On Fri, 2018-08-31 at 23:20 +0200, Christophe Sauthier wrote: > Hello Jonathan > > Can you describe a little more your setup (release/method of > installation/linux distribution) /issues that you are facing ?
It is OpenStack Queens, on CentOS 7.5, using the packages from the centos-cloud repo (which I suppose is the same is RDO). # uname -msr Linux 3.10.0-862.3.2.el7.x86_64 x86_64 # rpm -qa |grep cloudkitty |sort openstack-cloudkitty-api-7.0.0-1.el7.noarch openstack-cloudkitty-common-7.0.0-1.el7.noarch openstack-cloudkitty-processor-7.0.0-1.el7.noarch openstack-cloudkitty-ui-7.0.0-1.el7.noarch python2-cloudkittyclient-1.2.0-1.el7.noarch It is 'deployed' with custom puppet code only. I follow exactly the installation guides posted here: https://docs.openstack.org/cloudkitty/queens/index.html I'd prefer not to post full config files, but my [keystone_authtoken] section of cloudkitty.conf is identical (aside from service credentials) to the ones found in my glance, nova, cinder, neutron, gnocchi, ceilometer, etc, all of those services are working perfectly. My processor.log file is full of 2018-08-31 16:38:04.086 30471 WARNING cloudkitty.orchestrator [-] Error while collecting service network.floating: SSL exception connecting to https://keystone.gpcprod:5000/v3/auth/tokens: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",): SSLError: SSL exception connecting to https://keystone.gpcprod:5000/v3/auth/tokens: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",) 2018-08-31 16:38:04.094 30471 WARNING cloudkitty.orchestrator [-] Error while collecting service image: SSL exception connecting to https://keystone.gpcprod:5000/v3/auth/tokens: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",): SSLError: SSL exception connecting to https://keystone.gpcprod:5000/v3/auth/tokens: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",) and so on But, I mean, there's other little things too. I can see from running 'openstack --debug rating info-config-get' that it never even loads the cacert from my env, so it fails talking to keystone trying to get a token; the request never even gets to the cloudkitty api endpoint. > > Because we have deployed it/used it many times with SSL without > issue... > > It could be great also that you step up on #cloudkitty to discuss it. > > Christophe > > ---- > Christophe Sauthier > CEO > > Objectif Libre : Au service de votre Cloud > > +33 (0) 6 16 98 63 96 | christophe.sauth...@objectif-libre.com > > https://www.objectif-libre.com | @objectiflibre > Recevez la Pause Cloud Et DevOps : https://olib.re/abo-pause > > Le 2018-08-31 23:15, jonmi...@gmail.com a écrit : > > Anyone out there have Cloudkitty successfully working with SSL? By > > which I mean that Cloudkitty is able to talk to keystone over https > > without cert errors, and also talk to SSL'd rabbitmq? Oh, and the > > client tools also? > > > > Asking for a friend... > > > > > > > > Jonathan > > > > > > _______________________________________________ > > OpenStack-operators mailing list > > OpenStack-operators@lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
