MCV

As a services engineer, I need tool which finds whether keystone SSL issue exists

Registered by Oleksandr Kyrylchuk on 2015-09-02

There is a known and quite common keystone SSL issue, which can be identified based on logs. Example of faulty log:

{noformat}
<188>Aug 8 00:50:58 node-18 keystone-keystone.common.controller WARNING: RBAC: Bypassing authorization
<187>Aug 8 00:50:58 node-18 keystone-keystoneclient.common.cms ERROR: Signing error: Error opening signer certificate /etc/keystone/ssl/certs/signing_cert.pem
140507666065224:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/keystone/ssl/certs/signing_cert.pem','r')
140507666065224:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load certificate
<187>Aug 8 00:50:58 node-18 keystone-keystone.common.wsgi ERROR: Command 'openssl' returned non-zero exit status 3
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/keystone/common/wsgi.py", line 207, in __call__
    result = method(context, **params)
  File "/usr/lib/python2.6/site-packages/keystone/common/controller.py", line 152, in inner
    return f(self, context, *args, **kwargs)
  File "/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 436, in revocation_list
    CONF.signing.keyfile)
  File "/usr/lib/python2.6/site-packages/keystoneclient/common/cms.py", line 242, in cms_sign_text
    raise subprocess.CalledProcessError(retcode, "openssl")
CalledProcessError: Command 'openssl' returned non-zero exit status 3
<190>Aug 8 00:50:58 node-18 keystone-eventlet.wsgi.server INFO: 10.30.0.2 - - [08/Aug/2014 09:50:58] "GET /v2.0/tokens/revoked HTTP/1.1" 500 291 0.022805
<188>Aug 8 00:53:58 node-18 keystone-keystone.common.controller WARNING: RBAC: Bypassing authorization
<187>Aug 8 00:53:58 node-18 keystone-keystoneclient.common.cms ERROR: Signing error: Error opening signer certificate /etc/keystone/ssl/certs/signing_cert.pem
139865734448968:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/keystone/ssl/certs/signing_cert.pem','r')
139865734448968:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load certificate
{noformat}

The tool should return human-readable result, or be part of a more complex log analysis tool.

Read the full specification

Blueprint information

Status:: Complete

Approver:: None

Priority:: Undefined

Drafter:: Oleksandr Kyrylchuk

Direction:: Needs approval

Assignee:: Oleksandr Kyrylchuk

Definition:: New

Series goal:: None

Implementation:: Implemented

Milestone target:: None

Started by: Oleksandr Kyrylchuk on 2015-12-11

Completed by: Oleksandr Kyrylchuk on 2015-12-11

Related branches

Related bugs

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.