cppforlife
commented
7 years ago @ftcjeff seems like your https proxy returns a certificate that cannot be verified by the aws cpi. im assuming you have installed custom ca cert on your machine?
Open ftcjeff opened 7 years ago
cppforlife
commented
7 years ago @ftcjeff seems like your https proxy returns a certificate that cannot be verified by the aws cpi. im assuming you have installed custom ca cert on your machine?
ftcjeff
commented
7 years ago @cppforlife No, this is just how we access the internet at our site. It's a (very) large enterprise, so I have no insight into how they deploy / configure the proxies. We're not given any ca certs for them.
ftcjeff
commented
7 years ago I'm going to attach my full deploy log with full debug turned on. Hopefully that helps. I tried to scrub all of my PII out of it, but if anyone happens to see something in there please let me know so I can scrub some more. Thanks!
dpb587-pivotal
commented
7 years ago If you're using https_proxy, pretty sure you'll be needing to configure trusted_certs - I think they'll would some certs somewhere for you to install?
My first time trying to deploy Cloud Foundry using bosh-init on AWS. The AWS environment is set up according to the instructions here. I have updated the bosh.yml and replaced all of the PLACEHOLDERS with correct values. My proxies were set to the correct servers in the environment variables http_proxy and https_proxy. I also tried putting these variables in an "env" section in the bosh.yml file. No matter what I tried, I always got the result below. I also tried "bosh-init delete" on this config before trying to deploy again. When I came home (no proxy), I got past this step although it failed again in a different way... but I haven't dug into that failure yet.
ftcpops [rey-bosh]➟ bosh-init deploy ./bosh.yml Deployment manifest: '/Users/ftcpops/cloudfoundry/rey-bosh/bosh.yml' Deployment state: '/Users/ftcpops/cloudfoundry/rey-bosh/bosh-state.json'
Started validating Downloading release 'bosh'... Skipped Found in local cache Validating release 'bosh'... Finished (00:00:01) Downloading release 'bosh-aws-cpi'... Skipped Found in local cache Validating release 'bosh-aws-cpi'... Finished (00:00:00) Validating cpi release... Finished (00:00:00) Validating deployment manifest... Finished (00:00:00) Downloading stemcell... Skipped Found in local cache Validating stemcell... Finished (00:00:00) Finished validating (00:00:01)
Started installing CPI Compiling package 'ruby_aws_cpi/5e8696452d4676dd97010e91475e86b23b7e2042'... Finished (00:00:00) Compiling package 'bosh_aws_cpi/81719102fc7b6d06d83f2bd411ab23b998593f4c'... Finished (00:00:00) Installing packages... Finished (00:00:01) Rendering job templates... Finished (00:00:00) Installing job 'aws_cpi'... Finished (00:00:00) Finished installing CPI (00:00:02)
Starting registry... Finished (00:00:00) Uploading stemcell 'bosh-aws-xen-hvm-ubuntu-trusty-go_agent/3262.4'... Failed (00:01:27) Stopping registry... Finished (00:00:00) Cleaning up rendered CPI jobs... Finished (00:00:00)
Command 'deploy' failed: creating stemcell (bosh-aws-xen-hvm-ubuntu-trusty-go_agent 3262.4): CPI 'create_stemcell' method responded with error: CmdError{"type":"Unknown","message":"SSL_connect returned=1 errno=0 state=error: certificate verify failed","ok_to_retry":false}