CODEWITHSUNDEEP
ruby-on-railsopenstackopenstack-swiftovh
Vincent Simon
Vincent Simon

Reputation: 11

Openstack Ovh connection configuration

I am currently working on a rails app and I want to use Openstack with object storage from OVH.

My error is : 

connect_nonblock': SSL_connect returned=1 errno=0 state=unknown state:
certificate verify failed (OpenSSL::SSL::SSLError)
Unable to verify certificate. This may be an issue with the remote host or with Excon.Excon has certificates bundled, but these can be customized.

`Excon.defaults[:ssl_ca_path] = path_to_certs`,
`ENV['SSL_CERT_DIR'] = path_to_certs`,
`Excon.defaults[:ssl_ca_file] = path_to_file`,
`ENV['SSL_CERT_FILE'] = path_to_file`,
`Excon.defaults[:ssl_verify_callback] = callback` (see OpenSSL::SSL::SSLContext#verify_callback),
or `Excon.defaults[:ssl_verify_peer] = false` (less secure). (Excon::Errors::CertificateError)

Does anyone have a tips to do it ?

I have followed this tutorial in french: https://gist.github.com/BaptisteDixneuf/85dc4419a0398446d2d3

and there is my carrierwave config file :

CarrierWave.configure do |config|
 config.fog_provider = 'fog/openstack'
 config.fog_credentials = {
    :provider              => 'OpenStack',
    :openstack_username    => ENV['OS_USERNAME'],
    :openstack_api_key => ENV['OS_USER_MDP'],
    :openstack_auth_url => ENV['OS_AUTH_URL'],
    :openstack_region    => 'GRA1'
  }

end

Upvotes: 1

Views: 337

Answers (1)

Cyrbil
Cyrbil

Reputation: 6478

As it says, your app have trouble connecting to openstack because it cannot checks the certificate.

It then provide various ways to overcome the problem.

These ones are used to provide the certificate manually

`Excon.defaults[:ssl_ca_path] = path_to_certs`,
`ENV['SSL_CERT_DIR'] = path_to_certs`,
`Excon.defaults[:ssl_ca_file] = path_to_file`,
`ENV['SSL_CERT_FILE'] = path_to_file`,

The other two bypass the standart verification by respectively manually check it and ignore it.

`Excon.defaults[:ssl_verify_callback] = callback` (see OpenSSL::SSL::SSLContext#verify_callback),
or `Excon.defaults[:ssl_verify_peer] = false` (less secure). (Excon::Errors::CertificateError)

OVH's Openstack cloud used valid certificats. Ensure your server have common ca-certificat list installed. And update openssl library.

Upvotes: 1

Related Questions