(I use IPv6_Address
instead of real IP address)
.openrc
setting:
export OS_CLOUD=mycloud
export OS_USERNAME=myusername
export OS_PASSWORD=mypassword
export OS_PROJECT_NAME=myproject
export OS_AUTH_URL=https://[IPv6_Address]:5000/v3
If set this config in the clouds.yml
file:
mycloud:
identity_api_version: "3"
region_name: RegionOne
verify: False
auth:
auth_url: https://[IPv6_Address]:5000/v3
user_domain_name: "Default"
project_name: "myproject"
project_domain_name: "default"
Run openstack server list
can work. But this time run nova list
got
No handlers could be found for logger "keystoneauth.identity.generic.base"
ERROR (SSLError): SSL exception connecting to https://[IPv6_Address]:5000/v3/auth/tokens: HTTPSConnectionPool(host='IPv6_Address', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
Try nova list --insecure
got
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
usage: nova [--version] [--debug] [--os-cache] [--timings]
[--os-region-name <region-name>] [--service-type <service-type>]
[--service-name <service-name>]
[--os-endpoint-type <endpoint-type>]
[--os-compute-api-version <compute-api-ver>]
[--os-endpoint-override <bypass-url>] [--insecure]
[--os-cacert <ca-certificate>] [--os-cert <certificate>]
[--os-key <key>] [--timeout <seconds>] [--collect-timing]
[--os-auth-type <name>] [--os-auth-url OS_AUTH_URL]
[--os-system-scope OS_SYSTEM_SCOPE] [--os-domain-id OS_DOMAIN_ID]
[--os-domain-name OS_DOMAIN_NAME] [--os-project-id OS_PROJECT_ID]
[--os-project-name OS_PROJECT_NAME]
[--os-project-domain-id OS_PROJECT_DOMAIN_ID]
[--os-project-domain-name OS_PROJECT_DOMAIN_NAME]
[--os-trust-id OS_TRUST_ID]
[--os-default-domain-id OS_DEFAULT_DOMAIN_ID]
[--os-default-domain-name OS_DEFAULT_DOMAIN_NAME]
[--os-user-id OS_USER_ID] [--os-username OS_USERNAME]
[--os-user-domain-id OS_USER_DOMAIN_ID]
[--os-user-domain-name OS_USER_DOMAIN_NAME]
[--os-password OS_PASSWORD]
<subcommand> ...
error: unrecognized arguments: --insecure
Try 'nova help ' for more information.
If don't have SSL certificate file local to connect to openstack https api, how to run nova
, glance
commands? Is there a .novarc
, .glancerc
config file to use them?
I also tried to create a nova.rc
file with the same configuration as openrc then source it. But the same.
Although I'm not familiar with your problem directly, OpenStack is trying to move its service clients to a unified one, which is the OpenStack client.
Here are some links regarding what I just mentioned (in the victoria version):
https://docs.openstack.org/python-openstackclient/victoria/
https://docs.openstack.org/python-openstackclient/victoria/cli/decoder.html
In this case and for the purpose of yours, you may enter the cli environment via "openstack --insecure"
https://docs.openstack.org/python-openstackclient/latest/cli/man/openstack.html
To run nova with the '--insecure' option you have to be a bit more strict with the syntax.
nova --insecure list
should work whereasnova list --insecure
should give the same errors that @rawmain has posted