Hello
Thanks for those elements.
It is really surprising because as you can imagine this is something we
set up many times...
I'll take care to set up the same environment than you and I'll let you
know if I am facing the same issues... I am trying to do that quickly...
Regards
Christophe
----
Christophe Sauthier
CEO
Objectif Libre : Au service de votre Cloud
+33 (0) 6 16 98 63 96 | christophe.sauth...@objectif-libre.com
https://www.objectif-libre.com | @objectiflibre
Recevez la Pause Cloud Et DevOps : https://olib.re/abo-pause
Le 2018-08-31 23:40, jonmi...@gmail.com a écrit :
On Fri, 2018-08-31 at 23:20 +0200, Christophe Sauthier wrote:
Hello Jonathan
Can you describe a little more your setup (release/method of
installation/linux distribution) /issues that you are facing ?
It is OpenStack Queens, on CentOS 7.5, using the packages from the
centos-cloud repo (which I suppose is the same is RDO).
# uname -msr
Linux 3.10.0-862.3.2.el7.x86_64 x86_64
# rpm -qa |grep cloudkitty |sort
openstack-cloudkitty-api-7.0.0-1.el7.noarch
openstack-cloudkitty-common-7.0.0-1.el7.noarch
openstack-cloudkitty-processor-7.0.0-1.el7.noarch
openstack-cloudkitty-ui-7.0.0-1.el7.noarch
python2-cloudkittyclient-1.2.0-1.el7.noarch
It is 'deployed' with custom puppet code only. I follow exactly the
installation guides posted here:
https://docs.openstack.org/cloudkitty/queens/index.html
I'd prefer not to post full config files, but my [keystone_authtoken]
section of cloudkitty.conf is identical (aside from service
credentials) to the ones found in my glance, nova, cinder, neutron,
gnocchi, ceilometer, etc, all of those services are working perfectly.
My processor.log file is full of
2018-08-31 16:38:04.086 30471 WARNING cloudkitty.orchestrator [-]
Error
while collecting service network.floating: SSL exception connecting to
https://keystone.gpcprod:5000/v3/auth/tokens: ("bad handshake:
Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate
verify failed')],)",): SSLError: SSL exception connecting to
https://keystone.gpcprod:5000/v3/auth/tokens: ("bad handshake:
Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate
verify failed')],)",)
2018-08-31 16:38:04.094 30471 WARNING cloudkitty.orchestrator [-]
Error
while collecting service image: SSL exception connecting to
https://keystone.gpcprod:5000/v3/auth/tokens: ("bad handshake:
Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate
verify failed')],)",): SSLError: SSL exception connecting to
https://keystone.gpcprod:5000/v3/auth/tokens: ("bad handshake:
Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate
verify failed')],)",)
and so on
But, I mean, there's other little things too. I can see from running
'openstack --debug rating info-config-get'
that it never even loads the cacert from my env, so it fails talking
to
keystone trying to get a token; the request never even gets to the
cloudkitty api endpoint.
Because we have deployed it/used it many times with SSL without
issue...
It could be great also that you step up on #cloudkitty to discuss it.
Christophe
----
Christophe Sauthier
CEO
Objectif Libre : Au service de votre Cloud
+33 (0) 6 16 98 63 96 | christophe.sauth...@objectif-libre.com
https://www.objectif-libre.com | @objectiflibre
Recevez la Pause Cloud Et DevOps : https://olib.re/abo-pause
Le 2018-08-31 23:15, jonmi...@gmail.com a écrit :
Anyone out there have Cloudkitty successfully working with SSL? By
which I mean that Cloudkitty is able to talk to keystone over https
without cert errors, and also talk to SSL'd rabbitmq? Oh, and the
client tools also?
Asking for a friend...
Jonathan
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
