I found this httpie issue <https://github.com/httpie/httpie/issues/480>, basically, the certs I imported into debian aren't respected by httpie. So I think I need to use --verify or --cert option of httpie.
But when I use --verify no, I get a 301: [tblack-stretch]/home/tblack/pulpcerts/certs > http --verify no https://pulp.biamp.com/pulp/api/v3/status HTTP/1.1 301 Moved Permanently Connection: keep-alive Content-Length: 0 Content-Type: text/html; charset=utf-8 Date: Thu, 05 Nov 2020 00:07:19 GMT Location: /pulp/api/v3/status/ Server: nginx/1.14.2 and if I use --cert to point to the pulp-generated CA cert I copied over from pulp, I get a different httpie error, I believe indicating I'm using the wrong format cert: http: error: Error: [('PEM routines', 'get_name', 'no start line'), ('SSL routines', 'SSL_CTX_use_PrivateKey_file', 'PEM lib')] Thanks for your help. On Wed, Nov 4, 2020 at 3:54 PM Tim Black <[email protected]> wrote: > I have installed a new pulp instance using pulp.pulp_installer 3.8.1 and > the below ansible play, which mostly uses defaults. The containing playbook > runs to completion with no errors, but I get the following error trying to > access the api status endpoint with httpie: > > [tblack-stretch]cmm/ansible/projects/pulp > http > https://pulp.biamp.com/pulp/api/v3/status > <https://pulp.mydomain.com/pulp/api/v3/status> > > http: error: SSLError: HTTPSConnectionPool(host='pulp.biamp.com > <http://pulp.mydomain.com>', port=443): Max retries exceeded with url: > /pulp/api/v3/status (Caused by SSLError(SSLError("bad handshake: > Error([('SSL routines', 'tls_process_server_certificate', 'certificate > verify failed')],)",),)) while doing GET request to URL: > https://pulp.biamp.com/pulp/api/v3/status > <https://pulp.mydomain.com/pulp/api/v3/status> > > It says it failed to verify the certificate. I've read the docs about ssl > configuration > <https://docs.pulpproject.org/pulpcore/installation/instructions.html#ssl>, > and I have copied both the pulp-generated self-signed root CA and > webserver certs from `/etc/pulp/certs/` to the client (tblack-stretch) I'm > running httpie from. There, I imported the certs by placing them in > /usr/local/share/ca-certificates/extra and running update-ca-certificates, > but still got the same error. > > Here is my play that invokes pulp.pulp_installer.pulp_all_services. Any > help would be appreciated. Thanks. > > - name: Install Pulp > hosts: pulp_cluster > vars: > # Pulp Installer Variables Documentation: > https://pulp-installer.readthedocs.io/en/3.8.1/#variables > pulp_install_plugins: > # IMPORTANT! Compatibility Between Pulpcore and Pulp Plugins Must be > Manually Confirmed/Specified! > # > https://pulp-installer.readthedocs.io/en/3.8.1/#note-on-plugin-version-compatibility-with-pulpcore > # There is a tool that helps you find the compatible plugin versions. > # https://github.com/fao89/pdc > pulp-ansible: > version: 0.5.0 > pulp-container: > version: 2.1.0 > pulp-deb: > version: 2.7.0 > pulp-file: > version: 1.3.0 > pulp-python: > version: 3.0.0b11 > pulp_default_admin_password: "{{ pulp_admin_password }}" > pulp_settings: > secret_key: "{{ pulp_django_secret_key }}" > content_origin: "https://{{ ansible_fqdn }}" > pre_tasks: > # The version string below is the highest of all those in roles' > metadata: > # "min_ansible_version". It needs to be kept manually up-to-date. > - name: Verify Ansible meets min required version > assert: > that: "ansible_version.full is version_compare('2.8', '>=')" > msg: > > "You must update Ansible to at least 2.8 to use this version of > Pulp 3 Installer." > roles: > - pulp.pulp_installer.pulp_all_services > environment: > DJANGO_SETTINGS_MODULE: pulpcore.app.settings > >
_______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
