Public bug reported:
Steps to reproduce: 1. Deploy glance service in SSL mode 2. Set below extra env variable OS_CACERT=/etc/ssl/openstack/ca.crt OS_CERT=/etc/ssl/openstack/client3.crt OS_KEY=/etc/ssl/openstack/client3.key 3. Try to use this command: glance image-list SSL exception connecting to https://pike-c7:9292/v2/images?limit=20&sort_key=name&sort_dir=asc: ("bad handshake: Error([('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure')],)",) If I enable debug: glance --debug image-list DEBUG:keystoneauth.session:REQ: curl -g -i -X GET https://pike-c7:9292/v2/images?limit=20&sort_key=name&sort_dir=asc -H "User-Agent: python-glanceclient" -H "Content-Type: application/octet-stream" -H "X-Auth-Token: {SHA1}d41d9e001959c67c31eca98d67a65d048f13a1f4" INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): pike-c7 Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/glanceclient/shell.py", line 699, in main OpenStackImagesShell().main(argv) File "/usr/lib/python2.7/site-packages/glanceclient/shell.py", line 603, in main args.func(client, args) File "/usr/lib/python2.7/site-packages/glanceclient/v2/shell.py", line 237, in do_image_list utils.print_list(images, columns) File "/usr/lib/python2.7/site-packages/glanceclient/common/utils.py", line 185, in print_list for o in objs: File "/usr/lib/python2.7/site-packages/glanceclient/common/utils.py", line 524, in next return self._next() File "/usr/lib/python2.7/site-packages/glanceclient/common/utils.py", line 517, in _next obj, resp = next(self._self_wrapped) File "/usr/lib/python2.7/site-packages/glanceclient/v2/images.py", line 183, in list for image, resp in paginate(url, page_size, limit): File "/usr/lib/python2.7/site-packages/glanceclient/v2/images.py", line 110, in paginate resp, body = self.http_client.get(next_url, headers=req_id_hdr) File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 288, in get return self.request(url, 'GET', **kwargs) File "/usr/lib/python2.7/site-packages/glanceclient/common/http.py", line 335, in request **kwargs) File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 192, in request return self.session.request(url, method, **kwargs) File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner return wrapped(*args, **kwargs) File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 703, in request resp = send(**kwargs) File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 765, in _send_request raise exceptions.SSLError(msg) SSLError: SSL exception connecting to https://pike-c7:9292/v2/images?limit=20&sort_key=name&sort_dir=asc: ("bad handshake: Error([('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure')],)",) SSL exception connecting to https://pike-c7:9292/v2/images?limit=20&sort_key=name&sort_dir=asc: ("bad handshake: Error([('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure')],)",) But if I input three parameters in command line, It can display result: glance --os-cacert /etc/ssl/openstack/ca.crt --os-cert /etc/ssl/openstack/client3.crt --os-key /etc/ssl/openstack/client3.key image-list +--------------------------------------+-------------------------+ | ID | Name | +--------------------------------------+-------------------------+ | 9f3c23db-5d67-4aba-9dd2-aec5287f5f1c | cirros | | 3664023e-9db6-44a3-9e18-86d14ade5784 | cloud-template-centos73 | | | | | c3a7f251-6ede-41df-b75f-a9257d1b71ef | cloud-template-rhel73 | | | | +--------------------------------------+-------------------------+ It seems that glance client didn't read certificate and/or key file from env variable. Version: Pike on CentOS 7 (OpenStack-Pike release in CentOS delivery) python2-glanceclient-2.8.0-1.el7.noarch ** Affects: glance Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1720049 Title: glance image-list command failed when ssl enabled in glance service Status in Glance: New Bug description: Steps to reproduce: 1. Deploy glance service in SSL mode 2. Set below extra env variable OS_CACERT=/etc/ssl/openstack/ca.crt OS_CERT=/etc/ssl/openstack/client3.crt OS_KEY=/etc/ssl/openstack/client3.key 3. Try to use this command: glance image-list SSL exception connecting to https://pike-c7:9292/v2/images?limit=20&sort_key=name&sort_dir=asc: ("bad handshake: Error([('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure')],)",) If I enable debug: glance --debug image-list DEBUG:keystoneauth.session:REQ: curl -g -i -X GET https://pike-c7:9292/v2/images?limit=20&sort_key=name&sort_dir=asc -H "User-Agent: python-glanceclient" -H "Content-Type: application/octet-stream" -H "X-Auth-Token: {SHA1}d41d9e001959c67c31eca98d67a65d048f13a1f4" INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): pike-c7 Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/glanceclient/shell.py", line 699, in main OpenStackImagesShell().main(argv) File "/usr/lib/python2.7/site-packages/glanceclient/shell.py", line 603, in main args.func(client, args) File "/usr/lib/python2.7/site-packages/glanceclient/v2/shell.py", line 237, in do_image_list utils.print_list(images, columns) File "/usr/lib/python2.7/site-packages/glanceclient/common/utils.py", line 185, in print_list for o in objs: File "/usr/lib/python2.7/site-packages/glanceclient/common/utils.py", line 524, in next return self._next() File "/usr/lib/python2.7/site-packages/glanceclient/common/utils.py", line 517, in _next obj, resp = next(self._self_wrapped) File "/usr/lib/python2.7/site-packages/glanceclient/v2/images.py", line 183, in list for image, resp in paginate(url, page_size, limit): File "/usr/lib/python2.7/site-packages/glanceclient/v2/images.py", line 110, in paginate resp, body = self.http_client.get(next_url, headers=req_id_hdr) File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 288, in get return self.request(url, 'GET', **kwargs) File "/usr/lib/python2.7/site-packages/glanceclient/common/http.py", line 335, in request **kwargs) File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 192, in request return self.session.request(url, method, **kwargs) File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner return wrapped(*args, **kwargs) File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 703, in request resp = send(**kwargs) File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 765, in _send_request raise exceptions.SSLError(msg) SSLError: SSL exception connecting to https://pike-c7:9292/v2/images?limit=20&sort_key=name&sort_dir=asc: ("bad handshake: Error([('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure')],)",) SSL exception connecting to https://pike-c7:9292/v2/images?limit=20&sort_key=name&sort_dir=asc: ("bad handshake: Error([('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure')],)",) But if I input three parameters in command line, It can display result: glance --os-cacert /etc/ssl/openstack/ca.crt --os-cert /etc/ssl/openstack/client3.crt --os-key /etc/ssl/openstack/client3.key image-list +--------------------------------------+-------------------------+ | ID | Name | +--------------------------------------+-------------------------+ | 9f3c23db-5d67-4aba-9dd2-aec5287f5f1c | cirros | | 3664023e-9db6-44a3-9e18-86d14ade5784 | cloud-template-centos73 | | | | | c3a7f251-6ede-41df-b75f-a9257d1b71ef | cloud-template-rhel73 | | | | +--------------------------------------+-------------------------+ It seems that glance client didn't read certificate and/or key file from env variable. Version: Pike on CentOS 7 (OpenStack-Pike release in CentOS delivery) python2-glanceclient-2.8.0-1.el7.noarch To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1720049/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
