http://bugzilla.suse.com/show_bug.cgi?id=960739 Bug ID: 960739 Summary: OpenStack nova ends with traceback when connecting to server with custom SUSE certificate Classification: openSUSE Product: openSUSE Tumbleweed Version: 2015* Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: bnc-team-screening@forge.provo.novell.com Reporter: mnowak@suse.com QA Contact: qa-bugs@suse.de CC: mkravec@suse.com, pgonin@suse.com Found By: --- Blocker: --- I try to connect to cloud.suse.de on Tumbleweed but I end up with traceback: $ nova --debug image-list DEBUG (session:198) REQ: curl -g -i -X GET https://dashboardp2.cloud.suse.de:5000/v2.0/ -H "Accept: application/json" -H "User-Agent: python-keystoneclient" INFO (connectionpool:756) Starting new HTTPS connection (1): dashboardp2.cloud.suse.de WARNING (base:143) Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL. DEBUG (v2:86) Making authentication request to https://dashboardp2.cloud.suse.de:5000/v2.0/tokens INFO (connectionpool:756) Starting new HTTPS connection (2): dashboardp2.cloud.suse.de DEBUG (shell:905) SSL exception connecting to https://dashboardp2.cloud.suse.de:5000/v2.0/tokens: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/novaclient/shell.py", line 903, in main OpenStackComputeShell().main(argv) File "/usr/lib/python2.7/site-packages/novaclient/shell.py", line 737, in main api_version = api_versions.discover_version(self.cs, api_version) File "/usr/lib/python2.7/site-packages/novaclient/api_versions.py", line 253, in discover_version client) File "/usr/lib/python2.7/site-packages/novaclient/api_versions.py", line 235, in _get_server_version_range version = client.versions.get_current() File "/usr/lib/python2.7/site-packages/novaclient/v2/versions.py", line 62, in get_current return self._get_current() File "/usr/lib/python2.7/site-packages/novaclient/v2/versions.py", line 43, in _get_current url = self.api.client.get_endpoint().rsplit("/", 1)[0] File "/usr/lib/python2.7/site-packages/keystoneclient/adapter.py", line 129, in get_endpoint return self.session.get_endpoint(auth or self.auth, **kwargs) File "/usr/lib/python2.7/site-packages/keystoneclient/session.py", line 660, in get_endpoint return auth.get_endpoint(self, **kwargs) File "/usr/lib/python2.7/site-packages/keystoneclient/auth/identity/base.py", line 315, in get_endpoint service_catalog = self.get_access(session).service_catalog File "/usr/lib/python2.7/site-packages/keystoneclient/auth/identity/base.py", line 240, in get_access self.auth_ref = self.get_auth_ref(session) File "/usr/lib/python2.7/site-packages/keystoneclient/auth/identity/generic/base.py", line 186, in get_auth_ref return self._plugin.get_auth_ref(session, **kwargs) File "/usr/lib/python2.7/site-packages/keystoneclient/auth/identity/v2.py", line 88, in get_auth_ref authenticated=False, log=False) File "/usr/lib/python2.7/site-packages/keystoneclient/session.py", line 501, in post return self.request(url, 'POST', **kwargs) File "/usr/lib/python2.7/site-packages/keystoneclient/utils.py", line 337, in inner return func(*args, **kwargs) File "/usr/lib/python2.7/site-packages/keystoneclient/session.py", line 386, in request resp = send(**kwargs) File "/usr/lib/python2.7/site-packages/keystoneclient/session.py", line 424, in _send_request raise exceptions.SSLError(msg) SSLError: SSL exception connecting to https://dashboardp2.cloud.suse.de:5000/v2.0/tokens: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) ERROR (SSLError): SSL exception connecting to https://dashboardp2.cloud.suse.de:5000/v2.0/tokens: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) Packages: python-openstackclient-1.7.1-1.1.noarch python-novaclient-2.30.1-1.1.noarch python-neutronclient-3.1.0-1.1.noarch python-glanceclient-1.1.0-1.1.noarch python-cinderclient-1.4.0-1.1.noarch python-troveclient-1.3.0-1.1.noarch python-keystoneclient-1.7.2-1.1.noarch python-swiftclient-2.6.0-1.1.noarch python-heatclient-0.8.0-1.1.noarch python-ceilometerclient-1.5.0-1.1.noarch python-saharaclient-0.11.1-1.1.noarch ca-certificates-suse-1.0-5.1.noarch *-openrc.sh file is properly sourced in the terminal. `nova --insecure image-list` works but prints a lot of InsecureRequestWarning warnings. -- You are receiving this mail because: You are on the CC list for the bug.