search

ansibleplaybookbundle / ansible-playbook-bundle

THIS REPO IS MIGRATING: https://github.com/automationbroker/apb
GNU General Public License v2.0
140 stars 70 forks source link

Connection refused when using HTTPS #122

Closed slaskawi closed 7 years ago

slaskawi commented 7 years ago

After the latest changes to the templates I can not use HTTP (only HTTPS is allowed). When using oc cluster up, the CA is automatically generated upon server startup and is not trusted in the system.

Now, when I try to list APBs, I get the following error:

$ apb list --broker https://asb-1338-ansible-service-broker.127.0.0.1.nip.io --secure
ERROR: Failed broker request (get) https://asb-1338-ansible-service-broker.127.0.0.1.nip.io/v2/catalog
Exception occurred! ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",)

$ rpm -qa apb
apb-0.2.4-1.20170926162656.fc26.noarch

With the latest Docker image it's even worse:

$ sudo docker run --rm --privileged -v `pwd`:/mnt -v /home/slaskawi/.kube:/.kube -v /var/run/docker.sock:/var/run/docker.sock -u `id -u` docker.io/ansibleplaybookbundle/apb list --broker https://asb-1338-ansible-service-broker.127.0.0.1.nip.io --secure
ERROR: Failed broker request (get) https://asb-1338-ansible-service-broker.127.0.0.1.nip.io/v2/catalog
Exception occurred! HTTPSConnectionPool(host='asb-1338-ansible-service-broker.127.0.0.1.nip.io', port=443): Max retries exceeded with url: /v2/catalog (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x2fcc9d0>: Failed to establish a new connection: [Errno 111] Connection refused',))

$ sudo docker images | grep ansibleplaybookbundle/apb
registry.hub.docker.com/ansibleplaybookbundle/apb-base                               latest              15a9c4faab0c        6 hours ago         645 MB
docker.io/ansibleplaybookbundle/apb                                                  latest              dbd62e0e79a2        7 days ago          705 MB

So it seems there is no --allow-untrusted (or similar) switch, which would allow using oc cluster up. And the second thing is that RPM and Docker image of APB are out of sync.

slaskawi commented 7 years ago

BTW, without --secure I get this:

$ apb list                                                                  
Error: Attempt to list APBs in the broker returned status: 403
Unable to list APBs in Ansible Service Broker.
slaskawi commented 7 years ago

This also may (or not) be connected with https://github.com/openshift/ansible-service-broker/issues/443

rthallisey commented 7 years ago

When https://github.com/openshift/ansible-service-broker/pull/445 was merged, https became a requirement. Here's the documentation for using bearer auth: https://github.com/openshift/ansible-service-broker/blob/master/docs/ssl_tls.md.

The apb tool got support to authenticate to the broker with this patch: https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/pull/123 so everything should be all set. Please re open if you're still seeing the issue.