search

sassoftware / viya4-deployment

This project contains Ansible code that creates a baseline in an existing Kubernetes environment for use with the SAS Viya Platform, generates the manifest for an order, and then can also deploy that order into the Kubernetes environment specified.
Apache License 2.0
70 stars 64 forks source link

docker build -t viya4-deployment fails with: SSL no alternative certificate subject name matches target host name 'packages.cloud.google.com' #462

Closed bullcity42 closed 9 months ago

bullcity42 commented 1 year ago

git clone https://github.com/sassoftware/viya4-deployment.git docker build -t viya4-deployment .

or

podman build -t viya4-deployment .

returns this for me and several of my colleagues:

curl: (60) SSL: no alternative certificate subject name matches target host name 'packages.cloud.google.com'

Full error:

You can now run: /usr/local/bin/aws --version
deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL: no alternative certificate subject name matches target host name 'packages.cloud.google.com'
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
gpg: no valid OpenPGP data found.
The command '/bin/sh -c apt-get update && apt-get install --no-install-recommends -y gzip wget git jq ssh sshpass skopeo rsync   && rm -f /etc/ssh/ssh_host_rsa_key && rm -f /etc/ssh/ssh_host_ecdsa_key && rm -f /etc/ssh/ssh_host_ed25519_key   && curl -ksLO https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 && chmod 755 get-helm-3   && ./get-helm-3 --version v$helm_version --no-sudo   && curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${aws_cli_version}.zip" -o "awscliv2.zip"   && unzip awscliv2.zip   && ./aws/install   && curl -sL https://aka.ms/InstallAzureCLIDeb | bash   && echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list   && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -   && apt-get update && apt-get install --no-install-recommends -y google-cloud-cli:amd64=${gcp_cli_version}   && apt-get install --no-install-recommends -y google-cloud-sdk-gke-gcloud-auth-plugin   && apt-get clean   && rm -rf /var/lib/apt/lists/*' returned a non-zero code: 2
jarpat commented 1 year ago

@bullcity42 Based off the error message and the timing, the issue seems to be around curl based off this issue: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028170

There was a bad update to pushed to "curl" on the 19th on version 7.81.0-1ubuntu1.11 which looks like caused that certificate issue. 7.81.0-1ubuntu1.13 which was released recently looks like it may have resolved the issue. This affected Ubuntu 22.04 which is what our Docker base image is.

Could you try rebuilding the image to see if the issue gets resolved? I would recommend a --no-cache flag to make sure the layer with the bad version of curl is not reused.

Dibyajyoti227 commented 8 months ago

Is it resolved by any chance? I am having the same issue.