/elasticluster

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Failed to validate the SSL certificate for github.com:443 #539

Closed
pnik073 opened this Issue Mar 31, 2018 · 2 comments

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@pnik073 @riccardomurri
@pnik073
Copy link

pnik073 commented Mar 31, 2018
edited

When I run elasticluster start for SLURM cluster I get SSL certificate failure for github. I try to run setup, correct the build.yml or run with docker but all trials fail. I provide below more info on the errors.

Any suggestions on that?

Local runs

I try to modify /home/vagrant/elasticluster/src/elasticluster/share/playbooks/roles/lmod/tasks/build.yml and at line 70 (i.e., the line after get_url:) with validate_certs: no. Note that the v of validate must be exactly aligned with the u of url: in the line that follows. This run is done from Ubuntu-Xenial with Ansible 2.3.3.0. The elasticluster setup does not help here.

Error log: Without validate_certs: no

TASK [lmod : Download sources] ********************************************************************************************************************************************************
fatal: [frontend001]: FAILED! => {"changed": false, "failed": true, "msg": "Failed to validate the SSL certificate for github.com:443. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible. The exception msg was: (\"bad handshake: Error([('SSL routines', 'ssl3_read_bytes', 'tlsv1 alert protocol version')],)\",)."}

PLAY RECAP ****************************************************************************************************************************************************************************
compute001                 : ok=44   changed=2    unreachable=0    failed=0   
compute002                 : ok=44   changed=2    unreachable=0    failed=0   
frontend001                : ok=67   changed=5    unreachable=0    failed=1   

2018-03-31 00:18:56 ubuntu-xenial gc3.elasticluster[12500] ERROR Command `ansible-playbook --private-key=/home/vagrant/.ssh/elasticluster.pem /home/vagrant/elasticluster/src/elasticluster/share/playbooks/site.yml --inventory=/home/vagrant/.elasticluster/storage/slurm.inventory --become --become-user=root -e elasticluster_output_dir=/tmp/elasticluster.DZUP34.d` failed with exit code 2.
2018-03-31 00:18:56 ubuntu-xenial gc3.elasticluster[12500] ERROR Cannot find the status report file.

Error log: With validate_certs: no

TASK [lmod : Download sources] ********************************************************************************************************************************************************
fatal: [frontend001]: FAILED! => {"changed": false, "failed": true, "msg": "Unsupported parameters for (get_url) module: validate. Supported parameters include: attributes,backup,checksum,content,delimiter,dest,directory_mode,follow,force,force_basic_auth,group,headers,http_agent,mode,owner,regexp,remote_src,selevel,serole,setype,seuser,sha256sum,src,timeout,tmp_dest,unsafe_writes,url,url_password,url_username,use_proxy,validate_certs"}

PLAY RECAP ****************************************************************************************************************************************************************************
compute001                 : ok=47   changed=30   unreachable=0    failed=0   
compute002                 : ok=47   changed=30   unreachable=0    failed=0   
frontend001                : ok=71   changed=46   unreachable=0    failed=1   

2018-03-31 00:02:17 ubuntu-xenial gc3.elasticluster[9278] ERROR Command `ansible-playbook --private-key=/home/vagrant/.ssh/elasticluster.pem /home/vagrant/elasticluster/src/elasticluster/share/playbooks/site.yml --inventory=/home/vagrant/.elasticluster/storage/slurm.inventory --become --become-user=root -e elasticluster_output_dir=/tmp/elasticluster.xJzOmb.d` failed with exit code 2.
2018-03-31 00:02:17 ubuntu-xenial gc3.elasticluster[9278] ERROR Cannot find the status report file.

Docker run

I also run from riccardomurri/elasticluster Docker with the following mount for my conf files. That fails too.

#Dockerfile I use
FROM riccardomurri/elasticluster:1.3.0.pr
VOLUME ["/data"]
WORKDIR /data

#Docker run
sudo docker build -t elasticdocker .
sudo docker run -v myFolderWithSshAndConfFiles/:/data -i -t elasticdocker -c /data/ec.d/slurm.conf start slurm

Error log:

TASK [lmod : Download sources] **********************************************************************************************************
fatal: [frontend001]: FAILED! => {"changed": false, "failed": true, "msg": "Failed to validate the SSL certificate for github.com:443. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible. The exception msg was: (\"bad handshake: Error([('SSL routines', 'ssl3_read_bytes', 'tlsv1 alert protocol version')],)\",)."}
	to retry, use: --limit @/home/elasticluster/share/playbooks/site.retry

PLAY RECAP ******************************************************************************************************************************
compute001                 : ok=47   changed=30   unreachable=0    failed=0   
compute002                 : ok=47   changed=30   unreachable=0    failed=0   
frontend001                : ok=70   changed=46   unreachable=0    failed=1   

2018-03-31 00:34:55 f5da300d2b5c gc3.elasticluster[1] ERROR Command `ansible-playbook --private-key=/data/storage/elasticluster.pem /home/elasticluster/share/playbooks/site.yml --inventory=/home/.elasticluster/storage/slurm.inventory --become --become-user=root` failed with exit code 2.
2018-03-31 00:34:55 f5da300d2b5c gc3.elasticluster[1] ERROR Check the output lines above for additional information on this error.
2018-03-31 00:34:55 f5da300d2b5c gc3.elasticluster[1] ERROR The cluster has likely *not* been configured correctly. You may need to re-run `elasticluster setup` or fix the playbooks.

@riccardomurri riccardomurri closed this in 6ff4192 Mar 31, 2018

@riccardomurri

This comment has been minimized.

Sign in to view
Copy link
Member

riccardomurri commented Mar 31, 2018

This should now be fixed in the latest "master" branch: so either update you python sources (git pull && pip install -e .) or download the latest Docker image (elasticluster.sh --latest list).

The fix allows you to turn off HTTPS certificate validation; just add this line to any [setup/...] section in your configuration file::

global_var_insecure_https_downloads=yes

@riccardomurri riccardomurri referenced this issue Mar 31, 2018

Closed

AWS InstanceLimitExceeded & SSH Error No IP address #537

@pnik073 pnik073 referenced this issue Mar 31, 2018

Closed

[nfs-client] Error mounting /home: mount.nfs #540

@riccardomurri

@pnik073 pnik073 referenced this issue Apr 2, 2018

Closed

PostgreSQL | Add PostgreSQL repository apt-key] #542

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment