"requests.exceptions.SSLError" in VMware Integrated OpenStack
book
Article ID: 342092
calendar_today
Updated On:
Products
VMwareVMware Integrated OpenStack
Issue/Introduction
To resolve this issue, change the hostname of a management-server.
Symptoms:
Running the VIOCLI command in VMware Integrated OpenStack fails with the error:
Traceback (most recent call last): File "/usr/local/bin/viocli", line 10, in <module> sys.exit(main()) File "/usr/local/lib/python2.7/dist-packages/viocli/cli.py", line 96, in main args.func(args, args.verbose) File "/usr/local/lib/python2.7/dist-packages/viocli/bundle/deployment.py", line 176, in handler self.initialize(args.deployment_name) File "/usr/local/lib/python2.7/dist-packages/viocli/bundle/base_bundle.py", line 74, in initialize self._conn.authenticate(self._oms_user, self._oms_password) File "/usr/local/lib/python2.7/dist-packages/viocli/bundle/common/oms_connection.py", line 55, in authenticate self._get_url('/oms/api/hello'), verify=self.cert_path) File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 469, in get return self.request('GET', url, **kwargs) File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 457, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 569, in send r = adapter.send(request, **kwargs) File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 420, in send raise SSLError(e, request=request) requests.exceptions.SSLError: hostname 'oms.domain.local' doesn't match either of 'localhost.localdom', 'localhost'
The hostname and certificate subject in the /opt/vmware/vio/etc/oms.crt file does not match.
Note: localhost.localdom is default name given to management-server, if FQDN in DNS is not configured for the management-server IP address.
This issue occurs when a DNS A and PTR records for management-server IP is changed after the first boot of VIO management-server.
During the first boot of VMware Integrated OpenStack vAPP certificate is created for management-server and it is used in the registration of the plugin to vCenter Server. This certificate is created by using the FQDN returned by DNS reverse lookup of configured IP address for management-server in vAPP installation wizard. If the configured IP did not have associated PTR record the certificate is created with localhost.localdom DNS name.
When a PTR record is defined for the management-server IP address and management-server is restarted, the hostname is changed to reflect the value returned by reverse lookup of configured IP address. When the VIOCLI command is run it verifies the certificate and hostname. If this information is in conflict the viocli command errors.
Resolution
To resolve this issue, change the hostname of a management-server:
Create a snapshot of VMware Integrated OpenStack vApp.
Shutdown and power on the VMware Integrated OpenStack vApp.
Connect to the management-server through the SSH
Stop oms services by running commands:
service oms stop service osvmw stop
Take a backup of the /opt/vmware/vio/etc file.
cp -r /opt/vmware/vio/etc /root/etc_backup
Take a snapshot of the management-server.
Remove files that block certificate regeneration by running command:
Modify the /opt/vmware/vio/etc/omjs.properties file and set the oms.extension.registered to false to allow oms to register with vCenter Server with new certificate.