Getting error while tower-cli ssl 590 protocol

[mcgonagle]

Unable to run tower-cli commands against latest version of ansbile-tower 3.2.1.21 from vagrant image https://app.vagrantup.com/ansible/boxes/tower.

Any help would be greatly appreciated.

` (ansible2) mcgonagle@macbook:~/Dropbox/ansible_f5> sudo tower-cli user list --insecure -v * DETAILS: Getting records. *** GET https://localhost:10443/api/v2/users/ Params: {'page': 1}

SSL connection failed: HTTPSConnectionPool(host='localhost', port=10443): Max retries exceeded with url: /api/v2/users/?page=1 (Caused by SSLError(SSLEOFError(8, u'EOF occurred in violation of protocol (_ssl.c:590)'),))

Error: Could not establish a secure connection. Please add the server to your certificate authority. You can run this command without verifying SSL with the --insecure flag, or permanently disable verification by the config setting:

tower-cli config verify_ssl false (ansible2) mcgonagle@macbook:~/Dropbox/ansible_f5> sudo tower-cli config

User options (set with tower-cli config; stored in ~/.tower_cli.cfg).

username: tom password: redacted host: https://localhost:10443 verify_ssl: False description_on: True verbose: True format: human color: True use_token: False

Defaults.

certificate: `

[AlanCoding]

Are you using a custom certificate? I can't fully tell from the output above.

[mcgonagle]

@AlanCoding I am using the default certificate that comes with Ansible-Tower Vagrant image.

[AlanCoding]

This looks like you hit the same error as was seen in #122. I also have the gut feeling that I've seen this when I put in https while the server was actually serving http. I would compare to what URL you see in a browser. I would also probably avoid setting verify_ssl to False, and specifying a cert path at the same time. @jangsutsr, does anything other configurable here ring a bell for you?

[mcgonagle]

Tried to follow the following directions to download the cert so I could specify your suggestion to use cert path instead. And got the following error: https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file (ansible3) mcgonagle@macbook:~> openssl s_client -connect localhost:10443 -showcert </dev/null 2>/dev/null|openssl x509 -outform PEM >mycertfile.pem unable to load certificate 41861:error:0906D06C:PEM routines:PEM_read_bio:no start line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/crypto/pem/pem_lib.c:648:Expecting: TRUSTED CERTIFICATE

[mcgonagle]

Tried the following. No luck: (ansible3) mcgonagle@macbook:~/Dropbox/Tower2> tower-cli config /Users/mcgonagle/ansible3/lib/python2.7/site-packages/tower_cli/conf.py:57: RuntimeWarning: File /Users/mcgonagle/.tower_cli.cfg readable by group or others. .format(fpname), RuntimeWarning)

User options (set with tower-cli config; stored in ~/.tower_cli.cfg).

username: tom password: Redacted host: localhost:10443 verify_ssl: False description_on: True verbose: True format: human color: True use_token: False certificate: /Users/mcgonagle/Dropbox/Tower2/tower.cert

(ansible3) mcgonagle@macbook:~/Dropbox/Tower2> tower-cli user list -v /Users/mcgonagle/ansible3/lib/python2.7/site-packages/tower_cli/conf.py:57: RuntimeWarning: File /Users/mcgonagle/.tower_cli.cfg readable by group or others. .format(fpname), RuntimeWarning) * DETAILS: Getting records. *** GET https://localhost:10443/api/v2/users/ Params: {'page': 1}

SSL connection failed: HTTPSConnectionPool(host='localhost', port=10443): Max retries exceeded with url: /api/v2/users/?page=1 (Caused by SSLError(SSLEOFError(8, u'EOF occurred in violation of protocol (_ssl.c:590)'),))

Suggestion: add the correct http:// or https:// prefix to the host configuration. Error: Could not establish a secure connection. Please add the server to your certificate authority. You can run this command without verifying SSL with the --insecure flag, or permanently disable verification by the config setting:

tower-cli config verify_ssl false

[mcgonagle]

Created a new tower.cert and tower.key, restarted nginx. No luck still getting the same error.

[aoyawale]

part of this is that a default tower install will use the self sign cert that is not signed by a CA and this connection tries to verify those certs. What I have done is change the host from https to http. I did not change the verify_ssl but, it still shows up as false. What version of tower-cli are you using? I will test this on my end.

tower-cli config

# User options (set with `tower-cli config`; stored in ~/.tower_cli.cfg).
host: http://127.0.0.1
username: admin
password: password
verify_ssl: False

# Defaults.
description_on: False
verbose: False
certificate: 
format: human
color: True
use_token: False

[aoyawale]

just tried it and it worked for me fine on the latest vagrant. tower-cli version Tower CLI 3.2.0 Ansible Tower 3.2.1.21 ` ==== ============ =================  tower-cli config

User options (set with tower-cli config; stored in ~/.tower_cli.cfg).

host: https://10.42.0.42 username: admin password: verify_ssl: True

Defaults.

description_on: False verbose: False certificate: format: human color: True use_token: False `

[mcgonagle]

@jlozadad Thanks so much for trying this out. I am afraid I can't access my vm on 10.42.0.42. I follow the directions to create a Vagrantfile with vagrant init ansible/tower, but the tower instance is unavaialble on https://10.42.0.42. The only way to access it is to specifically enable config.vm.network "forwarded_port", guest: 443, host: 10443

And then connect to https://localhost:10443. I tbelieve this is the crux of the problem. Could you share your Vagrantfile and what you are doing to be able to connect to the VM at 10.42.0.42?

[aoyawale]

I used what is on the ansible download page $ vagrant init ansible/tower $ vagrant up --provider virtualbox $ vagrant ssh that is the IP that vagrant gives me.