SSLError HTTPSConnectionPool error while running demo-k8s.sh onap init

 
1
0
-1

Hi,

I am currently facing an SSL Error while trying to init robot framework from ONAP-Dublin OOM.

The Keystone URL is configured in the integration-override.yaml but I see a

SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))

I have attached the integration-override.yamllog.htmltcpdump of the failure.

Would be helpful to know what I might be missing here.

Thanks in advance,

Raj

    CommentAdd your comment...

    3 answers

    1.  
      1
      0
      -1

      Hi,

      Removing the verify as a parameter progressed the Keystone request to go through.

      Progressing forward the Get OpenStack Region function seems to be returning Region with incorrect case (regionOne instead of RegionOne) which resulted in the error here

      I then had to hack it to use RegionOne and that seemed to succeed. Log here

      Thanks for the support.

      Raj

      1. Brian Freeman

        Could you create a Jira to indicate where AAI got the RegionOne region_id - the purpose of that step in robot init is to use the region that is already defined in openstack so "regionOne" is a perfectly valid region_id. If we have something hard coded in robot that mistakenly sets it to RegionOne before the customer put then we need to fix this.

      2. Brian Freeman

        also there is a parameter in robot for that setting so perhaps that just needs to be changes (make robot; make onap) or set  it in integration-override.yaml to match your Open Stack region_id


        root@sb00-nfs:~/oom/kubernetes/robot# grep -R RegionOne *

        values.yaml:openStackRegion: "RegionOne"

      CommentAdd your comment...
    2.  
      1
      0
      -1

      Hi Brian,

      Thanks for the quick reply. That was my first attempt but when I change the parameter to False in the Keystone_interface.py in robot/resource/openstack, the flow doesn't even reach to the CreateSession part. Here's the log for the verify=False

        CommentAdd your comment...
      1.  
        1
        0
        -1

        Looks like your openstack has a unrecognized certificate ?

        I would kubectl exec ino the robot container and set Verify=False in the keystone Create Session lines.


        KEYWORD ${session} = RequestsLibrary . Create Session keystone, ${url}, verify=True

        Documentation:

        Create Session: create a HTTP session to a server

        Start / End / Elapsed:20190813 12:48:02.114 / 20190813 12:48:02.115 / 00:00:00.001
        12:48:02.114TRACEArguments: [ 'keystone' | 'https://ctrl-cee111.seli.gic.ericsson.se:5000' | verify='True' ]
          CommentAdd your comment...