Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Any option to ignore ssl certificate while using Openstack? (SL3_GET_SERVER_CERTIFICATE:certificate verify failed) #71

Open
bizhao opened this issue Sep 4, 2016 · 1 comment
Open

Any option to ignore ssl certificate while using Openstack? (SL3_GET_SERVER_CERTIFICATE:certificate verify failed) #71

bizhao opened this issue Sep 4, 2016 · 1 comment

Comments

@bizhao
Copy link

bizhao commented Sep 4, 2016

My OpenStack uses a self-issued certificate which seems to cause problems.

root@pinecone:~# kargo openstack --masters 2 --nodes 2 --etcds 3
CLONING KARGO GIT REPO *********************************************************
Cloning into '/root/.kargo'...
kargo repo cloned
/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:318: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/security.html#snimissingwarning.
SNIMissingWarning
/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:122: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
Create 4 instances on openstack ? [Y/n] y

PLAY [localhost] ***************************************************************

TASK [Create security group] ***************************************************
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "Error fetching security group list: SSL exception connecting to https://10.111.109.84:9696/v2.0/security-groups.json: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"}

NO MORE HOSTS LEFT *************************************************************
to retry, use: --limit @/root/.kargo/local.retry

PLAY RECAP *********************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1

Is there any option to set in kargo.yml to just skip the verification of certificate?
@AtzeDeVries
Copy link

I totally agree with you, but you can use a workarround. Create a certificate bundle (certificate + root CA's) and set it to a named my-stack-certs.pem
then run export OS_CACERT=path/to/my-stack-certs.pem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bizhao @AtzeDeVries