1. 首頁
  2. 問答
  3. 開棧的KeyStone SSL異常,當創建的KeyStone

開棧的KeyStone SSL異常,當創建的KeyStone

2017-10-20 57 views
1

的實例創建的KeyStone的實例如下所示:開棧的KeyStone SSL異常,當創建的KeyStone

import cherrypy  
from keystoneauth1 import session as session 
from keystoneclient.v3 import client as client 
from keystoneauth1.identity import v3 

auth = v3.Password(auth_url = KEYSTONE_URL, username = cherrypy.session['username'], password = cherrypy.session['password'], user_domain_name=OPENSTACK_DEFAULT_DOMAIN, project_name = 'admin', project_id = 'c9aee696c4b54f12a645af2c951327dc', project_domain_name = 'default') 
sess = session.Session(auth=auth) 
keystoneClient = client.Client(session=sess)

當我執行此代碼,以及:發生

projectList = keystoneClient.projects.list() 
print projectList

以下錯誤:

HTTP Traceback (most recent call last): 
    File "/usr/lib/python2.7/site-packages/cherrypy/_cprequest.py", line 656, in respond 
    response.body = self.handler() 
    File "/usr/lib/python2.7/site-packages/cherrypy/lib/encoding.py", line 188, in __call__ 
    self.body = self.oldhandler(*args, **kwargs) 
    File "/usr/lib/python2.7/site-packages/cherrypy/lib/jsontools.py", line 61, in json_handler 
    value = cherrypy.serving.request._json_inner_handler(*args, **kwargs) 
    File "/usr/lib/python2.7/site-packages/cherrypy/_cpdispatch.py", line 34, in __call__ 
    return self.callable(*self.args, **self.kwargs) 
    File "/var/www/frontend/controllers/api/user.py", line 58, in PUT 
    projectList = keystoneClient.projects.list() 
    File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner 
    return wrapped(*args, **kwargs) 
    File "/usr/lib/python2.7/site-packages/keystoneclient/v3/projects.py", line 107, in list 
    **kwargs) 
    File "/usr/lib/python2.7/site-packages/keystoneclient/base.py", line 75, in func 
    return f(*args, **new_kwargs) 
    File "/usr/lib/python2.7/site-packages/keystoneclient/base.py", line 383, in list 
    self.collection_key) 
    File "/usr/lib/python2.7/site-packages/keystoneclient/base.py", line 124, in _list 
    resp, body = self.client.get(url, **kwargs) 
    File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 173, in get 
    return self.request(url, 'GET', **kwargs) 
    File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 331, in request 
    resp = super(LegacyJsonAdapter, self).request(*args, **kwargs) 
    File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 98, in request 
    return self.session.request(url, method, **kwargs) 
    File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner 
    return wrapped(*args, **kwargs) 
    File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 387, in request 
    auth_headers = self.get_auth_headers(auth) 
    File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 647, in get_auth_headers 
    return auth.get_headers(self, **kwargs) 
    File "/usr/lib/python2.7/site-packages/keystoneauth1/plugin.py", line 84, in get_headers 
    token = self.get_token(session) 
    File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 90, in get_token 
    return self.get_access(session).auth_token 
    File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 136, in get_access 
    self.auth_ref = self.get_auth_ref(session) 
    File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/v3/base.py", line 167, in get_auth_ref 
    authenticated=False, log=False, **rkwargs) 
    File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 595, in post 
    return self.request(url, 'POST', **kwargs) 
    File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner 
    return wrapped(*args, **kwargs) 
    File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 469, in request 
    resp = send(**kwargs) 
    File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 507, in _send_request 
    raise exceptions.SSLError(msg) 
SSLError: SSL exception connecting to https://dev-openstack.nubes.rl.ac.uk:5000/v3/auth/tokens: HTTPSConnectionPool(host='dev-openstack.nubes.rl.ac.uk', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))

無論我這樣做,還是使用Nova來列出運行的虛擬機,都會發生同樣的情況,所以我認爲它是一些可能與認證有關,儘管我可能是錯的。 我想了解:

  • 爲什麼會發生這種情況?
  • 我需要爲它做些什麼?

來源

2017-10-20 MRichards

回答

2

錯誤似乎很清楚:「證書驗證失敗」。您有SSL證書驗證問題。您需要放置可信的CA證書,其中requests庫(所有OpenStack客戶端用於HTTP操作)都會找到它,這可能是操作系統和分發特定的。

如果您已經安裝了Python certifi模塊,requests將用它來定位CA證書捆綁。如果您的發行版適當地自定義certifi,它將指向其他系統工具使用的相同證書包。例如,我(的Fedora)系統:

>>> import certifi 
>>> certifi.where() 
'/etc/pki/tls/certs/ca-bundle.crt'

如果certifi是有的,但還沒有被你的發行版定做,CA束將包含在certifi模塊目錄中的文件cacert.pem

如果certifi不可用,那麼requests將默認使用它自己的cacert.pem地處requests模塊目錄。

您的工作是(a)找出正在使用哪些CA軟件包,然後(b)將用於簽署OpenStack SSL證書的CA證書安裝到該文件中。

或者,您可以將OS_CACERT環境文件設置爲指向適當的證書包。請參閱this bug

來源

2017-10-20 13:19:22 larsks

相關問題

 相關問題