Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't connect to HTTPS URL because the SSL module is not available. #4360

Closed
cpanato opened this issue Sep 1, 2017 · 13 comments
Closed

Can't connect to HTTPS URL because the SSL module is not available. #4360

cpanato opened this issue Sep 1, 2017 · 13 comments
Labels
Packaging question The issue doesn't require a change to the product in order to be resolved. Most issues start as that

Comments

@cpanato
Copy link

cpanato commented Sep 1, 2017

Description

build a docker image with the azure-cli using apt-get

when run az login got this:

root@c66f71:/go# az login
Please ensure you have network connection. Error detail: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /common/oauth2/devicecode?api-version=1.0 (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.",))

Environment summary

Install Method: How did you install the CLI? (e.g. pip, interactive script, apt-get, Docker, MSI, nightly)
Answer here: apt-get

CLI Version: What version of the CLI and modules are installed? (Use az --version)
Answer here:

root@c61850366f71:/go# az --version
azure-cli (2.0.16)

acr (2.0.11)
acs (2.0.14)
appservice (0.1.15)
batch (3.1.2)
billing (0.1.4)
cdn (0.0.7)
cloud (2.0.7)
cognitiveservices (0.1.7)
command-modules-nspkg (2.0.1)
component (2.0.7)
configure (2.0.10)
consumption (0.1.4)
container (0.1.9)
core (2.0.15)
cosmosdb (0.1.12)
dla (0.0.11)
dls (0.0.13)
eventgrid (0.1.3)
feedback (2.0.6)
find (0.2.6)
interactive (0.3.9)
iot (0.1.11)
keyvault (2.0.9)
lab (0.0.10)
monitor (0.0.9)
network (2.0.13)
nspkg (3.0.1)
profile (2.0.11)
rdbms (0.0.6)
redis (0.2.8)
resource (2.0.13)
role (2.0.11)
servicefabric (0.0.3)
sf (1.0.8)
sql (2.0.10)
storage (2.0.14)
vm (2.0.13)

Python (Linux) 3.6.1 (default, Aug 31 2017, 21:03:43)
[GCC 4.8.4]

Python location '/opt/az/bin/python3'

Legal docs and information: aka.ms/AzureCliLegal

OS Version: What OS and version are you using?
Answer here: docker base image: golang:1.8.3-stretch

Shell Type: What shell are you using? (e.g. bash, cmd.exe, Bash on Windows)
Answer here: bash
@tjprescott
Copy link
Member

I think this has to do with the Linux environment in your Docker image rather than the CLI itself.
psf/requests#3482

@tjprescott tjprescott added the question The issue doesn't require a change to the product in order to be resolved. Most issues start as that label Sep 1, 2017
@derekbekoe
Copy link
Member

derekbekoe commented Sep 1, 2017
edited
Loading

Yes what does your Dockerfile look like?
You can use our Dockerfiles for reference.

@cpanato
Copy link
Author

cpanato commented Sep 1, 2017

looks like, thanks for the reply!

FROM golang:1.8.3-stretch

### For golang testing stuff
RUN go get -u github.com/golang/lint/golint
RUN go get github.com/jstemmer/go-junit-report

### License parser
RUN go get github.com/coreos/license-bill-of-materials

### 'grafiti' for cluster cleanup
ENV GRAFITI_VERSION "v0.1.1"
RUN git clone -q https://github.com/coreos/grafiti.git ${GOPATH}/src/github.com/coreos/grafiti \
    && cd ${GOPATH}/src/github.com/coreos/grafiti \
    && git checkout -q tags/${GRAFITI_VERSION} \
    && make install

# /go needs to be writable by jenkins user like it is in the upstream golang image
RUN chmod 777 -R /go

### Install Shellcheck, Terraform, NodeJS and Yarn
ENV SHELLCHECK_VERSION="v0.4.6"
ENV TERRAFORM_VERSION="v0.9.11-coreos.2"
ENV NODE_VERSION="v8.1.2"
ENV YARN_VERSION="v0.24.6"
ENV MATCHBOXVERSION="v0.6.1"
# yarn needs a home writable by any user running the container
ENV HOME /opt/home
RUN mkdir -p ${HOME}
RUN chmod 777 -R ${HOME}

RUN apt-get update
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y -q apt-utils
RUN DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y -q \
    build-essential sudo curl wget git autoconf automake unzip libtool jq awscli gnupg1 \
    openvpn xvfb xauth openssl python-pip python-setuptools

# Install azure cli
RUN echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ wheezy main" | tee /etc/apt/sources.list.d/azure-cli.list
RUN apt-key adv --keyserver packages.microsoft.com --recv-keys 417A0893
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y -q apt-transport-https
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q azure-cli

# Install Terraform
# TERRAFORM_URL enables us to build the upstream-terraform Tectonic builder
# image (See README.md/##Upstream-and-CoreOS-Terraform)
ARG TERRAFORM_URL=https://github.com/coreos/terraform/releases/download/${TERRAFORM_VERSION}/linux_amd64.zip
RUN curl -L ${TERRAFORM_URL} | funzip > /usr/local/bin/terraform && chmod +x /usr/local/bin/terraform

# Install NodeJS
RUN cd /tmp && \
    wget --quiet -O /tmp/node.tar.gz https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-linux-x64.tar.gz && \
    tar xf node.tar.gz && \
    rm -f /tmp/node.tar.gz && \
    cd node-* && \
    cp -r lib/node_modules /usr/local/lib/node_modules && \
    cp bin/node /usr/local/bin && \
    ln -s /usr/local/lib/node_modules/npm/bin/npm-cli.js /usr/local/bin/npm
# so any container user can install global node modules if needed
RUN chmod 777 /usr/local/lib/node_modules

# Install Yarn
RUN cd /tmp && \
    wget --quiet -O /tmp/yarn.tar.gz https://github.com/yarnpkg/yarn/releases/download/${YARN_VERSION}/yarn-${YARN_VERSION}.tar.gz && \
    tar xf yarn.tar.gz && \
    rm -f /tmp/yarn.tar.gz && \
    mv /tmp/dist /usr/local/yarn && \
    ln -s /usr/local/yarn/bin/yarn /usr/local/bin/yarn

# Install Shellcheck
RUN cd /tmp && \
    wget --quiet https://storage.googleapis.com/shellcheck/shellcheck-${SHELLCHECK_VERSION}.linux.x86_64.tar.xz && \
    tar xJf shellcheck-${SHELLCHECK_VERSION}.linux.x86_64.tar.xz && \
    mv /tmp/shellcheck-${SHELLCHECK_VERSION}/shellcheck /usr/local/bin/shellcheck

# Install Chrome for installer gui tests
# Use Chrome beta because v60 or higher is needed for headless mode
RUN wget --quiet -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - && \
    sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list' && \
    apt-get update && \
    apt-get install --no-install-recommends -y -q \
    google-chrome-beta ca-certificates

# matchbox for baremetal installer gui tests
RUN cd /tmp && \
    wget --quiet -O /tmp/matchbox.tar.gz https://github.com/coreos/matchbox/releases/download/${MATCHBOXVERSION}/matchbox-${MATCHBOXVERSION}-linux-amd64.tar.gz && \
    tar xzvf /tmp/matchbox.tar.gz && \
    rm -f /tmp/matchbox.tar.gz && \
    cp matchbox-*/matchbox /usr/local/bin

# cleanup
RUN rm -rf /tmp/node-v*
RUN rm -f /tmp/yarn.tar.gz

@derekbekoe
Copy link
Member

There's a lot in this Dockerfile so can't tell exactly why it's not working.

This 'Install CLI on Linux without apt-get' may help you.

@derekbekoe derekbekoe added Packaging question The issue doesn't require a change to the product in order to be resolved. Most issues start as that and removed question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Sep 1, 2017
@cpanato
Copy link
Author

cpanato commented Sep 1, 2017

reduce for this and still same error

FROM golang:1.8.3-stretch

### For golang testing stuff
RUN go get -u github.com/golang/lint/golint
RUN go get github.com/jstemmer/go-junit-report

### License parser
RUN go get github.com/coreos/license-bill-of-materials

### 'grafiti' for cluster cleanup
ENV GRAFITI_VERSION "v0.1.1"
RUN git clone -q https://github.com/coreos/grafiti.git ${GOPATH}/src/github.com/coreos/grafiti \
    && cd ${GOPATH}/src/github.com/coreos/grafiti \
    && git checkout -q tags/${GRAFITI_VERSION} \
    && make install

# /go needs to be writable by jenkins user like it is in the upstream golang image
RUN chmod 777 -R /go

### Install Shellcheck, Terraform, NodeJS and Yarn
ENV HOME /opt/home
RUN mkdir -p ${HOME}
RUN chmod 777 -R ${HOME}

RUN apt-get update
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y -q apt-utils
RUN DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y -q \
    build-essential sudo curl wget git autoconf automake unzip libtool jq awscli gnupg1 \
    openvpn xvfb xauth openssl python-pip python-setuptools

# Install azure cli
RUN echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ wheezy main" | tee /etc/apt/sources.list.d/azure-cli.list
RUN apt-key adv --keyserver packages.microsoft.com --recv-keys 417A0893
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y -q apt-transport-https
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q azure-cli

@Strandedpirate
Copy link

Strandedpirate commented Sep 13, 2017
edited
Loading

I'm getting the same error in bitbucket pipelines when running az login -u xxx -p yyy. Our docker image is maven:3.5.0-jdk-8 with nothing else but installing the azure CLI and running the above command.

This thread suggests that the code compiled against python did not link to OpenSSL. If that is true this is only something that re-compiling this project would fix.
psf/requests#3482

installing azure CLI...

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Get:1 http://security.debian.org stretch/updates InRelease [62.9 kB]
Ign:2 http://deb.debian.org/debian stretch InRelease
Get:3 http://deb.debian.org/debian stretch-updates InRelease [91.0 kB]
Get:4 http://deb.debian.org/debian stretch Release [118 kB]
Get:5 http://deb.debian.org/debian stretch Release.gpg [2373 B]
Get:6 http://deb.debian.org/debian stretch-updates/main amd64 Packages [5553 B]
Get:7 http://deb.debian.org/debian stretch/main amd64 Packages [9497 kB]
Get:8 http://security.debian.org stretch/updates/main amd64 Packages [206 kB]
Fetched 9983 kB in 1s (6862 kB/s)
Reading package lists...
Building dependency tree...
Reading state information...
All packages are up to date.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  apt-transport-https
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 171 kB of archives.
After this operation, 242 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian stretch/main amd64 apt-transport-https amd64 1.4.7 [171 kB]
debconf: delaying package configuration, since apt-utils is not installed
Fetched 171 kB in 0s (12.0 MB/s)
Selecting previously unselected package apt-transport-https.
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 29525 files and directories currently installed.)
Preparing to unpack .../apt-transport-https_1.4.7_amd64.deb ...
Unpacking apt-transport-https (1.4.7) ...
Setting up apt-transport-https (1.4.7) ...
deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ wheezy main
Warning: apt-key output should not be parsed (stdout is not a terminal)
Executing: /tmp/apt-key-gpghome.QLrMGjl7Ff/gpg.1.sh --keyserver packages.microsoft.com --recv-keys 417A0893
gpg: key B02C46DF417A0893: public key "MS Open Tech <interop@microsoft.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1
Ign:1 http://deb.debian.org/debian stretch InRelease
Hit:2 http://deb.debian.org/debian stretch-updates InRelease
Hit:3 http://deb.debian.org/debian stretch Release
Hit:4 http://security.debian.org stretch/updates InRelease
Get:6 https://packages.microsoft.com/repos/azure-cli wheezy InRelease [2826 B]
Get:7 https://packages.microsoft.com/repos/azure-cli wheezy/main amd64 Packages [5749 B]
Fetched 8575 B in 0s (20.8 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  azure-cli
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 38.7 MB of archives.
After this operation, 254 MB of additional disk space will be used.
Get:1 https://packages.microsoft.com/repos/azure-cli wheezy/main amd64 azure-cli all 2.0.17-1 [38.7 MB]
debconf: delaying package configuration, since apt-utils is not installed
Fetched 38.7 MB in 0s (45.4 MB/s)
Selecting previously unselected package azure-cli.
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 29531 files and directories currently installed.)
Preparing to unpack .../azure-cli_2.0.17-1_all.deb ...
Unpacking azure-cli (2.0.17-1) ...
Setting up azure-cli (2.0.17-1) ...
logging into azure...
ERROR: Please ensure you have network connection. Error detail: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /common/UserRealm/deploy%40itbuildasign.onmicrosoft.com?api-version=1.0 (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.",))

@patoncrispy
Copy link

I'm having this issue using GitLab CI. Docker image is microsoft/dotnet:2.0.0-sdk. The steps that cause this failure are:

    - apt-get update
    - apt-get install apt-transport-https
    - echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ wheezy main" | tee /etc/apt/sources.list.d/azure-cli.list
    - apt-key adv --keyserver packages.microsoft.com --recv-keys 417A0893
    - apt-get update
    - apt-get install azure-cli
    - az login --service-principal -u "$AZURE_SERVICE_PRINCIPAL_NAME" -p $AZURE_SERVICE_PRINCIPAL_PASSWORD --tenant "$AZURE_SERVICE_PRINCIPAL_TENANT"

@patoncrispy patoncrispy mentioned this issue Sep 27, 2017
Closed
@derekbekoe derekbekoe mentioned this issue Nov 3, 2017
Closed
@brharr
Copy link

brharr commented Dec 20, 2017

So I am getting this error with absolute latest cli install and python install on one of the newest macs with the latest MacOS.

"Can't Connect to HTTPS URL because the SSL module is not available. "

These installs are fresh.

BTW, the install docs for Mac needs to be updated to include the need for python3 as that is not installed with the MacOS and python3 needs the xcode command line tools or it will not link properly.

@andrewb-ms
Copy link

Is there a resolution here? Having the same problem... seems fragile

@Strandedpirate
Copy link

This isn't the first time this is happened. They release broken versions now and then. You should modify your script to install a specific version rather than latest.

- apt-get update
- apt-get install apt-transport-https  
- echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ wheezy main" | tee /etc/apt/sources.list.d/azure-cli.list
- apt-key adv --keyserver packages.microsoft.com --recv-keys 417A0893
- apt-get update
- apt-get install azure-cli=2.0.24-1
....

You can get the version numbers out of this file: https://packages.microsoft.com/repos/azure-cli/dists/wheezy/main/binary-amd64/Packages

@andrewb-ms
Copy link

Thanks! Azure-CLI is way too fragile

@derekbekoe
Copy link
Member

Closing to keep all conversation in #3720

@derekperkins derekperkins mentioned this issue May 22, 2018
Closed
@haroldrandom haroldrandom added Packaging question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Oct 25, 2019
@jimdigriz
Copy link

jimdigriz commented Jan 16, 2021
edited
Loading

For those having a similar problem (seen on Ubuntu 'bionic' 18) as no one explicitly states the fix that I can see:

apt-get install libssl1.0.0

The problem occurs if you use the package repo https://packages.microsoft.com/ubuntu/18.04/prod (provides a much older version 2.0.25-1) rather than https://packages.microsoft.com/repos/azure-cli/ (gives you version 2.17.1-1).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Packaging question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@Strandedpirate @patoncrispy @jimdigriz @cpanato @tjprescott @brharr @haroldrandom @derekbekoe @andrewb-ms