Are you using a tls proxy in front of Nova API? if so, you need to
adjust the osapi compute_link_prefix -
https://docs.openstack.org/ocata/config-reference/compute/api.html to be
the https url, otherwise it will autodetect as http. The ec2-service (or
novaclient) is probably doing link following from returned links, and
thus fails hitting the http ones.
-Sean
On 06/07/2017 12:18 PM, Massimo Sgaravatto wrote:
> Hi
>
> We are trying to configure the ec2-service on a Ocata OpenStack
> installation.
>
> If I try a euca-describe-images it works, but if I try to get the list
> of instances (euca-describe-instances) it fails.
> Looking at the log [*], it looks like to me that it initially uses the
> correct nova endpoint:
>
> https://cloud-areapd-test.pd.infn.it:8774/v2.1
>
> but then it tries to use:
>
> http://cloud-areapd-test.pd.infn.it:8774/v2.1
>
> i.e. http instead of https, and the connection fails, as expected.
> I am not able to understand why it tries to use that endpoint ...
>
> Any hints ?
>
> Thanks, Massimo
>
>
> [*]
> 2017-06-07 18:10:10.371 16470 DEBUG ec2api.wsgi.server [-] (16470)
> accepted ('192.168.60.24', 45185) server
> /usr/lib/python2.7/site-packages/eventlet/wsgi.py:867
> 2017-06-07 18:10:10.549 16470 DEBUG ec2api.api
> [req-7aa79c03-bf95-4e4d-9795-0c7d2d2b84a2
> 30de175a645a4258984bdb89cbf436f5 b9629ae5c480455397cfaa5ab0c2db43 - - -]
> action: DescribeInstances __call__
> /usr/lib/python2.7/site-packages/ec2api/api/__init__.py:286
> 2017-06-07 18:10:10.565 16470 DEBUG novaclient.v2.client
> [req-7aa79c03-bf95-4e4d-9795-0c7d2d2b84a2
> 30de175a645a4258984bdb89cbf436f5 b9629ae5c480455397cfaa5ab0c2db43 - - -]
> REQ: curl -g -i --cacert
> "/etc/grid-security/certificates/INFN-CA-2015.pem" -X GET
> https://cloud-areapd-test.pd.infn.it:8774/v2.1 -H "User-Agent:
> python-novaclient" -H "Accept: application/json" -H
> "X-OpenStack-Nova-API-Version: 2.1" -H "X-Auth-Token:
> {SHA1}9f9eb3c7cea14ac54b243338281afa0a59b3d06b" _http_log_request
> /usr/lib/python2.7/site-packages/keystoneclient/session.py:216
> 2017-06-07 18:10:11.320 16470 DEBUG novaclient.v2.client
> [req-7aa79c03-bf95-4e4d-9795-0c7d2d2b84a2
> 30de175a645a4258984bdb89cbf436f5 b9629ae5c480455397cfaa5ab0c2db43 - - -]
> RESP: [302] Content-Type: text/plain; charset=utf8 Location:
> http://cloud-areapd-test.pd.infn.it:8774/v2.1/ X-Compute-Request-Id:
> req-6ed38429-784b-4fc9-a80d-f886b106ba6e Content-Length: 0 Date: Wed, 07
> Jun 2017 16:10:11 GMT Connection: close
> RESP BODY: Omitted, Content-Type is set to text/plain; charset=utf8.
> Only application/json responses have their bodies logged.
> _http_log_response
> /usr/lib/python2.7/site-packages/keystoneclient/session.py:256
> 2017-06-07 18:10:11.323 16470 ERROR ec2api.api
> [req-7aa79c03-bf95-4e4d-9795-0c7d2d2b84a2
> 30de175a645a4258984bdb89cbf436f5 b9629ae5c480455397cfaa5ab0c2db43 - - -]
> Unexpected ConnectFailure raised: Unable to establish connection to
> http://cloud-areapd-test.pd.infn.it:8774/v2.1/
> 2017-06-07 18:10:11.323 16470 ERROR ec2api.api Traceback (most recent
> call last):
>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
--
Sean Dague
http://dague.net
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
