[英]OpenStack KeyStone SSL Exception When Creating an Instance of KeyStone
I create an instance of KeyStone like so: 我像这样创建KeyStone的实例:
import cherrypy
from keystoneauth1 import session as session
from keystoneclient.v3 import client as client
from keystoneauth1.identity import v3
auth = v3.Password(auth_url = KEYSTONE_URL, username = cherrypy.session['username'], password = cherrypy.session['password'], user_domain_name=OPENSTACK_DEFAULT_DOMAIN, project_name = 'admin', project_id = 'c9aee696c4b54f12a645af2c951327dc', project_domain_name = 'default')
sess = session.Session(auth=auth)
keystoneClient = client.Client(session=sess)
When I perform this code as well: 当我也执行此代码时:
projectList = keystoneClient.projects.list()
print projectList
The following error occurs: 发生以下错误:
HTTP Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/cherrypy/_cprequest.py", line 656, in respond
response.body = self.handler()
File "/usr/lib/python2.7/site-packages/cherrypy/lib/encoding.py", line 188, in __call__
self.body = self.oldhandler(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/cherrypy/lib/jsontools.py", line 61, in json_handler
value = cherrypy.serving.request._json_inner_handler(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/cherrypy/_cpdispatch.py", line 34, in __call__
return self.callable(*self.args, **self.kwargs)
File "/var/www/frontend/controllers/api/user.py", line 58, in PUT
projectList = keystoneClient.projects.list()
File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
return wrapped(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneclient/v3/projects.py", line 107, in list
**kwargs)
File "/usr/lib/python2.7/site-packages/keystoneclient/base.py", line 75, in func
return f(*args, **new_kwargs)
File "/usr/lib/python2.7/site-packages/keystoneclient/base.py", line 383, in list
self.collection_key)
File "/usr/lib/python2.7/site-packages/keystoneclient/base.py", line 124, in _list
resp, body = self.client.get(url, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 173, in get
return self.request(url, 'GET', **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 331, in request
resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 98, in request
return self.session.request(url, method, **kwargs)
File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
return wrapped(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 387, in request
auth_headers = self.get_auth_headers(auth)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 647, in get_auth_headers
return auth.get_headers(self, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/plugin.py", line 84, in get_headers
token = self.get_token(session)
File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 90, in get_token
return self.get_access(session).auth_token
File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 136, in get_access
self.auth_ref = self.get_auth_ref(session)
File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/v3/base.py", line 167, in get_auth_ref
authenticated=False, log=False, **rkwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 595, in post
return self.request(url, 'POST', **kwargs)
File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
return wrapped(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 469, in request
resp = send(**kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 507, in _send_request
raise exceptions.SSLError(msg)
SSLError: SSL exception connecting to https://dev-openstack.nubes.rl.ac.uk:5000/v3/auth/tokens: HTTPSConnectionPool(host='dev-openstack.nubes.rl.ac.uk', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
The same occurs whether I do this or I use Nova to list the VMs running, so I'm thinking it's something to do with the authenication maybe, although I could be wrong. 无论我执行此操作还是使用Nova列出正在运行的VM,都会发生相同的情况,因此我认为这可能与身份验证有关,尽管我可能会错。 I would like to understand:
我想了解:
The error seems pretty clear: "certificate verify failed". 该错误似乎很明显:“证书验证失败”。 You have an SSL certificate validation problem.
您有SSL证书验证问题。 You need to place a trusted CA certificate where the
requests
library (used by all OpenStack clients for HTTP operations) will find it, which may be both OS and distribution specific. 您需要在
requests
库(所有OpenStack客户端用于HTTP操作)找到可信任的CA证书的位置,该证书可以是操作系统和发行版特定的。
If you have the Python certifi
module installed, requests
will use that to locate a CA certificate bundle. 如果您安装了Python
certifi
模块,则requests
将使用该模块找到CA证书捆绑包。 If you distribution customizes certifi
appropriately, it will point at the same certificate bundle that is used by other system tools. 如果您发行适当的定制
certifi
,它将指向其他系统工具使用的同一证书捆绑包。 For example, on my (Fedora) system: 例如,在我的(Fedora)系统上:
>>> import certifi
>>> certifi.where()
'/etc/pki/tls/certs/ca-bundle.crt'
If certifi
is available but has not been customized by your distribution, the CA bundle will be the file cacert.pem
contained in the certifi
module directory. 如果
certifi
可用但尚未由您的发行版自定义,则CA软件包将是certifi
模块目录中包含的文件cacert.pem
。
If certifi
is not available, then requests
will default to using it's own cacert.pem
located in the requests
module directory. 如果
certifi
不可用,则requests
将默认使用位于requests
模块目录中的它自己的cacert.pem
。
Your job is to (a) figure out which of those CA bundles is being used and then (b) install the CA certificate used to sign your openstack SSL certificates into that file. 您的工作是(a)找出正在使用的CA捆绑包中的哪个,然后(b)将用于将openstack SSL证书签名的CA证书安装到该文件中。
Alternately, you can set the OS_CACERT
environment file to point to an appropriate certificate bundle. 或者,您可以将
OS_CACERT
环境文件设置为指向适当的证书捆绑包。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.