SSL handshake issue in Amphora instance

Hi expert,

I Installed SUSE Openstack 8 to evaluate load balancer functionality. But I can’t be downloaded the Octavia Amphora HA Proxy Guest Image, because I don’t have a SAID. Therefore I created the Amphora image using ‘diskimage-create’ script in Github Octavia repository.

When I creating the load balancer, but error occurrence in the Amphora instance. The amphora-agent log as is following.
[2018-07-06 08:02:31 +0000] [1484] [DEBUG] Error processing SSL request.
[2018-07-06 08:02:31 +0000] [1484] [DEBUG] Invalid request from ip=::ffff: [SSL: HTTP_REQUEST] http request (_ssl.c:1754)
[2018-07-06 08:02:31 +0000] [1484] [DEBUG] Failed to send error message.

How do I replace correct a Cert file for an Amphora instance? Or I must use the Octavia Amphora HA Proxy Guest Image provided by SUSE?

Thanks & Regards,


It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

Be sure to read the forum FAQ about what to expect in the way of responses:

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot…

Good luck!

Your SUSE Forums Team

The amphora image is part of the SOC 8 (CLM) release. Which release are you using CLM or Crowbar?

openstack-octavia-amphora-image-x86_64 | x86_64 Image for OpenStack Octavia | package

Thank you for your information.
I did find out the Amphora guest image that in ISO image. And register the Amphora guest image to the Glance by service-guest-image.yml playbook.

Nevertheless, the same problem was observed in the Amphora instance.

[QUOTE]sles@amphora-00715f1f-9433-4fa1-8fd3-4ec22172927a:~> sudo tail -f /var/log/amphora-agent.log
ca_certs: /etc/octavia/certs/client_ca.pem
tmp_upload_dir: None
backlog: 2048
logger_class: gunicorn.glogging.Logger
[2018-07-12 06:26:59 +0000] [9948] [INFO] Starting gunicorn 19.7.1
[2018-07-12 06:26:59 +0000] [9948] [DEBUG] Arbiter booted
[2018-07-12 06:26:59 +0000] [9948] [INFO] Listening at: http://[::]:9443 (9948)
[2018-07-12 06:26:59 +0000] [9948] [INFO] Using worker: sync
[2018-07-12 06:26:59 +0000] [10056] [INFO] Booting worker with pid: 10056
[2018-07-12 06:27:00 +0000] [9948] [DEBUG] 1 workers
[2018-07-12 06:35:44 +0000] [10056] [DEBUG] Error processing SSL request.
[2018-07-12 06:35:44 +0000] [10056] [DEBUG] Invalid request from ip=::ffff: [SSL: SSL_HANDSHAKE_FAILURE] ssl handshake failure (_ssl.c:1864)
[2018-07-12 06:35:44 +0000] [10056] [DEBUG] Failed to send error message.
[2018-07-12 06:35:54 +0000] [10056] [DEBUG] Error processing SSL request.
[2018-07-12 06:35:54 +0000] [10056] [DEBUG] Invalid request from ip=::ffff: [SSL: SSL_HANDSHAKE_FAILURE] ssl handshake failure (_ssl.c:1864)

I have a new install SUSE Openstack CLoud using CLM, and there are no modified settings to the Octavia.

What ip is Are you sure your cerfticates are correct for both the internal and external APIs? Did you create them manually or let the install create the default ones?