Troubleshooting Heat-engine plug-in extensions
Installing the Blueprint Designer Heat extension plug-ins into an IBM Cloud Manager Heat engine results in stopping SSL communication.
When you install the Blueprint Designer Heat orchestration extension plug-ins into IBM Cloud
Manager with OpenStack and HTTPS is enabled on Keystone and Heat API endpoints, the following two
types of error occur:
-
keystoneclient.exceptions.SSLError: SSL exception connecting to https://{keystone Identity Endpoint}/auth/tokens: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
-
heatclient.exc.HTTPUnauthorized: ERROR: Authentication required.
Note: If HTTPS not enabled on Keystone and HEAT API endpoints of IBM Cloud Manager, which is the
default configuration, the problem does not occur.
When you install the Blueprint Designer Heat extension plug-ins, the installation deploys new Python module versions through Pip. The new Python module versions change the Python request module in the IBM Cloud Manager controller environment so that the Heat client is prevented from communicating over SSL.
To continue HTTPS communications on the Keystone and Heat API endpoints of IBM Cloud Manager,
install the Python request
module:
yum reinstall python-requests-{version}.noarch
If you use your own CA certificate, import it again. The default location of the certificate for IBM Cloud Manager 4.3 is /etc/pki/tls/certs/ca-bundle.crt.