search

projectatomic / atomicapp

[UNMAINTAINED] This is the reference implementation of the Nulecule container application Specification: Atomic App
102 stars 71 forks source link

error on ca cert for k8s api #776

Closed cdrage closed 8 years ago

cdrage commented 8 years ago 
DEBUG  :: - providers/kubernetes.py :: List of parameters passed: {'provider-tlsverify': None, 'provider-api': None, 'provider-cafile': None, 'provider-auth': None}
DEBUG  :: - providers/kubernetes.py :: .kube/config exists, using default configuration file
DEBUG  :: - providers/lib/kubeshift/kubebase.py :: Verification will be required for all API calls
ERROR  :: - cli/main.py :: cafile must be None or a byte string
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/atomicapp-0.6.1-py2.7.egg/atomicapp/cli/main.py", line 130, in cli_func_exec
    cli_func(cli_func_args)
  File "/usr/local/lib/python2.7/dist-packages/atomicapp-0.6.1-py2.7.egg/atomicapp/cli/main.py", line 84, in cli_run
    nm.run(**argdict)
  File "/usr/local/lib/python2.7/dist-packages/atomicapp-0.6.1-py2.7.egg/atomicapp/nulecule/main.py", line 322, in run
    self.nulecule.run(cli_provider, dryrun)
  File "/usr/local/lib/python2.7/dist-packages/atomicapp-0.6.1-py2.7.egg/atomicapp/nulecule/base.py", line 206, in run
    component.run(provider_key, dryrun)
  File "/usr/local/lib/python2.7/dist-packages/atomicapp-0.6.1-py2.7.egg/atomicapp/nulecule/base.py", line 340, in run
    provider.init()
  File "/usr/local/lib/python2.7/dist-packages/atomicapp-0.6.1-py2.7.egg/atomicapp/providers/kubernetes.py", line 107, in init
    self.api = Client(KubeConfig.from_file(default_config_loc), "kubernetes")
  File "/usr/local/lib/python2.7/dist-packages/atomicapp-0.6.1-py2.7.egg/atomicapp/providers/lib/kubeshift/client.py", line 42, in __init__
    self.connection = KubeKubernetesClient(config)
  File "/usr/local/lib/python2.7/dist-packages/atomicapp-0.6.1-py2.7.egg/atomicapp/providers/lib/kubeshift/kubernetes.py", line 54, in __init__
    self.api.test_connection(self.k8s_api)
  File "/usr/local/lib/python2.7/dist-packages/atomicapp-0.6.1-py2.7.egg/atomicapp/providers/lib/kubeshift/kubebase.py", line 180, in test_connection
    self.api.request("get", url)
  File "/usr/local/lib/python2.7/dist-packages/requests-2.7.0-py2.7.egg/requests/sessions.py", line 465, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests-2.7.0-py2.7.egg/requests/sessions.py", line 573, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests-2.7.0-py2.7.egg/requests/adapters.py", line 370, in send
    timeout=timeout
  File "/usr/local/lib/python2.7/dist-packages/requests-2.7.0-py2.7.egg/requests/packages/urllib3/connectionpool.py", line 544, in urlopen
    body=body, headers=headers)
  File "/usr/local/lib/python2.7/dist-packages/requests-2.7.0-py2.7.egg/requests/packages/urllib3/connectionpool.py", line 341, in _make_request
    self._validate_conn(conn)
  File "/usr/local/lib/python2.7/dist-packages/requests-2.7.0-py2.7.egg/requests/packages/urllib3/connectionpool.py", line 761, in _validate_conn
    conn.connect()
  File "/usr/local/lib/python2.7/dist-packages/requests-2.7.0-py2.7.egg/requests/packages/urllib3/connection.py", line 238, in connect
    ssl_version=resolved_ssl_version)
  File "/usr/local/lib/python2.7/dist-packages/requests-2.7.0-py2.7.egg/requests/packages/urllib3/contrib/pyopenssl.py", line 265, in ssl_wrap_socket
    ctx.load_verify_locations(ca_certs, None)
  File "/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 303, in load_verify_locations
    raise TypeError("cafile must be None or a byte string")
TypeError: cafile must be None or a byte string

When we provide a CA file in our configuration.

▶ cat ~/.kube/config 
apiVersion: v1
clusters:
- cluster:
    certificate-authority: /home/FOOBAR/k8s/ca.pem
    server: https://FOOBAR
  name: calico-cluster
contexts:
- context:
    cluster: foobar-cluster
    user: foobar-admin
  name: foobar
current-context: foobar
kind: Config
preferences: {}
users:
- name: foobar-admin
  user:
    client-certificate: /home/FOOBAR/k8s/apiserver.pem
    client-key: /home/FOOBAR/k8s/apiserver-key.pem
cdrage commented 8 years ago

Grrrr. Seems to be Debian related with an old python-openssl package. See here: https://github.com/pimutils/vdirsyncer/issues/258

cdrage commented 8 years ago

Upgrading the openssl package via pip works.

dustymabe commented 8 years ago

@cdrage - should this be closed?

cdrage commented 8 years ago

@dustymabe Yes, I just had it open for my record this can be closed :)