An Error during nova-manage vpn run

Asked by Hugo Kou

Hello guys , this is Hugo

How's going today?

I got a problem with run up cloud-pipe image.

#nova-manage vpn run pro1

Full log : http://pastebin.com/TG1E8Jj6

And there's the short cut log
(nova): TRACE: ProcessExecutionError: Unexpected error while running command.
(nova): TRACE: Command: openssl ca -batch -out /tmp/tmpQkmiuR/outbound.csr -config ./openssl.cnf -infiles /tmp/tmpQkmiuR/inbound.csr
(nova): TRACE: Exit code: 1
(nova): TRACE: Stdout: ''
(nova): TRACE: Stderr: "Using configuration from ./openssl.cnf\nerror loading the config file './openssl.cnf'\n11755:error:02001002:system library:fopen:No such file or directory:bss_file.c:126:fopen('./openssl.cnf','rb')\n11755:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:129:\n11755:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:197:\n"

=================================

Question information

Language:
English Edit question
Status:
Answered
For:
OpenStack Compute (nova) Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Hugo Kou (tonytkdk) said :
#1

After that I try to create a new project .
Got same error while create zipfile

root@nova:~/pro3# nova-manage project zipfile pro3 hugo
Unexpected error while running command.
Command: openssl ca -batch -out /tmp/tmppETM_6/outbound.csr -config ./openssl.cnf -infiles /tmp/tmppETM_6/inbound.csr
Exit code: 1
Stdout: ''
Stderr: "Using configuration from ./openssl.cnf\nerror loading the config file './openssl.cnf'\n12293:error:02001002:system library:fopen:No such file or directory:bss_file.c:126:fopen('./openssl.cnf','rb')\n12293:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:129:\n12293:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:197:\n"
The above error may show that the certificate db has not been created.
Please create a database by running a nova-api server on this host.

Revision history for this message
Hugo Kou (tonytkdk) said :
#2

about #1 comment

I can avoid it by delete --use_project_ca flag

Revision history for this message
Vish Ishaya (vishvananda) said :
#3

Vpns are insecure without use_project_ca. It sounds like the CA directory isn't being created properly or there is a file missing.

Vish

On Jul 5, 2011, at 4:16 AM, Hugo Kou wrote:

> Question #163798 on OpenStack Compute (nova) changed:
> https://answers.launchpad.net/nova/+question/163798
>
> Hugo Kou posted a new comment:
> about #1 comment
>
> I can avoid it by delete --use_project_ca flag
>
> --
> You received this question notification because you are a member of Nova
> Core, which is an answer contact for OpenStack Compute (nova).

Revision history for this message
Vish Ishaya (vishvananda) said :
#4

Is this using trunk? I remember a similar issue around the time of the cactus release, but I thought it was fixed.

Vish

On Jul 5, 2011, at 4:16 AM, Hugo Kou wrote:

> Question #163798 on OpenStack Compute (nova) changed:
> https://answers.launchpad.net/nova/+question/163798
>
> Hugo Kou posted a new comment:
> about #1 comment
>
> I can avoid it by delete --use_project_ca flag
>
> --
> You received this question notification because you are a member of Nova
> Core, which is an answer contact for OpenStack Compute (nova).

Revision history for this message
Hugo Kou (tonytkdk) said :
#5

Dear Vish

Within Vlan test , I'm using Cactus Release.
well, you said about file_missig that I'll have a check tomorrow.
or Change to trunk for my examination
And /var/lib/nova/CA is exist

the tree of my CA
http://paste.openstack.org/show/1839/

1.if there any file missing

2.I'll turn to Trunk version

well , an additional question...
Is there any approach to setup instance gateway after fire up , I have to change route table gateway to a specify IP instead of nova-network host.

I remember that I had a shot talk with soren before , aobut the metadata must be redirect from nova-network, now.

Revision history for this message
Sunil Kumar CS (sunilkcs) said :
#6

Hi
       You got the solution for this!! I am getting the same error when i execute "./nova-manage project zipfile sunil_project sunil" . It would be great if any of you guys can help me out here....

sunil@openstack001:~/openstack/nova/bin$ ./nova-manage project zipfile sunil_project sunil
/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py:8: UserWarning: Module nova was already imported from /home/sunil/openstack/nova/nova/__init__.pyc, but /usr/lib/python2.7/dist-packages is being added to sys.path
  import pkg_resources

2012-02-23 18:33:15 DEBUG nova.utils [req-2f0804b9-cd4c-4d95-8712-b4b27356bfe7 None None] backend <module 'nova.db.sqlalchemy.api' from '/home/sunil/openstack/nova/nova/db/sqlalchemy/api.pyc'> from (pid=12892) __get_backend /home/sunil/openstack/nova/nova/utils.py:602
2012-02-23 18:33:15 DEBUG nova.utils [-] Running cmd (subprocess): openssl genrsa -out /tmp/tmpFGyQ1D/temp.key 1024 from (pid=12892) execute /home/sunil/openstack/nova/nova/utils.py:208
2012-02-23 18:33:15 DEBUG nova.utils [-] Running cmd (subprocess): openssl req -new -key /tmp/tmpFGyQ1D/temp.key -out /tmp/tmpFGyQ1D/temp.csr -batch -subj /C=US/ST=California/O=OpenStack/OU=NovaDev/CN=sunil_project-sunil-2012-02-23T13:03:15Z from (pid=12892) execute /home/sunil/openstack/nova/nova/utils.py:208
2012-02-23 18:33:15 DEBUG nova.crypto [-] Flags path: /home/sunil/openstack/nova/nova/..//CA from (pid=12892) _sign_csr /home/sunil/openstack/nova/nova/crypto.py:307
2012-02-23 18:33:15 DEBUG nova.utils [-] Running cmd (subprocess): openssl ca -batch -out /tmp/tmpsGT55E/outbound.csr -config ./openssl.cnf -infiles /tmp/tmpsGT55E/inbound.csr from (pid=12892) execute /home/sunil/openstack/nova/nova/utils.py:208
2012-02-23 18:33:15 DEBUG nova.utils [-] Result was 1 from (pid=12892) execute /home/sunil/openstack/nova/nova/utils.py:224
Unexpected error while running command.
Command: openssl ca -batch -out /tmp/tmpsGT55E/outbound.csr -config ./openssl.cnf -infiles /tmp/tmpsGT55E/inbound.csr
Exit code: 1
Stdout: ''
Stderr: "Using configuration from ./openssl.cnf\nerror loading the config file './openssl.cnf'\n139666044880544:error:02001002:system library:fopen:No such file or directory:bss_file.c:169:fopen('./openssl.cnf','rb')\n139666044880544:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:172:\n139666044880544:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:197:\n"
The above error may show that the certificate db has not been created.
Please create a database by running a nova-cert server on this host.

Revision history for this message
Shirley Woo (swoo) said :
#7

Hi --

Has any one gotten a fix for this issue? I'm getting a similar error;

/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py:8: UserWarning: Module nova was already imported from /home/localadmin/openstack/nova/nova/__init__.pyc, but /usr/lib/python2.7/dist-packages is being added to sys.path
  import pkg_resources

2012-03-06 13:39:38 DEBUG nova.utils [req-23ad7bfd-25c6-4630-b914-18461638024a None None] backend <module 'nova.db.sqlalchemy.api' from '/home/localadmin/openstack/nova/nova/db/sqlalchemy/api.pyc'> from (pid=15979) __get_backend /home/localadmin/openstack/nova/nova/utils.py:607
2012-03-06 13:39:42 DEBUG nova.utils [-] Running cmd (subprocess): openssl genrsa -out /tmp/tmpdNzGYR/temp.key 1024 from (pid=15979) execute /home/localadmin/openstack/nova/nova/utils.py:213
2012-03-06 13:39:42 DEBUG nova.utils [-] Running cmd (subprocess): openssl req -new -key /tmp/tmpdNzGYR/temp.key -out /tmp/tmpdNzGYR/temp.csr -batch -subj /C=US/ST=California/O=OpenStack/OU=NovaDev/CN=openstack-localadmin-2012-03-06T21:39:42Z from (pid=15979) execute /home/localadmin/openstack/nova/nova/utils.py:213
2012-03-06 13:39:42 DEBUG nova.crypto [-] Flags path: /var/lib/nova/CA from (pid=15979) _sign_csr /home/localadmin/openstack/nova/nova/crypto.py:292
2012-03-06 13:39:42 DEBUG nova.utils [-] Running cmd (subprocess): openssl ca -batch -out /tmp/tmp6p0qgY/outbound.csr -config ./openssl.cnf -infiles /tmp/tmp6p0qgY/inbound.csr from (pid=15979) execute /home/localadmin/openstack/nova/nova/utils.py:213
2012-03-06 13:39:42 DEBUG nova.utils [-] Result was 1 from (pid=15979) execute /home/localadmin/openstack/nova/nova/utils.py:229
Unexpected error while running command.
Command: openssl ca -batch -out /tmp/tmp6p0qgY/outbound.csr -config ./openssl.cnf -infiles /tmp/tmp6p0qgY/inbound.csr
Exit code: 1
Stdout: ''
Stderr: "Using configuration from ./openssl.cnf\nerror loading the config file './openssl.cnf'\n140116468876960:error:02001002:system library:fopen:No such file or directory:bss_file.c:169:fopen('./openssl.cnf','rb')\n140116468876960:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:172:\n140116468876960:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:197:\n"
The above error may show that the certificate db has not been created.
Please create a database by running a nova-cert server on this host.

Revision history for this message
Vish Ishaya (vishvananda) said :
#8

have you tried running nova-cert on the host?

Revision history for this message
Shirley Woo (swoo) said :
#9

I found that for my issue in comment #7, I had to do the following:

cd ~/openstack/nova
sudo cp -r nova/CA/* /var/lib/nova/CA

These files were missing from the directory which caused my problem.

Revision history for this message
Vish Ishaya (vishvananda) said :
#10

these files are supposed to be generated by genrootca.sh during the init_host of nova-cert

105 def ensure_ca_filesystem():
106 """Ensure the CA filesystem exists."""
107 ca_dir = ca_folder()
108 if not os.path.exists(ca_path()):
109 genrootca_sh_path = os.path.join(os.path.dirname(__file__),
110 'CA',
111 'genrootca.sh')
112
113 start = os.getcwd()
114 if not os.path.exists(ca_dir):
115 os.makedirs(ca_dir)
116 os.chdir(ca_dir)
117 utils.execute("sh", genrootca_sh_path)
118 os.chdir(start)

I can't verify that manually copying files the way that you did will work properly. Much better to simply run nova-cert as was suggested. by the error message.

Can you help with this problem?

Provide an answer of your own, or ask Hugo Kou for more information if necessary.

To post a message you must log in.