Results 1 to 5 of 5

Thread: SSL handshake issue in Amphora instance

  1. #1

    SSL handshake issue in Amphora instance

    Hi expert,

    I Installed SUSE Openstack 8 to evaluate load balancer functionality. But I can't be downloaded the Octavia Amphora HA Proxy Guest Image, because I don't have a SAID. Therefore I created the Amphora image using 'diskimage-create' script in Github Octavia repository.

    When I creating the load balancer, but error occurrence in the Amphora instance. The amphora-agent log as is following.
    [2018-07-06 08:02:31 +0000] [1484] [DEBUG] Error processing SSL request.
    [2018-07-06 08:02:31 +0000] [1484] [DEBUG] Invalid request from ip=::ffff:192.168.30.147: [SSL: HTTP_REQUEST] http request (_ssl.c:1754)
    [2018-07-06 08:02:31 +0000] [1484] [DEBUG] Failed to send error message.

    How do I replace correct a Cert file for an Amphora instance? Or I must use the Octavia Amphora HA Proxy Guest Image provided by SUSE?

    Thanks & Regards,
    Jahyeon

  2. #2

    Re: SSL handshake issue in Amphora instance

    kjahyeon,

    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.

    These forums are peer-to-peer, best effort, volunteer run and that if your issue
    is urgent or not getting a response, you might try one of the following options:

    - Visit http://www.suse.com/support and search the knowledgebase and/or check all
    the other support options available.
    - Open a service request: https://www.suse.com/support
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.suse.com)

    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.suse.com/faq.php

    If this is a reply to a duplicate posting or otherwise posted in error, please
    ignore and accept our apologies and rest assured we will issue a stern reprimand
    to our posting bot..

    Good luck!

    Your SUSE Forums Team
    http://forums.suse.com



  3. Re: SSL handshake issue in Amphora instance

    The amphora image is part of the SOC 8 (CLM) release. Which release are you using CLM or Crowbar?

    openstack-octavia-amphora-image-x86_64 | x86_64 Image for OpenStack Octavia | package

  4. #4

    Re: SSL handshake issue in Amphora instance

    Thank you for your information.
    I did find out the Amphora guest image that in ISO image. And register the Amphora guest image to the Glance by service-guest-image.yml playbook.

    Nevertheless, the same problem was observed in the Amphora instance.
    sles@amphora-00715f1f-9433-4fa1-8fd3-4ec22172927a:~> sudo tail -f /var/log/amphora-agent.log
    ca_certs: /etc/octavia/certs/client_ca.pem
    tmp_upload_dir: None
    backlog: 2048
    logger_class: gunicorn.glogging.Logger
    [2018-07-12 06:26:59 +0000] [9948] [INFO] Starting gunicorn 19.7.1
    [2018-07-12 06:26:59 +0000] [9948] [DEBUG] Arbiter booted
    [2018-07-12 06:26:59 +0000] [9948] [INFO] Listening at: http://[::]:9443 (9948)
    [2018-07-12 06:26:59 +0000] [9948] [INFO] Using worker: sync
    [2018-07-12 06:26:59 +0000] [10056] [INFO] Booting worker with pid: 10056
    [2018-07-12 06:27:00 +0000] [9948] [DEBUG] 1 workers
    [2018-07-12 06:35:44 +0000] [10056] [DEBUG] Error processing SSL request.
    [2018-07-12 06:35:44 +0000] [10056] [DEBUG] Invalid request from ip=::ffff:192.168.30.147: [SSL: SSL_HANDSHAKE_FAILURE] ssl handshake failure (_ssl.c:1864)
    [2018-07-12 06:35:44 +0000] [10056] [DEBUG] Failed to send error message.
    [2018-07-12 06:35:54 +0000] [10056] [DEBUG] Error processing SSL request.
    [2018-07-12 06:35:54 +0000] [10056] [DEBUG] Invalid request from ip=::ffff:192.168.30.147: [SSL: SSL_HANDSHAKE_FAILURE] ssl handshake failure (_ssl.c:1864)
    I have a new install SUSE Openstack CLoud using CLM, and there are no modified settings to the Octavia.

  5. Re: SSL handshake issue in Amphora instance

    What ip is 192.168.30.147. Are you sure your cerfticates are correct for both the internal and external APIs? Did you create them manually or let the install create the default ones?

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •