Closed peterellisjones closed 4 years ago
Hi @peterellisjones, thank you for contribution. While deploying on PCF, I have a bunch of waring like that, even with your PR applied:
/var/vcap/packages/python3/lib/python3.6/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
INFO:root:Object /var/vcap/jobs/upload-kibana-objects/kibana-objects/search/platform-haproxy.json Uploaded Successfully
/var/vcap/packages/python3/lib/python3.6/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
/var/vcap/packages/python3/lib/python3.6/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
INFO:root:Object /var/vcap/jobs/upload-kibana-objects/kibana-objects/search/platform-all-overview.json Uploaded Successfully
Is it possible to do anything about that?
Isn't the InsecureRequestWarning
because you have skip_ssl_validation to true
?
By the way applying this fix manually also solves this issue for us.
Thank you @mymasse !
Thanks @peterellisjones for the PR!
Hi logsearch-for-cloudfoundry team,
By default the python3 requests library does not trust the system CA certs. It is quite common to have custom certificates on the Cloud Foundry routers which are signed by local CA certificates that are installed on each bosh-deployed VM (for example via ca_certs job or when configuring the director).
This fixes an issue where the upload-kibana-objects errand fails because the python3 requests library does not load custom CAs that have been installed as system root certificates, and therefore gets an
[SSL: CERTIFICATE_VERIFY_FAILED]
error when attempting to make requests to the CF API.I have verified that this works by updating the script and running
/var/vcap/jobs/upload-kibana-objects/bin/run
successfully.kind regards,
Pete