search

coreos / kpm

KPM is a tool to deploy and manage application stacks on Kubernetes.
Apache License 2.0
124 stars 29 forks source link

SSL: CERTIFICATE_VERIFY_FAILED #140

Closed dougbtv closed 7 years ago

dougbtv commented 7 years ago

Is there a way per-chance to ignore SSL certificate verification?

When running a kpm deploy ... https://kpm.sh I'm getting an error like so:

[openshift@test-cluster-master-0 stackanetes]$ kpm deploy coreos/kpm-registry --namespace kpm -H https://kpm.sh
Traceback (most recent call last):
  File "/usr/bin/kpm", line 8, in <module>
    args.func(args)
  File "/usr/lib/python2.7/site-packages/kpm/command.py", line 49, in install
    variables=variables)
  File "/usr/lib/python2.7/site-packages/kpm/deploy.py", line 83, in deploy
    return _process(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/kpm/deploy.py", line 31, in _process
    packages = registry.generate(package_name, namespace=namespace, version=version, variables=variables)
  File "/usr/lib/python2.7/site-packages/kpm/registry.py", line 73, in generate
    r = requests.get(self._url(path), data=json.dumps(body), params=params, headers=self.headers)
  File "/usr/lib/python2.7/site-packages/requests/api.py", line 70, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/api.py", line 56, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 488, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 609, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 497, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:765)

I couldn't find in the documentation anything about ignoring cert verification. e.g. with 

[openshift@test-cluster-master-0 stackanetes]$ kpm -h
[openshift@test-cluster-master-0 stackanetes]$ kpm deploy -h

KPM installed like:

sudo pip install kpm -U

Here's my KPM version:

[root@test-cluster-master-0 stackanetes]# pip show kpm | grep Version
Metadata-Version: 1.1
Version: 0.16.1
dougbtv commented 7 years ago

This may be likely due to the version being out of date. Once updated to 0.21.1rc2 -- I didn't have the error anymore and I could deploy a kpm registry locally using:

kpm deploy coreos/kpm-registry --namespace kpm -H https://kpm.sh
ant31 commented 7 years ago

Hi, fyi, the plan is to remove the -H option and having a command line closer to docker: 

kpm deploy kpm.sh/coreos/kpm-registry
kpm deploy localhost:5000/ns/myapp

and add the option --allow-insecure to accept self-signed or try in http:// too

is kpm.sh an alias? it should be https://beta.kpm.sh or api.kpm.sh

dougbtv commented 7 years ago

Thanks @ant31 for the update!

Looks like I had a copy-paste mistake from my history in the above. I believe the actual command that works is pointed @ beta.kpm.sh -- and not just kpm.sh a la:

kpm deploy coreos/kpm-registry --namespace kpmtester -H https://beta.kpm.sh