search

saltstack / salt

Software to automate the management and configuration of any infrastructure or application at scale. Install Salt from the Salt package repositories here:
https://docs.saltproject.io/salt/install-guide/en/latest/
Apache License 2.0
14.19k stars 5.48k forks source link

salt-cloud azure basic connection and query fails #35074

Closed ahammond closed 6 years ago

ahammond commented 8 years ago

Description of Issue/Question

I'm having difficulty getting basic azure connectivity and interaction with salt-cloud.

Setup

/etc/salt/cloud.providers.d/azure.conf

azure:
  driver: azure
  subscription_id: xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
  certificate_path: /etc/salt/pki/master/ssh/azure.pem.key
  ssh_username: saltssh
  ssh_password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Steps to Reproduce Issue

I've tried using both the azure.pem and the azure.pem.key in the config above since the docs suggest it's supposed to be the public key, but common sense suggests I should be using the private key. Then I run the following command:

salt-cloud --list-locations=azure -l trace

Everything looks good until I see the following:

[ERROR   ] Failed to get the output of 'azure.avail_locations()': [SSL] PEM lib (_ssl.c:2603)
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/salt/cloud/__init__.py", line 824, in location_list
    data[alias][driver] = self.clouds[fun]()
  File "/usr/lib/python2.7/dist-packages/salt/cloud/clouds/msazure.py", line 163, in avail_locations
    locations = conn.list_locations()
  File "/usr/local/lib/python2.7/dist-packages/azure/servicemanagement/servicemanagementservice.py", line 1128, in list_locations
    Locations)
  File "/usr/local/lib/python2.7/dist-packages/azure/servicemanagement/servicemanagementclient.py", line 365, in _perform_get
    response = self.perform_get(path, x_ms_version)
  File "/usr/local/lib/python2.7/dist-packages/azure/servicemanagement/servicemanagementclient.py", line 175, in perform_get
    response = self._perform_request(request)
  File "/usr/local/lib/python2.7/dist-packages/azure/servicemanagement/servicemanagementclient.py", line 337, in _perform_request
    resp = self._filter(request)
  File "/usr/local/lib/python2.7/dist-packages/azure/servicemanagement/_http/httpclient.py", line 183, in perform_request
    self.send_request_body(connection, request.body)
  File "/usr/local/lib/python2.7/dist-packages/azure/servicemanagement/_http/httpclient.py", line 142, in send_request_body
    connection.send(None)
  File "/usr/local/lib/python2.7/dist-packages/azure/servicemanagement/_http/requestsclient.py", line 81, in send
    self.response = self.session.request(self.method, self.uri, data=request_body, headers=self.headers, timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 447, in send
    raise SSLError(e, request=request)
SSLError: [SSL] PEM lib (_ssl.c:2603)
[ERROR   ] Failed to get the output of 'azure.avail_locations()': [SSL] PEM lib (_ssl.c:2584)
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/salt/cloud/__init__.py", line 824, in location_list
    data[alias][driver] = self.clouds[fun]()
  File "/usr/lib/python2.7/dist-packages/salt/cloud/clouds/msazure.py", line 163, in avail_locations
    locations = conn.list_locations()
  File "/usr/local/lib/python2.7/dist-packages/azure/servicemanagement/servicemanagementservice.py", line 1128, in list_locations
    Locations)
  File "/usr/local/lib/python2.7/dist-packages/azure/servicemanagement/servicemanagementclient.py", line 365, in _perform_get
    response = self.perform_get(path, x_ms_version)
  File "/usr/local/lib/python2.7/dist-packages/azure/servicemanagement/servicemanagementclient.py", line 175, in perform_get
    response = self._perform_request(request)
  File "/usr/local/lib/python2.7/dist-packages/azure/servicemanagement/servicemanagementclient.py", line 337, in _perform_request
    resp = self._filter(request)
  File "/usr/local/lib/python2.7/dist-packages/azure/servicemanagement/_http/httpclient.py", line 183, in perform_request
    self.send_request_body(connection, request.body)
  File "/usr/local/lib/python2.7/dist-packages/azure/servicemanagement/_http/httpclient.py", line 142, in send_request_body
    connection.send(None)
  File "/usr/local/lib/python2.7/dist-packages/azure/servicemanagement/_http/requestsclient.py", line 81, in send
    self.response = self.session.request(self.method, self.uri, data=request_body, headers=self.headers, timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 447, in send
    raise SSLError(e, request=request)
SSLError: [SSL] PEM lib (_ssl.c:2584)

Versions Report

root@salt:/etc/salt/cloud.providers.d# salt-call --versions-report
Salt Version:
           Salt: 2016.3.1

Dependency Versions:
           cffi: 1.5.2
       cherrypy: 2.3.0
       dateutil: 2.4.2
          gitdb: 0.6.4
      gitpython: 2.0.6
          ioflo: Not Installed
         Jinja2: 2.8
        libgit2: Not Installed
        libnacl: Not Installed
       M2Crypto: Not Installed
           Mako: 1.0.3
   msgpack-pure: Not Installed
 msgpack-python: 0.4.6
   mysql-python: Not Installed
      pycparser: 2.14
       pycrypto: 2.6.1
         pygit2: Not Installed
         Python: 2.7.11+ (default, Apr 17 2016, 14:00:29)
   python-gnupg: Not Installed
         PyYAML: 3.11
          PyZMQ: 15.2.0
           RAET: Not Installed
          smmap: 0.9.0
        timelib: 0.2.4
        Tornado: 4.2.1
            ZMQ: 4.1.4

System Versions:
           dist: Ubuntu 16.04 xenial
        machine: x86_64
        release: 4.4.0-28-generic
         system: Linux
        version: Ubuntu 16.04 xenial

And since that doesn't show anything about the azure modules:

root@salt:/etc/salt/cloud.providers.d# pip freeze
apache-libcloud==0.20.0
azure==1.0.3
azure-common==1.1.4
azure-mgmt==0.20.2
azure-mgmt-common==0.20.0
azure-mgmt-compute==0.20.1
azure-mgmt-network==0.20.1
azure-mgmt-nspkg==1.0.0
azure-mgmt-resource==0.20.1
azure-mgmt-storage==0.20.0
azure-nspkg==1.0.0
azure-servicebus==0.20.1
azure-servicemanagement-legacy==0.20.2
azure-storage==0.20.3
cffi==1.5.2
chardet==2.3.0
CherryPy==2.3.0
croniter==0.3.8
cryptography==1.2.3
enum34==1.1.2
futures==3.0.5
gitdb==0.6.4
GitPython==2.0.6
idna==2.0
inotify==0.2.6
ipaddress==1.0.16
Jinja2==2.8
lockfile==0.12.2
Mako==1.0.3
MarkupSafe==0.23
msgpack-python==0.4.6
ndg-httpsclient==0.4.0
netaddr==0.7.18
ply==3.7
pyasn1==0.1.9
pycparser==2.14
pycrypto==2.6.1
pycurl==7.43.0
PyMySQL==0.7.2
pyOpenSSL==0.15.1
python-apt==1.1.0b1
python-dateutil==2.4.2
python-systemd==231
pytz==2014.10
PyYAML==3.11
pyzmq==15.2.0
requests==2.9.1
salt==2016.3.1
setproctitle==1.1.10
simplejson==3.8.1
six==1.10.0
smmap==0.9.0
timelib==0.2.4
tornado==4.2.1
ujson==1.35
urllib3==1.13.1
Ch3LL commented 8 years ago

@ahammond how did you generate your certificate. Did you use the instructions here?

ahammond commented 8 years ago

@jgartrel can you confirm you followed the above instructions for certificate generation?

jgartrel commented 8 years ago

Yes, however I set the expiration to 720 days, and the key length to 4096 I think.

jgartrel commented 8 years ago

openssl req -x509 -nodes -days 730 -newkey rsa:4096 -keyout ./azure.pem.key -out ./azure.pem

jgartrel commented 8 years ago

openssl x509 -inform pem -in ./azure.pem -outform der -out ./azure.cer

jgartrel commented 8 years ago

Also tried using 1024bit:

openssl req -x509 -nodes -days 730 -newkey rsa:1024 -keyout ./azure_2.pem.key -out ./azure_2.pem openssl x509 -inform pem -in ./azure_2.pem -outform der -out ./azure_2.cer

No such luck with that either

ahammond commented 8 years ago

With the 1024b key:

[DEBUG   ] Failed to execute 'azure.list_nodes()' while querying for running nodes: [SSL] PEM lib (_ssl.c:2584)
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/salt/cloud/__init__.py", line 2369, in run_parallel_map_providers_query
    cloud.clouds[data['fun']]()
  File "/usr/lib/python2.7/dist-packages/salt/cloud/clouds/msazure.py", line 222, in list_nodes
    nodes = list_nodes_full(conn, call)
  File "/usr/lib/python2.7/dist-packages/salt/cloud/clouds/msazure.py", line 243, in list_nodes_full
    services = list_hosted_services(conn=conn, call=call)
  File "/usr/lib/python2.7/dist-packages/salt/cloud/clouds/msazure.py", line 292, in list_hosted_services
    services = conn.list_hosted_services()
  File "/usr/local/lib/python2.7/dist-packages/azure/servicemanagement/servicemanagementservice.py", line 316, in list_hosted_services
    HostedServices)
  File "/usr/local/lib/python2.7/dist-packages/azure/servicemanagement/servicemanagementclient.py", line 365, in _perform_get
    response = self.perform_get(path, x_ms_version)
  File "/usr/local/lib/python2.7/dist-packages/azure/servicemanagement/servicemanagementclient.py", line 175, in perform_get
    response = self._perform_request(request)
  File "/usr/local/lib/python2.7/dist-packages/azure/servicemanagement/servicemanagementclient.py", line 337, in _perform_request
    resp = self._filter(request)
  File "/usr/local/lib/python2.7/dist-packages/azure/servicemanagement/_http/httpclient.py", line 183, in perform_request
    self.send_request_body(connection, request.body)
  File "/usr/local/lib/python2.7/dist-packages/azure/servicemanagement/_http/httpclient.py", line 142, in send_request_body
    connection.send(None)
  File "/usr/local/lib/python2.7/dist-packages/azure/servicemanagement/_http/requestsclient.py", line 81, in send
    self.response = self.session.request(self.method, self.uri, data=request_body, headers=self.headers, timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 447, in send
    raise SSLError(e, request=request)
SSLError: [SSL] PEM lib (_ssl.c:2584)
Ch3LL commented 8 years ago

@techhat can I get your input here? Any insight as to why they might be seeing this error?

stale[bot] commented 6 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.