saurabsa
commented
7 years ago @brendandburns @colemickens Any updates? Something which can unblock me.
Closed saurabsa closed 7 years ago
saurabsa
commented
7 years ago @brendandburns @colemickens Any updates? Something which can unblock me.
saurabsa
commented
7 years ago Here is the debug log:
(env) mbp$ az acs kubernetes install-cli --debug Command arguments ['acs', 'kubernetes', 'install-cli'] Registered application event handler 'CommandParser.Parsed' at <function _handle_container_ssh_file at 0x104440e18> Current active cloud 'AzureCloud' {'active_directory': 'https://login.microsoftonline.com', 'active_directory_graph_resource_id': 'https://graph.windows.net/', 'active_directory_resource_id': 'https://management.core.windows.net/', 'batch_resource_id': 'https://batch.core.windows.net/', 'gallery': 'https://gallery.azure.com/', 'management': 'https://management.core.windows.net/', 'resource_manager': 'https://management.azure.com/', 'sql_management': 'https://management.core.windows.net:8443/'} {'azure_datalake_analytics_catalog_and_job_endpoint': 'azuredatalakeanalytics.net', 'azure_datalake_store_file_system_endpoint': 'azuredatalakestore.net', 'keyvault_dns': '.vault.azure.net', 'sql_server_hostname': '.database.windows.net', 'storage_endpoint': 'core.windows.net'} Successfully loaded command table from module 'acs'. Application event 'CommandTable.Loaded' with event data {'command_table': OrderedDict([('acs show', <azure.cli.core.commands.CliCommand object at 0x1035c8080>), ('acs delete', <azure.cli.core.commands.CliCommand object at 0x103665710>), ('acs scale', <azure.cli.core.commands.CliCommand object at 0x103665668>), ('acs list', <azure.cli.core.commands.CliCommand object at 0x103665748>), ('acs browse', <azure.cli.core.commands.CliCommand object at 0x103665828>), ('acs install-cli', <azure.cli.core.commands.CliCommand object at 0x1036658d0>), ('acs d [...] Application event 'CommandParser.Loaded' with event data {'parser': AzCliCommandParser(prog='az', usage=None, description=None, formatter_class=<class 'argparse.HelpFormatter'>, conflict_handler='error', add_help=True)} Registered application event handler 'CommandTableParams.Loaded' at <function add_id_parameters at 0x104874c80> Registered application event handler 'CommandTable.Loaded' at <function add_id_parameters at 0x104874c80> Application event 'CommandTableParams.Loaded' with event data {'command_table': OrderedDict([('acs show', <azure.cli.core.commands.CliCommand object at 0x1035c8080>), ('acs delete', <azure.cli.core.commands.CliCommand object at 0x103665710>), ('acs scale', <azure.cli.core.commands.CliCommand object at 0x103665668>), ('acs list', <azure.cli.core.commands.CliCommand object at 0x103665748>), ('acs browse', <azure.cli.core.commands.CliCommand object at 0x103665828>), ('acs install-cli', <azure.cli.core.commands.CliCommand object at 0x1036658d0>), ('acs d [...] Application event 'CommandParser.Parsed' with event data {'command': 'acs kubernetes install-cli', 'args': Namespace(_command_package='acs', _jmespath_query=None, _log_verbosity_debug=False, _log_verbosity_verbose=False, _output_format='json', _parser=AzCliCommandParser(prog='az acs kubernetes install-cli', usage=None, description='Downloads the kubectl command line from Kubernetes', formatter_class=<class 'argparse.HelpFormatter'>, conflict_handler='error', add_help=True), _validators=[], client_version='1.4.5', command='acs kubernetes install- [...] Downloading client to /usr/local/bin/kubectl Connection error while attempting to download client (<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)>)
colemickens
commented
7 years ago The same command works fine when executed outside of the dev env.
What does this mean? Do you mean the acs-engine devenv? It already has kubectl available.
Otherwise, I've not seen this before. Are you running this from a container or on a normal Linux distro or something else? Does SSL work normally elsewhere? Are you running mitmproxy/fiddler etc?
saurabsa
commented
7 years ago I am running this command on my normal OSX machine. The same command works fine when I run it from outside the az cli devenv but throws me the above error when run from inside the devenv. devenv is the one which we get from .
SSL works fine as the command works fine normally. Something is different in the devenv. Might I be missing something?
colemickens
commented
7 years ago I assume ./env/bin/activate is just virtualenv. Not really sure I understand why that would affect SSL validation. All we do is make an HTTP request with urlretrieve from urllib/urllib.request.
@derekbekoe do you know why being in the dev virtualenv would affect SSL validation?
saurabsa
commented
7 years ago Yes I agree. That's what the confusion is. Infact, this can be repro'd on another machine.
derekbekoe
commented
7 years ago @saurabsa What are the repro steps? I can create a VM and test.
saurabsa
commented
7 years ago @derekbekoe Just get in the devenv using .
derekbekoe
commented
7 years ago What OS, Python version?
Also, what's the output of pip freeze?
derekbekoe
commented
7 years ago I tried and couldn't reproduce.
saurabsa
commented
7 years ago osX = macOS Sierra version 10.12.3
python = Python 3.6.0
(env) saurabhs-mbp:easyping saurabsa$ pip freeze adal==0.4.3 applicationinsights==0.10.0 argcomplete==1.8.0 asn1crypto==0.22.0 astroid==1.4.9 autopep8==1.2.4 azure-batch==2.0.0 -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli&subdirectory=src/azure-cli -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_acr&subdirectory=src/command_modules/azure-cli-acr -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_acs&subdirectory=src/command_modules/azure-cli-acs -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_appservice&subdirectory=src/command_modules/azure-cli-appservice -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_batch&subdirectory=src/command_modules/azure-cli-batch -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_cloud&subdirectory=src/command_modules/azure-cli-cloud -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_component&subdirectory=src/command_modules/azure-cli-component -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_configure&subdirectory=src/command_modules/azure-cli-configure -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_container&subdirectory=src/command_modules/azure-cli-container -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_core&subdirectory=src/azure-cli-core -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_datalake&subdirectory=src/command_modules/azure-cli-datalake -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_documentdb&subdirectory=src/command_modules/azure-cli-documentdb -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_feedback&subdirectory=src/command_modules/azure-cli-feedback -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_find&subdirectory=src/command_modules/azure-cli-find -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_iot&subdirectory=src/command_modules/azure-cli-iot -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_keyvault&subdirectory=src/command_modules/azure-cli-keyvault -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_network&subdirectory=src/command_modules/azure-cli-network -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_nspkg&subdirectory=src/azure-cli-nspkg -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_profile&subdirectory=src/command_modules/azure-cli-profile -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_project&subdirectory=src/command_modules/azure-cli-project -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_redis&subdirectory=src/command_modules/azure-cli-redis -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_resource&subdirectory=src/command_modules/azure-cli-resource -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_role&subdirectory=src/command_modules/azure-cli-role -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_sql&subdirectory=src/command_modules/azure-cli-sql -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_storage&subdirectory=src/command_modules/azure-cli-storage -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_taskhelp&subdirectory=src/command_modules/azure-cli-taskhelp -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_testsdk&subdirectory=src/azure-cli-testsdk -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_utility_automation&subdirectory=scripts -e git+https://github.com/saurabsa/azure-cli.git@6a79b4bb7295771d7c2b949feef88d89f0cb7670#egg=azure_cli_vm&subdirectory=src/command_modules/azure-cli-vm azure-common==1.1.4 azure-datalake-store==0.0.5 azure-graphrbac==0.30.0rc6 azure-keyvault==0.1.0 azure-mgmt-authorization==0.30.0rc6 azure-mgmt-batch==3.0.0 azure-mgmt-compute==0.33.1rc1 azure-mgmt-containerregistry==0.1.1 azure-mgmt-datalake-analytics==0.1.3 azure-mgmt-datalake-nspkg==1.0.0 azure-mgmt-datalake-store==0.1.3 azure-mgmt-dns==1.0.0 azure-mgmt-documentdb==0.1.0 azure-mgmt-iothub==0.2.1 azure-mgmt-keyvault==0.30.0 azure-mgmt-network==0.30.0 azure-mgmt-nspkg==1.0.0 azure-mgmt-redis==1.0.0 azure-mgmt-resource==0.30.2 azure-mgmt-sql==0.3.2 azure-mgmt-storage==0.31.0 azure-mgmt-trafficmanager==0.30.0rc6 azure-mgmt-web==0.31.0 azure-nspkg==1.0.0 azure-storage==0.33.0 certifi==2017.1.23 cffi==1.9.1 colorama==0.3.7 coverage==4.2 cryptography==1.8.1 flake8==3.2.1 idna==2.5 isodate==0.5.4 jmespath==0.9.2 keyring==10.3.1 lazy-object-proxy==1.2.2 mccabe==0.5.3 mock==1.3.0 msrest==0.4.6 msrestazure==0.4.7 nose==1.3.7 oauthlib==2.0.2 packaging==16.8 paramiko==2.0.2 pbr==2.0.0 pep8==1.7.0 pyasn1==0.2.3 pycodestyle==2.2.0 pycparser==2.17 pyflakes==1.3.0 Pygments==2.1.3 PyJWT==1.4.2 pylint==1.5.4 pyOpenSSL==16.2.0 pyparsing==2.2.0 python-dateutil==2.6.0 PyYAML==3.11 requests==2.9.1 requests-oauthlib==0.8.0 scp==0.10.2 six==1.10.0 sshtunnel==0.1.2 tabulate==0.7.5 urllib3==1.16 vcrpy==1.10.3 Whoosh==2.7.4 wrapt==1.10.10 xmltodict==0.10.2
saurabsa
commented
7 years ago I and @derekbekoe investigated the issue. The issue seems to be because of Python3.6. It can be repro'd if we set the devenv using Python3.6. Python3.5 seems to work fine. Repro steps:
_git clone https://github.com/Azure/azure-cli cd azure-cli python3.6 -m venv env . env/bin/activate python scripts/devsetup.py . az.completion.sh
Run command: az acs kubernetes install-cli Connection error while attempting to download client (<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)>)
This could be repro'd by @derekbekoe as well.
For now, we can switch to 3.5 and it would unblock us. But 3.6 should also be supported I guess. Thanks @derekbekoe for the help.
djarvis
commented
7 years ago I am getting this error with python 3.5.1 on my Windows 10 machine.
brendandburns
commented
7 years ago @saurabsa
I believe this is the explanation: http://stackoverflow.com/a/42334357/4364364
Basically Python 3.6 on OS X doesn't install any certs by default.
brendandburns
commented
7 years ago brendandburns
commented
7 years ago I'm going to close this, since it is not a cli issue, afaik.
marcelloromani
commented
6 years ago For future reference, the linked python bug contains a command which fixed the issue for me (on Mac OS X 10.12.6): /Applications/Python\ 3.6/Install\ Certificates.command
anujb
commented
6 years ago TLDR; Quick fix:
Execute the following command to resolve the issue:
/Applications/Python\ 3.6/Install\ Certificates.command
Background:
Python 3.6 has an explicit post-installation step to install certificates since they are not installed at the point of installation. The command above will install the certifi package and resolve any CERTIFICATE_VERIFY_FAILED issue.
Currently on macOS 10.12.16 + Python 3.6.
-Anuj
Sudharma
commented
5 years ago If I Install certificates as mentined
TLDR; Quick fix:
Execute the following command to resolve the issue:
/Applications/Python\ 3.6/Install\ Certificates.commandBackground:
Python 3.6 has an explicit post-installation step to install certificates since they are not installed at the point of installation. The command above will install the certifi package and resolve any
CERTIFICATE_VERIFY_FAILEDissue.Currently on macOS 10.12.16 + Python 3.6.
-Anuj
If I install certificates like above. I get an error like this. This is with Python 3.7.1
azure-mgmt-recoveryservicesbackup 0.1.1 has requirement msrestazure~=0.4.11, but you'll have msrestazure 0.5.0 which is incompatible.
azure-mgmt-recoveryservices 0.1.0 has requirement msrestazure~=0.4.11, but you'll have msrestazure 0.5.0 which is incompatible.
azure-mgmt-datalake-analytics 0.2.0 has requirement msrestazure~=0.4.7, but you'll have msrestazure 0.5.0 which is incompatible.
When running from the developer environment, its throwing error: Connection error while attempting to download client (<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)>)
The same command works fine when executed outside of the dev env.