Bug #14853
closed
Basically all openstack services have clients with a `--insecure` switch, which allow deployments with self signed ssl certs to work. In this case if keystone is terminated with ssl, then radosgw can't communicate it with it as we dont have a switch to use the curl insecure option. Relevant logs:
rgw logs:
2016-02-22 10:11:50.151555 7f34ac7d8700 1 ====== starting new request req=0x7f348c01a840 =====
2016-02-22 10:11:50.151576 7f34ac7d8700 2 req 2:0.000022::GET /swift/v1::initializing for trans_id = tx000000000000000000002-0056cadee6-ebf2-default
2016-02-22 10:11:50.151583 7f34ac7d8700 10 host=d52-54-77-77-77-01.keystone.com
2016-02-22 10:11:50.151585 7f34ac7d8700 20 subdomain= domain= in_hosted_domain=0
2016-02-22 10:11:50.151622 7f34ac7d8700 10 ver=v1 first= req=
2016-02-22 10:11:50.151624 7f34ac7d8700 10 s->object=<NULL> s->bucket=<NULL>
2016-02-22 10:11:50.151630 7f34ac7d8700 2 req 2:0.000076:swift:GET /swift/v1::getting op
2016-02-22 10:11:50.151635 7f34ac7d8700 2 req 2:0.000080:swift:GET /swift/v1:list_buckets:authorizing
2016-02-22 10:11:50.151639 7f34ac7d8700 20 token_id=aa73088ebd5f4584a5eeea8ec29a82c7
2016-02-22 10:11:50.151699 7f34ac7d8700 20 sending request to https://d52-54-77-77-77-01.keystone.com:35357/v2.0/tokens/aa73088ebd5f4584a5eeea8ec29a82c7
2016-02-22 10:11:50.162738 7f34ac7d8700 0 curl_easy_performed returned error: SSL certificate problem: self signed certificate in certificate chain
2016-02-22 10:11:50.162853 7f34ac7d8700 10 failed to authorize request
2016-02-22 10:11:50.162958 7f34ac7d8700 2 req 2:0.011402:swift:GET /swift/v1:list_buckets:http status=401
2016-02-22 10:11:50.162966 7f34ac7d8700 1 ====== req done req=0x7f348c01a840 http_status=401 ======
swift logs:
swift --insecure list
/usr/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py:789: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
/usr/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py:789: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
Account GET failed: http://d52-54-77-77-77-01.g17.cloud.suse.de:8080/swift/v1?format=json 401 Unauthorized {"Code":"AccessDenied"}
- Status changed from New to In Progress
- Assignee set to Abhishek Lekshmanan
- Status changed from In Progress to Fix Under Review
- Status changed from Fix Under Review to Resolved
Also available in: Atom
PDF