Does the OpenStack plugin work with an https keystone endpoint?
ftcjeff opened this issue · 7 comments
I have set up an OpenStack instance (HPE Helion OpenStack) and all of its endpoints are https-based. Does the OpenBaton OpenStack VIM Driver work with that? I received this message when I tried to register the VIM:
ERROR: HTTP status: 422 response data : {"code":"Bad Request","message":"Not listed Images successfully of VimInstance HOS VIM. Caused by: org.openbaton.exceptions.VimDriverException: Received fatal alert: handshake_failure connecting to POST https://10.70.2.27:5000/v2.0/tokens HTTP/1.1"}
Unfortunately I can't access the logs at the moment, but I was wondering if you've run into this before.
Hi @ftcjeff
I merged a pull request #3 that disable the check for ssl self signed certificates. This should mean that https is supported. Anyway we are completely relying on the jCloud library so you can have a look in their documentation too.
But we never tried with HPE Openstack, so it could also be a versioning issue.
Okay, thank you @lorenzotomasini. I built this OpenBaton instance yesterday, so it should definitely have that PR included... Weird, I'll keep looking. Thanks!
It looks like the cert check setting is defaulted correctly (at least according to the logs):
[main] DEBUG org.openbaton.clients.interfaces.client.openstack.OpenstackClient - Loading properties
[main] DEBUG org.openbaton.clients.interfaces.client.openstack.OpenstackClient - external-properties-file: /etc/openbaton/plugin/openstack/driver.properties doesn't exist
[main] DEBUG org.openbaton.clients.interfaces.client.openstack.OpenstackClient - Loaded properties: {external-properties-file=/etc/openbaton/plugin/openstack/driver.properties, type=openstack, disable-ssl-certificate-checks=true, dns-nameserver=8.8.8.8}
[main] DEBUG org.openbaton.clients.interfaces.client.openstack.OpenstackClient - Disable SSL certificate checks: true
Here's the stack trace if it helps:
[pool-1-thread-8] DEBUG org.openbaton.clients.interfaces.client.openstack.OpenstackClient - Listing images for VimInstance with name: HOS VIM
[pool-1-thread-8] DEBUG org.jclouds.rest.internal.InvokeHttpMethod - >> invoking AuthenticationApi.authenticateWithTenantNameAndCredentials
[pool-1-thread-8] DEBUG org.jclouds.http.internal.JavaUrlHttpCommandExecutorService - Sending request 1789330398: POST https://10.70.2.27:5000/v2.0/tokens HTTP/1.1
[pool-1-thread-8] ERROR org.jclouds.http.internal.JavaUrlHttpCommandExecutorService - Command not considered safe to retry because request method is POST: [method=org.jclouds.openstack.keystone.v2_0.AuthenticationApi.public abstract org.jclouds.openstack.keystone.v2_0.domain.Access org.jclouds.openstack.keystone.v2_0.AuthenticationApi.authenticateWithTenantNameAndCredentials(java.lang.String,org.jclouds.openstack.keystone.v2_0.domain.PasswordCredentials)[admin, PasswordCredentials{username=admin, password=*****}], request=POST https://10.70.2.27:5000/v2.0/tokens HTTP/1.1]
[pool-1-thread-8] ERROR org.openbaton.clients.interfaces.client.openstack.OpenstackClient - Received fatal alert: handshake_failure connecting to POST https://10.70.2.27:5000/v2.0/tokens HTTP/1.1
org.jclouds.http.HttpResponseException: Received fatal alert: handshake_failure connecting to POST https://10.70.2.27:5000/v2.0/tokens HTTP/1.1
at org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseHttpCommandExecutorService.java:117)
at org.jclouds.rest.internal.InvokeHttpMethod.invoke(InvokeHttpMethod.java:90)
at org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.java:73)
at org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.java:44)
at org.jclouds.rest.internal.DelegatesToInvocationFunction.handle(DelegatesToInvocationFunction.java:156)
at org.jclouds.rest.internal.DelegatesToInvocationFunction.invoke(DelegatesToInvocationFunction.java:123)
at com.sun.proxy.$Proxy57.authenticateWithTenantNameAndCredentials(Unknown Source)
at org.jclouds.openstack.keystone.v2_0.functions.AuthenticatePasswordCredentials.authenticateWithTenantName(AuthenticatePasswordCredentials.java:43)
at org.jclouds.openstack.keystone.v2_0.functions.AuthenticatePasswordCredentials.authenticateWithTenantName(AuthenticatePasswordCredentials.java:31)
at org.jclouds.openstack.keystone.v2_0.functions.internal.BaseAuthenticator.apply(BaseAuthenticator.java:79)
at org.jclouds.openstack.keystone.v2_0.functions.internal.BaseAuthenticator.apply(BaseAuthenticator.java:36)
at com.google.common.cache.CacheLoader$FunctionToCacheLoader.load(CacheLoader.java:148)
at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3524)
140,2-9 42%
at org.jclouds.rest.internal.DelegatesToInvocationFunction.getInstanceOfTypeWithQualifier(DelegatesToInvocationFunction.java:277)
at org.jclouds.rest.internal.DelegatesToInvocationFunction.lookupValueFromGuice(DelegatesToInvocationFunction.java:234)
at org.jclouds.rest.internal.DelegatesToInvocationFunction.handle(DelegatesToInvocationFunction.java:152)
at org.jclouds.rest.internal.DelegatesToInvocationFunction.invoke(DelegatesToInvocationFunction.java:123)
at com.sun.proxy.$Proxy67.getConfiguredRegions(Unknown Source)
at org.openbaton.clients.interfaces.client.openstack.OpenstackClient.getZone(OpenstackClient.java:213)
at org.openbaton.clients.interfaces.client.openstack.OpenstackClient.listImages(OpenstackClient.java:509)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.openbaton.plugin.PluginListener.executeMethod(PluginListener.java:204)
at org.openbaton.plugin.PluginListener.run(PluginListener.java:126)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1989)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1096)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1342)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1369)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1353)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1139)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.writePayloadToConnection(JavaUrlHttpCommandExecutorService.java:294)
at org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.convert(JavaUrlHttpCommandExecutorService.java:170)
at org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.convert(JavaUrlHttpCommandExecutorService.java:64)
at org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseHttpCommandExecutorService.java:95)
... 62 more
[pool-1-thread-8] DEBUG org.openbaton.clients.interfaces.client.openstack.OpenstackClient - Answer is: {
"exception": {
"detailMessage": "Received fatal alert: handshake_failure connecting to POST https://10.70.2.27:5000/v2.0/tokens HTTP/1.1",
"stackTrace": [],
"suppressedExceptions": []
}
}
Any thoughts about this? I can't get past the handshake error. I've looked at some options from a few jclouds boards, but nothing has shown any promise.
ubuntu@openbaton:~$ curl --insecure https://10.70.2.27:5000/v2.0
{"version": {"status": "stable", "updated": "2014-04-17T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v2.0+json"}], "id": "v2.0", "links": [{"href": "https://10.70.2.27:5000/v2.0/", "rel": "self"}, {"href": "http://docs.openstack.org/", "type": "text/html", "rel": "describedby"}]}}
ubuntu@openbaton:~$ curl --insecure https://10.70.2.27:5000/v3
{"version": {"status": "stable", "updated": "2016-04-04T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.6", "links": [{"href": "https://10.70.2.27:5000/v3/", "rel": "self"}]}}
have you tried downloading and installing the certificate in the local JVM? usually that's done via keytool and it is needed unless disabling completely security mechanisms..
I believe so! I keytool --imported what I believe is the correct certificate.
Hi. Even I too face the same issue. Is this issue resolved by any chance?