Rob, Thank you for the response. It turns out it was a mixture of HTTP and HTTPS not functioning identically when I go through the load balancer to the controllers versus running the code directly on the controller itself. Once I changed the Neutron endpoint to simply use HTTP, it began working.
[cid:41160A80-A359-4D03-B257-CC28E4F51C3F] Chris Mutchler Compute Platform Engineer Adobe 385.345.1038 (tel) 801.722.8555 (cell) [email protected] 3900 Adobe Way Lehi, Utah, 84043, USA www.adobe.com From: Rob Crittenden <[email protected]<mailto:[email protected]>> Date: Monday, April 13, 2015 at 7:24 AM To: Chris Mutchler <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [Openstack] OpenStack Network API SSL error Chris Mutchler wrote: I've been searching Google for several hours tonight and have not found an answer yet to this SSL error message. I am trying to execute the following segment of code: 139 credentials = get_credentials() 140 neutron = client.Client('2.0', 141 username=credentials['username'], 142 password=credentials['password'], 143 auth_url=credentials['auth_url'], 144 tenant_name=credentials['tenant_name'], 145 endpoint_url=credentials['url'], 146 token=credentials['token'], 147 insecure=True) 148 response = neutron.list_ports() When I run the Python script, it errors out with the following: Traceback (most recent call last): File "getMACAddr.py", line 148, in <module> response = neutron.list_ports() File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 111, in with_params ret = self.function(instance, *args, **kwargs) File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 306, in list_ports **_params) File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 1250, in list for r in self._pagination(collection, path, **params): File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 1263, in _pagination res = self.get(path, params=params) File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 1236, in get headers=headers, params=params) File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 1221, in retry_request headers=headers, params=params) File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 1156, in do_request resp, replybody = self.httpclient.do_request(action, method, body=body) File "/usr/lib/python2.7/dist-packages/neutronclient/client.py", line 192, in do_request **kwargs) File "/usr/lib/python2.7/dist-packages/neutronclient/client.py", line 148, in _cs_request raise exceptions.SslCertificateValidationError(reason=e) neutronclient.common.exceptions.SslCertificateValidationError: SSL certificate validation has failed: [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol The /var/log/neutron/server.log file has the following corresponding entry for when the script tries to make the connection: 2015-04-11 07:17:31.941 2096 INFO neutron.wsgi [-] (2096) accepted ('10.27.16.164', 34495) When I run the CLI from the same controller node, I get the error with or without the -insecure flag: root@controller02:/tmp# neutron port-list SSL certificate validation has failed: [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol root@controller02:/tmp# neutron --insecure port-list SSL certificate validation has failed: [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol If I run the CLI command from my local Macbook Pro, it works just fine. Ultimately, I am trying to add a port through the API but I am using the list_ports() as a test until I get it working. Any ideas how to solve this issue? This type of error usually indicates that you're not talking to an SSL-enabled server, but given that it works on one host and not another that adds another twist. What I'd do is add the --debug flag and see if there is any difference between the working and non-working server. And I'd probably also try the curl command that --debug spits out. rob
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
