PDA

View Full Version : SSL handshake issue in Amphora instance



kjahyeon
06-Jul-2018, 09:24
Hi expert,

I Installed SUSE Openstack 8 to evaluate load balancer functionality. But I can't be downloaded the Octavia Amphora HA Proxy Guest Image, because I don't have a SAID. Therefore I created the Amphora image using 'diskimage-create' script in Github Octavia repository.

When I creating the load balancer, but error occurrence in the Amphora instance. The amphora-agent log as is following.
[2018-07-06 08:02:31 +0000] [1484] [DEBUG] Error processing SSL request.
[2018-07-06 08:02:31 +0000] [1484] [DEBUG] Invalid request from ip=::ffff:192.168.30.147: [SSL: HTTP_REQUEST] http request (_ssl.c:1754)
[2018-07-06 08:02:31 +0000] [1484] [DEBUG] Failed to send error message.

How do I replace correct a Cert file for an Amphora instance? Or I must use the Octavia Amphora HA Proxy Guest Image provided by SUSE?

Thanks & Regards,
Jahyeon

Automatic Reply
11-Jul-2018, 05:30
kjahyeon,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit http://www.suse.com/support and search the knowledgebase and/or check all
the other support options available.
- Open a service request: https://www.suse.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.suse.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.suse.com/faq.php

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot..

Good luck!

Your SUSE Forums Team
http://forums.suse.com

kberger65
11-Jul-2018, 19:30
The amphora image is part of the SOC 8 (CLM) release. Which release are you using CLM or Crowbar?

openstack-octavia-amphora-image-x86_64 | x86_64 Image for OpenStack Octavia | package

kjahyeon
12-Jul-2018, 08:12
Thank you for your information.
I did find out the Amphora guest image that in ISO image. And register the Amphora guest image to the Glance by service-guest-image.yml playbook.

Nevertheless, the same problem was observed in the Amphora instance.

sles@amphora-00715f1f-9433-4fa1-8fd3-4ec22172927a:~> sudo tail -f /var/log/amphora-agent.log
ca_certs: /etc/octavia/certs/client_ca.pem
tmp_upload_dir: None
backlog: 2048
logger_class: gunicorn.glogging.Logger
[2018-07-12 06:26:59 +0000] [9948] [INFO] Starting gunicorn 19.7.1
[2018-07-12 06:26:59 +0000] [9948] [DEBUG] Arbiter booted
[2018-07-12 06:26:59 +0000] [9948] [INFO] Listening at: http://[::]:9443 (9948)
[2018-07-12 06:26:59 +0000] [9948] [INFO] Using worker: sync
[2018-07-12 06:26:59 +0000] [10056] [INFO] Booting worker with pid: 10056
[2018-07-12 06:27:00 +0000] [9948] [DEBUG] 1 workers
[2018-07-12 06:35:44 +0000] [10056] [DEBUG] Error processing SSL request.
[2018-07-12 06:35:44 +0000] [10056] [DEBUG] Invalid request from ip=::ffff:192.168.30.147: [SSL: SSL_HANDSHAKE_FAILURE] ssl handshake failure (_ssl.c:1864)
[2018-07-12 06:35:44 +0000] [10056] [DEBUG] Failed to send error message.
[2018-07-12 06:35:54 +0000] [10056] [DEBUG] Error processing SSL request.
[2018-07-12 06:35:54 +0000] [10056] [DEBUG] Invalid request from ip=::ffff:192.168.30.147: [SSL: SSL_HANDSHAKE_FAILURE] ssl handshake failure (_ssl.c:1864)


I have a new install SUSE Openstack CLoud using CLM, and there are no modified settings to the Octavia.

kberger65
13-Jul-2018, 14:37
What ip is 192.168.30.147. Are you sure your cerfticates are correct for both the internal and external APIs? Did you create them manually or let the install create the default ones?