On Wed, 04 Feb 2015 18:07:03 +0100 Miroslav Suchý <msuchy@xxxxxxxxxx> wrote: > When I do: > [root@fed-cloud09 ~(keystone_admin)]# cinder type-list > ERROR: Unable to establish connection: [Errno 1] _ssl.c:504: > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate > verify failed > > Which just transit to: > [root@fed-cloud09 ~(keystone_admin)]# curl -i > https://fed-cloud09.cloud.fedoraproject.org/ curl: (60) Peer's > certificate issuer has been marked as not trusted by the user. > > Is it time to get SSL cert signed by some CA? > However I would swear I had not this problems yesterday. But it > behaves this way even if I revert my work. > > Comments are welcome. Odd. Wonder why it would complain now when it didn't before. ;( In any case, I think it would be good to get a real cert, but fed-cloud09 seems kind of off to me. Could we instead call it 'openstack.cloud.fedoraproject.org' or 'controller.cloud.fedoraproject.org' or something? Not sure if that needs us to rename/reinstall the node, or can just be done in the cert... Along those same lines, how about we move the existing host playbooks to a group/openstack-controller.yml (currently just fed-cloud09, but I'd like to see if we can allocate one machine moving forward to be our test for the 'next' openstack) and group/openstack-compute.yml (fed-cloud10/11, but some more will be installed next week) to make them more generic and ready for more nodes? kevin
Attachment:
pgpmP9XrxOww1.pgp
Description: OpenPGP digital signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
