-
-
Notifications
You must be signed in to change notification settings - Fork 353
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Alerta (https and keycloak) #1381
Comments
If you are self-hosting keycloak you will need to add your SSL certs to your Alerta docker container as an additional layer. |
I don't use docker. Install alerta on linux serwer. I add cert to nginx and i have https. Recompile uwsgi in open ssl and add cert in this documentation: Or is that a problem in this file wsgi.py
because error is on mount app `[uwsgi] master = true socket = /var/run/alerta/uwsgi.sock die-on-term = true shared-socket = 0.0.0.0:8443 |
This error suggests there is a problem with your cert on the Keycloak server...
|
But other appliaction work fine with keyloack - Grafana, Zabbix itp. If I create simple python script with requests `import requests x = requests.get('', verify='') Get 200. |
You realise that adding |
verify=path to cert. i no add verfiy=False |
See https://requests.readthedocs.io/en/master/user/advanced/ |
on this site see topic - SSL Cert Verification I use this.
|
That's not what you put in the comment above. The example you provided earlier had an empty string as the verify parameter value which equates to |
I have problem with alerta na keyloack
I install alerta in this tutorial
https://devopstales.github.io/monitoring/alerta-on-centos7/
if i have basic auth work fine.
For keycloak:
alertad.conf
AUTH_PROVIDER = 'keycloak'
KEYCLOAK_URL = ******
KEYCLOAK_REALM = ******
OAUTH2_CLIENT_ID = 'alerta-ui'
OAUTH2_CLIENT_SECRET =********
Log for uwsgi, no see cert?
`VACUUM: unix socket /var/run/alerta/uwsgi.sock removed.
*** Starting uWSGI 2.0.19.1 (64bit) on [Tue Nov 17 10:23:45 2020] ***
compiled with version: 8.3.1 20191121 (Red Hat 8.3.1-5) on 28 October 2020 14:05:07
os: Linux-4.18.0-193.19.1.el8_2.x86_64 #1 SMP Wed Aug 26 15:29:02 EDT 2020
nodename:
machine: x86_64
clock source: unix
detected number of CPU cores: 1
current working directory: /
detected binary path: /root/.local/bin/uwsgi
!!! no internal routing support, rebuild with pcre support !!!
setgid() to 988
set additional group 1001 (alerta)
setuid() to 992
chdir() to /var/www
your processes number limit is 14970
your memory page size is 4096 bytes
detected max file descriptor number: 1024
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uwsgi socket 0 bound to UNIX address /var/run/alerta/uwsgi.sock fd 7
Python version: 3.6.8 (default, Dec 5 2019, 15:45:45) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
*** Python threads support is disabled. You can enable it with --enable-threads ***
Python main interpreter initialized at 0xee2ec0
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 437424 bytes (427 KB) for 5 cores
*** Operational MODE: preforking ***
mounting wsgi.py on /api
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen
chunked=chunked)
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in validate_conn
conn.connect()
File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 344, in connect
ssl_context=context)
File "/usr/lib/python3.6/site-packages/urllib3/util/ssl.py", line 354, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket
_context=self, _session=session)
File "/usr/lib64/python3.6/ssl.py", line 776, in init
self.do_handshake()
File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 449, in send
timeout=timeout
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 638, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/lib/python3.6/site-packages/urllib3/util/retry.py", line 399, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(): (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/alerta/auth/oidc.py", line 34, in get_oidc_configuration
r = requests.get(discovery_doc_url, timeout=2)
File "/usr/lib/python3.6/site-packages/requests/api.py", line 75, in get
return request('get', url, params=params, **kwargs)
File "/usr/lib/python3.6/site-packages/requests/api.py", line 60, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(): Max retries exceeded with url: (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/alerta/auth/init.py", line 27, in register
oidc_config, _ = oidc.get_oidc_configuration(app)
File "/usr/local/lib/python3.6/site-packages/alerta/auth/oidc.py", line 37, in get_oidc_configuration
raise ApiError('Could not get OpenID configuration from well known URL: {}'.format(str(e)), 503)
alerta.exceptions.ApiError: Could not get OpenID configuration from well known URL: HTTPSConnectionPool(host='keycloak.cn.in.pekao.com.pl', port=443): Max retries exceeded with url: /auth/realms/pekao/.well-known/openid-configuration (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "wsgi.py", line 3, in
app = create_app()
File "/usr/local/lib/python3.6/site-packages/alerta/app.py", line 84, in create_app
app.register_blueprint(auth_blueprint)
File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 98, in wrapper_func
return f(self, *args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1168, in register_blueprint
blueprint.register(self, options, first_registration)
File "/usr/local/lib/python3.6/site-packages/alerta/auth/init.py", line 31, in register
raise RuntimeError(e)
RuntimeError: Could not get OpenID configuration from well known URL: HTTPSConnectionPool(): Max retries exceeded with url: (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
VACUUM: unix socket /var/run/alerta/uwsgi.sock removed.
`
The text was updated successfully, but these errors were encountered: