'd love to hear about it - I'm 99.9% sure I've stuffed up a config somewhere. In short, after upgrading, say, Heat, to Kilo, and running the db migration, restarting etc, the CLI is returning 'Authentication required'. My user is admin, and nothing has changed that I'm aware of. I can't see anything particularly new in the logs for keystone, nor in heat, except that I now see "WARNING keystonemiddleware.auth_token [-] Authorization failed for token". I'm not sure if that's a problem or not though. Some details etc are in http://paste.openstack.org/show/478501/ -> from a dev environment so not even sanitized. Anyone been there? Thanks Xav _______________________________________________ OpenStack-operators mailing list [email protected]<mailto:[email protected]>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators Hello Xav, I faced similar problems last few weeks, during an Icehouse to Kilo upgrade, regarding to Cinder and I found out that it was due to client version. You can find the correct version in https://github.com/openstack/heat/blob/stable/kilo/requirements.txt At least, you can double check it and eventually solve this. My 2 cents, _______________________________________________ OpenStack-operators mailing list [email protected]<mailto:[email protected]> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators _______________________________________________ OpenStack-operators mailing list [email protected]<mailto:[email protected]> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
_______________________________________________ OpenStack-operators mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
