{"@timestamp":"2023-07-16T14:16:59.210Z","log.level":"debug","message":"Starting new HTTP connection (1): cfssl:8888","ecs":{"version":"1.6.0"},"log":{"logger":"urllib3.connectionpool","origin":{"file":{"line":244,"name":"connectionpool.py"},"function":"_new_conn"},"original":"Starting new HTTP connection (1): cfssl:8888"},"process":{"name":"SpawnProcess-1","pid":29,"thread":{"id":140358055172992,"name":"MainThread"}}}
INFO: 172.31.0.5:57560 - "POST /api/v1/product/sign_csr HTTP/1.0" 500 Internal Server Error
ERROR: Exception in ASGI application
Traceback (most recent call last):
File "/.venv/lib/python3.11/site-packages/urllib3/connection.py", line 200, in _new_conn
sock = connection.create_connection(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/.venv/lib/python3.11/site-packages/urllib3/util/connection.py", line 85, in create_connection
raise err
File "/.venv/lib/python3.11/site-packages/urllib3/util/connection.py", line 73, in create_connection
sock.connect(sa)
ConnectionRefusedError: [Errno 111] Connection refused
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 790, in urlopen
response = self._make_request(
^^^^^^^^^^^^^^^^^^^
File "/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 496, in _make_request
conn.request(
File "/.venv/lib/python3.11/site-packages/urllib3/connection.py", line 388, in request
self.endheaders()
File "/usr/local/lib/python3.11/http/client.py", line 1281, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/local/lib/python3.11/http/client.py", line 1041, in _send_output
self.send(msg)
File "/usr/local/lib/python3.11/http/client.py", line 979, in send
self.connect()
File "/.venv/lib/python3.11/site-packages/urllib3/connection.py", line 236, in connect
self.sock = self._new_conn()
^^^^^^^^^^^^^^^^
File "/.venv/lib/python3.11/site-packages/urllib3/connection.py", line 215, in _new_conn
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7fa7a45c6c90>: Failed to establish a new connection: [Errno 111] Connection refused
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/.venv/lib/python3.11/site-packages/requests/adapters.py", line 486, in send
resp = conn.urlopen(
^^^^^^^^^^^^^
File "/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 844, in urlopen
retries = retries.increment(
^^^^^^^^^^^^^^^^^^
File "/.venv/lib/python3.11/site-packages/urllib3/util/retry.py", line 515, in increment
raise MaxRetryError(_pool, url, reason) from reason # type: ignore[arg-type]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='cfssl', port=8888): Max retries exceeded with url: /api/v1/cfssl/info (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fa7a45c6c90>: Failed to establish a new connection: [Errno 111] Connection refused'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/.venv/lib/python3.11/site-packages/uvicorn/protocols/http/httptools_impl.py", line 419, in run_asgi
result = await app( # type: ignore[func-returns-value]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/.venv/lib/python3.11/site-packages/uvicorn/middleware/proxy_headers.py", line 78, in __call__
return await self.app(scope, receive, send)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/.venv/lib/python3.11/site-packages/fastapi/applications.py", line 289, in __call__
await super().__call__(scope, receive, send)
File "/.venv/lib/python3.11/site-packages/starlette/applications.py", line 122, in __call__
await self.middleware_stack(scope, receive, send)
File "/.venv/lib/python3.11/site-packages/starlette/middleware/errors.py", line 184, in __call__
raise exc
File "/.venv/lib/python3.11/site-packages/starlette/middleware/errors.py", line 162, in __call__
await self.app(scope, receive, _send)
File "/.venv/lib/python3.11/site-packages/starlette/middleware/exceptions.py", line 79, in __call__
raise exc
File "/.venv/lib/python3.11/site-packages/starlette/middleware/exceptions.py", line 68, in __call__
await self.app(scope, receive, sender)
File "/.venv/lib/python3.11/site-packages/fastapi/middleware/asyncexitstack.py", line 20, in __call__
raise e
File "/.venv/lib/python3.11/site-packages/fastapi/middleware/asyncexitstack.py", line 17, in __call__
await self.app(scope, receive, send)
File "/.venv/lib/python3.11/site-packages/starlette/routing.py", line 718, in __call__
await route.handle(scope, receive, send)
File "/.venv/lib/python3.11/site-packages/starlette/routing.py", line 276, in handle
await self.app(scope, receive, send)
File "/.venv/lib/python3.11/site-packages/starlette/routing.py", line 66, in app
response = await func(request)
^^^^^^^^^^^^^^^^^^^
File "/.venv/lib/python3.11/site-packages/fastapi/routing.py", line 273, in app
raw_response = await run_endpoint_function(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/.venv/lib/python3.11/site-packages/fastapi/routing.py", line 190, in run_endpoint_function
return await dependant.call(**values)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/src/rasenmaeher_api/web/api/product/views.py", line 56, in return_ca_and_sign_csr
cachain = await get_ca()
^^^^^^^^^^^^^^
File "/app/src/rasenmaeher_api/web/api/product/views.py", line 27, in get_ca
response = requests.request("POST", url, headers=headers, data=payload, timeout=5) # FIXME: switch to aiohttp
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/.venv/lib/python3.11/site-packages/requests/api.py", line 59, in request
return session.request(method=method, url=url, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/.venv/lib/python3.11/site-packages/requests/sessions.py", line 589, in request
resp = self.send(prep, **send_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/.venv/lib/python3.11/site-packages/requests/sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/.venv/lib/python3.11/site-packages/requests/adapters.py", line 519, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='cfssl', port=8888): Max retries exceeded with url: /api/v1/cfssl/info (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fa7a45c6c90>: Failed to establish a new connection: [Errno 111] Connection refused'))
CFSSL container logs
➜ ~ docker logs docker-rasenmaeher-integration-cfssl-1
Sat Jul 15 13:35:24 UTC 2023 --- Init CA certificates
Sat Jul 15 13:35:24 UTC 2023 --- Using file defined in INIT_CA_JSON_FILE as base config
Sat Jul 15 13:35:24 UTC 2023 --- Using file defined in INIT_CA_JSON_FILE as base config
2023/07/15 13:35:24 [INFO] generating a new CA key and certificate from CSR
2023/07/15 13:35:24 [INFO] generate received request
2023/07/15 13:35:24 [INFO] received CSR
2023/07/15 13:35:24 [INFO] generating key: rsa-2048
2023/07/15 13:35:24 [INFO] encoded CSR
2023/07/15 13:35:24 [INFO] signed certificate with serial number 219808195137932297343344351691070009692446962722
2023/07/15 13:35:24 [INFO] generating a new CA key and certificate from CSR
2023/07/15 13:35:24 [INFO] generate received request
2023/07/15 13:35:24 [INFO] received CSR
2023/07/15 13:35:24 [INFO] generating key: rsa-2048
2023/07/15 13:35:24 [INFO] encoded CSR
2023/07/15 13:35:24 [INFO] signed certificate with serial number 188660006281673012716034273046974306169428711005
2023/07/15 13:35:24 [INFO] signed certificate with serial number 360559023974240030872976940246629661328439047630
Sat Jul 15 13:35:24 UTC 2023 --- Init complete...
Sat Jul 15 13:35:24 UTC 2023 --- running first time goose init tasks...
Sat Jul 15 13:35:24 UTC 2023 --- Starting sqlite goose addong
goose: migrating db environment 'development', current version: 0, target: 2
OK 001_CreateCertificates.sql
OK 002_AddMetadataToCertificates.sql
Sat Jul 15 13:35:24 UTC 2023 --- Running 'cfssl serve'
2023/07/15 13:35:24 [INFO] Initializing signer
2023/07/15 13:35:24 [WARNING] couldn't initialize ocsp signer: open : no such file or directory
2023/07/15 13:35:24 [INFO] endpoint '/api/v1/cfssl/sign' is enabled
2023/07/15 13:35:24 [INFO] bundler API ready
2023/07/15 13:35:24 [INFO] endpoint '/api/v1/cfssl/bundle' is enabled
2023/07/15 13:35:24 [INFO] endpoint '/api/v1/cfssl/init_ca' is enabled
2023/07/15 13:35:24 [INFO] endpoint '/api/v1/cfssl/revoke' is enabled
2023/07/15 13:35:24 [INFO] endpoint '/' is enabled
2023/07/15 13:35:24 [INFO] endpoint '/api/v1/cfssl/health' is enabled
2023/07/15 13:35:24 [INFO] endpoint '/api/v1/cfssl/gencrl' is enabled
2023/07/15 13:35:24 [INFO] endpoint '/api/v1/cfssl/newcert' is enabled
2023/07/15 13:35:24 [INFO] endpoint '/api/v1/cfssl/scan' is enabled
2023/07/15 13:35:24 [WARNING] endpoint 'authsign' is disabled: {"code":5200,"message":"Invalid or unknown policy"}
2023/07/15 13:35:24 [INFO] endpoint '/api/v1/cfssl/info' is enabled
2023/07/15 13:35:24 [INFO] setting up key / CSR generator
2023/07/15 13:35:24 [INFO] endpoint '/api/v1/cfssl/newkey' is enabled
2023/07/15 13:35:24 [INFO] endpoint '/api/v1/cfssl/certinfo' is enabled
2023/07/15 13:35:24 [WARNING] endpoint 'ocspsign' is disabled: signer not initialized
2023/07/15 13:35:24 [INFO] endpoint '/api/v1/cfssl/crl' is enabled
2023/07/15 13:35:24 [INFO] endpoint '/api/v1/cfssl/scaninfo' is enabled
2023/07/15 13:35:24 [INFO] endpoint '/api/v1/cfssl/certadd' is enabled
2023/07/15 13:35:24 [INFO] Handler set up complete.
2023/07/15 13:35:24 [INFO] Now listening on 127.0.0.1:8888
Sat Jul 15 13:39:27 UTC 2023 --- Starting sqlite goose addong
goose: no migrations to run. current version: 2
Sat Jul 15 13:39:27 UTC 2023 --- Running 'cfssl serve'
2023/07/15 13:39:27 [INFO] Initializing signer
2023/07/15 13:39:27 [WARNING] couldn't initialize ocsp signer: open : no such file or directory
2023/07/15 13:39:27 [INFO] endpoint '/api/v1/cfssl/scaninfo' is enabled
2023/07/15 13:39:27 [WARNING] endpoint 'ocspsign' is disabled: signer not initialized
2023/07/15 13:39:27 [INFO] endpoint '/api/v1/cfssl/revoke' is enabled
2023/07/15 13:39:27 [INFO] endpoint '/api/v1/cfssl/certadd' is enabled
2023/07/15 13:39:27 [INFO] endpoint '/api/v1/cfssl/newcert' is enabled
2023/07/15 13:39:27 [INFO] endpoint '/api/v1/cfssl/gencrl' is enabled
2023/07/15 13:39:27 [INFO] bundler API ready
2023/07/15 13:39:27 [INFO] endpoint '/api/v1/cfssl/bundle' is enabled
2023/07/15 13:39:27 [INFO] endpoint '/api/v1/cfssl/certinfo' is enabled
2023/07/15 13:39:27 [INFO] endpoint '/' is enabled
2023/07/15 13:39:27 [WARNING] endpoint 'authsign' is disabled: {"code":5200,"message":"Invalid or unknown policy"}
2023/07/15 13:39:27 [INFO] endpoint '/api/v1/cfssl/init_ca' is enabled
2023/07/15 13:39:27 [INFO] endpoint '/api/v1/cfssl/info' is enabled
2023/07/15 13:39:27 [INFO] endpoint '/api/v1/cfssl/crl' is enabled
2023/07/15 13:39:27 [INFO] setting up key / CSR generator
2023/07/15 13:39:27 [INFO] endpoint '/api/v1/cfssl/newkey' is enabled
2023/07/15 13:39:27 [INFO] endpoint '/api/v1/cfssl/scan' is enabled
2023/07/15 13:39:27 [INFO] endpoint '/api/v1/cfssl/health' is enabled
2023/07/15 13:39:27 [INFO] endpoint '/api/v1/cfssl/sign' is enabled
2023/07/15 13:39:27 [INFO] Handler set up complete.
2023/07/15 13:39:27 [INFO] Now listening on 127.0.0.1:8888
at least when running the composition as it's done in rasenmeaher-integration repo
The branch used there is https://github.com/pvarki/python-rasenmaeher-api/tree/csr_handling_fixes
CFSSL container logs