gpt4 book ai didi

python - 创建 KeyStone 实例时 OpenStack KeyStone SSL 异常

转载 作者:太空宇宙 更新时间:2023-11-03 13:14:53 25 4
gpt4 key购买 nike

我像这样创建一个 KeyStone 实例:

import cherrypy    
from keystoneauth1 import session as session
from keystoneclient.v3 import client as client
from keystoneauth1.identity import v3

auth = v3.Password(auth_url = KEYSTONE_URL, username = cherrypy.session['username'], password = cherrypy.session['password'], user_domain_name=OPENSTACK_DEFAULT_DOMAIN, project_name = 'admin', project_id = 'c9aee696c4b54f12a645af2c951327dc', project_domain_name = 'default')
sess = session.Session(auth=auth)
keystoneClient = client.Client(session=sess)

当我也执行此代码时:

projectList = keystoneClient.projects.list()
print projectList

出现以下错误:

    HTTP Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/cherrypy/_cprequest.py", line 656, in respond
response.body = self.handler()
File "/usr/lib/python2.7/site-packages/cherrypy/lib/encoding.py", line 188, in __call__
self.body = self.oldhandler(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/cherrypy/lib/jsontools.py", line 61, in json_handler
value = cherrypy.serving.request._json_inner_handler(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/cherrypy/_cpdispatch.py", line 34, in __call__
return self.callable(*self.args, **self.kwargs)
File "/var/www/frontend/controllers/api/user.py", line 58, in PUT
projectList = keystoneClient.projects.list()
File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
return wrapped(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneclient/v3/projects.py", line 107, in list
**kwargs)
File "/usr/lib/python2.7/site-packages/keystoneclient/base.py", line 75, in func
return f(*args, **new_kwargs)
File "/usr/lib/python2.7/site-packages/keystoneclient/base.py", line 383, in list
self.collection_key)
File "/usr/lib/python2.7/site-packages/keystoneclient/base.py", line 124, in _list
resp, body = self.client.get(url, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 173, in get
return self.request(url, 'GET', **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 331, in request
resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 98, in request
return self.session.request(url, method, **kwargs)
File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
return wrapped(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 387, in request
auth_headers = self.get_auth_headers(auth)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 647, in get_auth_headers
return auth.get_headers(self, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/plugin.py", line 84, in get_headers
token = self.get_token(session)
File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 90, in get_token
return self.get_access(session).auth_token
File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 136, in get_access
self.auth_ref = self.get_auth_ref(session)
File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/v3/base.py", line 167, in get_auth_ref
authenticated=False, log=False, **rkwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 595, in post
return self.request(url, 'POST', **kwargs)
File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
return wrapped(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 469, in request
resp = send(**kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 507, in _send_request
raise exceptions.SSLError(msg)
SSLError: SSL exception connecting to https://dev-openstack.nubes.rl.ac.uk:5000/v3/auth/tokens: HTTPSConnectionPool(host='dev-openstack.nubes.rl.ac.uk', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))

无论我这样做还是使用 Nova 列出正在运行的虚拟机,都会发生同样的情况,所以我认为这可能与身份验证有关,尽管我可能是错的。我想了解:

  • 为什么会这样?
  • 我需要做什么才能让它发挥作用?

最佳答案

错误似乎很明显:“证书验证失败”。您遇到 SSL 证书验证问题。您需要将受信任的 CA 证书放在 requests 的位置库(由所有 OpenStack 客户端用于 HTTP 操作)会找到它,它可能是特定于操作系统和发行版的。

如果你有 Python certifi已安装模块,requests将使用它来定位 CA 证书包。如果你分发自定义certifi适本地,它将指向其他系统工具使用的相同证书包。例如,在我的 (Fedora) 系统上:

>>> import certifi
>>> certifi.where()
'/etc/pki/tls/certs/ca-bundle.crt'

如果certifi可用但尚未由您的发行版自定义,CA 包将是文件 cacert.pem包含在 certifi模块目录。

如果certifi不可用,则 requests将默认使用它自己的 cacert.pem位于 requests模块目录。

您的工作是 (a) 确定正在使用哪些 CA bundle ,然后 (b) 将用于签署 openstack SSL 证书的 CA 证书安装到该文件中。

或者,您可以设置 OS_CACERT环境文件以指向适当的证书包。

另见 this bug

关于python - 创建 KeyStone 实例时 OpenStack KeyStone SSL 异常,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46849667/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com