search

DMTF / Redfish-Protocol-Validator

The Redfish Protocol Validator tests the HTTP protocol behavior of a Redfish service to validate that it conforms to the Redfish specification.
Other
14 stars 12 forks source link

Error [SSL: CERTIFICATE_VERIFY_FAILED] and Warning NTPServers array failed with status 401 #25

Closed scottbusi closed 4 months ago

scottbusi commented 3 years ago

We have not run the protocol validator in a few months and have made some redfish changes. We now get the following error and warning which we have not seen before. We know we have some implementation issues on NTP but have not had an issue with PATCH, we are puzzled by the CERTIFICATE_VERIFY_FAILED

ERROR:root:Caught exception while creating or patching accounts; Exception: HTTPSConnectionPool(host='10.0.127.170', port=443): Max retries exceeded with url: /redfish/v1/AccountService/Accounts/6 (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),)); continuing with test

WARNING:root:Attempt to PATCH /redfish/v1/Managers/Self/NetworkProtocol to restore the original NTPServers array failed with status 401; PATCH payload: {'NTP': {'NTPServers': ['pool.ntp.org', 'time.nist.gov']}}

mraineri commented 3 years ago

Are you able to run with the --no-cert-check option? If it helps, then it should narrow down some of the things to check with this issue.

scottbusi commented 3 years ago

Yes ran --no-cert-check

root@scottsys Redfish-Protocol-Validator-master]# python3 rf_protocol_validator.py -u Administrator -p superuser -r https://10.8.1.90 --avoid-http-redirect --no-cert-check ERROR:root:Caught exception while creating or patching accounts; Exception: HTTPSConnectionPool(host='10.8.1.90', port=443): Max retries exceeded with url: /redfish/v1/AccountService/Accounts/9 (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),)); continuing with test WARNING:root:Attempt to PATCH /redfish/v1/Managers/Self/NetworkProtocol to restore the original NTPServers array failed with status 400; PATCH payload: {'NTP': {'NTPServers': ['overwrite.ntp.org', '']}} Summary - PASS: 401, WARN: 0, FAIL: 15, NOT_TESTED: 39 Report output:

mraineri commented 3 years ago

Still looking into this, but at the moment this appears to be two different issues.

Specifically for the NTPServers issue, I'm wondering if the service you're using does not allow for an empty string to be provided to the NTPServers array. It's odd that it would start off with an empty string, and later reject a client request that contains the same data.

Could you try using these curl commands and provide the output to see if we get an error message that explains the problem? The first curl command does exactly what the tool is trying to do, and the others try different ways to configure the NTPServers array.

curl -k -u Administrator:superuser -D - -X PATCH 'https://10.8.1.90/redfish/v1/Managers/Self/NetworkProtocol' -H "Content-Type: application/json" -d '{ "NTP": {"NTPServers": ["overwrite.ntp.org", ""]}}'
curl -k -u Administrator:superuser -D - -X PATCH 'https://10.8.1.90/redfish/v1/Managers/Self/NetworkProtocol' -H "Content-Type: application/json" -d '{ "NTP": {"NTPServers": ["overwrite.ntp.org", "overwrite2.ntp.org"]}}'
curl -k -u Administrator:superuser -D - -X PATCH 'https://10.8.1.90/redfish/v1/Managers/Self/NetworkProtocol' -H "Content-Type: application/json" -d '{ "NTP": {"NTPServers": ["overwrite.ntp.org", null]}}'
mraineri commented 4 months ago

Closing; no updates from submitter...