gcloud compute ssh crash...?

[GoogleCodeExporter]

What steps will reproduce the problem?

Received a 'gcloud crashed' error. Will show the error message/info below. 
Tried this half a dozen times or so, and got a 'gcloud crashed' error each 
time. Interestingly, after ~30mins, tried again with exactly the same 'gcloud 
compute ssh' command and everything worked fine. No system or OS updates in the 
meantime.

For additional context, this occurred 10mins before I was scheduled to give a 
talk and demo (that required the use of gcloud) in front of an audience of >100 
people. :-(

What is the expected output? What do you see instead?

I can't reproduce the problem right at this moment, but the command I issued 
was:

gcloud compute ssh $INSTANCE_NAME \
>     --project $MY_PROJECT \
>     --zone $ZONE \
>     --ssh-flag="-L 8084:localhost:8084" \
>     --ssh-flag="-L 8087:localhost:8087" \
>     --ssh-flag="-L 9000:localhost:9000" \
>     --ssh-flag="-L 9090:localhost:9090"

where:
INSTANCE_NAME was spinnaker-codelab-20160204
MY_PROJECT was my-spinnaker-project-1195
ZONE was us-east1-b

What is the expected output? What do you see instead?

I expected to see a shell prompt in the instance's VM. What I received instead 
was:

ERROR: gcloud crashed (CertificateHostnameMismatch): Server presented 
certificate that does not match host www.googleapis.com: 
{'crlDistributionPoints': (u'http://ss.symcb.com/ss.crl',), 'subjectAltName': 
(('DNS', '*.smoot.apple.com'),), 'notBefore': u'Oct 21 00:00:00 2014 GMT', 
'caIssuers': (u'http://ss.symcb.com/ss.crt',), 'OCSP': 
(u'http://ss.symcd.com',), 'serialNumber': u'1776B0F5475C499C142D8075C2F7BD9E', 
'notAfter': 'Oct 20 23:59:59 2016 GMT', 'version': 3L, 'subject': 
((('countryName', u'US'),), (('stateOrProvinceName', u'California'),), 
(('localityName', u'Cupertino'),), (('organizationName', u'Apple Inc.'),), 
(('organizationalUnitName', u'Siri SF'),), (('commonName', 
u'*.smoot.apple.com'),)), 'issuer': ((('countryName', u'US'),), 
(('organizationName', u'Symantec Corporation'),), (('organizationalUnitName', 
u'Symantec Trust Network'),), (('commonName', u'Symantec Class 3 Secure Server 
CA - G4'),))}

Slightly more info:

WARNING: Truncating included information. Please consider including the 
remainder:
============== TRUNCATED INFORMATION (PLEASE CONSIDER INCLUDING) ===============
File "lib/googlecloudsdk/third_party/apitools/base/py/http_wrapper.py", line 
332, in MakeRequest
    check_response_func=check_response_func)
  File "lib/googlecloudsdk/third_party/apitools/base/py/http_wrapper.py", line 381, in _MakeRequestNoRetry
    redirections=redirections, connection_type=connection_type)
  File "lib/googlecloudsdk/core/cli.py", line 330, in RequestWithErrHandling
    return orig_request(*args, **kwargs)
  File "./lib/third_party/oauth2client/client.py", line 562, in new_request
    redirections, connection_type)
  File "lib/googlecloudsdk/core/cli.py", line 298, in RequestWithUserAgentAndTracing
    return orig_request(*modified_args, **kwargs)
  File "./lib/third_party/httplib2/__init__.py", line 1609, in request
    (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
  File "./lib/third_party/httplib2/__init__.py", line 1351, in _request
    (response, content) = self._conn_request(conn, request_uri, method, body, headers)
  File "./lib/third_party/httplib2/__init__.py", line 1272, in _conn_request
    conn.connect()
  File "./lib/third_party/httplib2/__init__.py", line 1047, in connect
    'host %s: %s' % (hostname, cert), hostname, cert)
CertificateHostnameMismatch: Server presented certificate that does not match 
host www.googleapis.com: {'crlDistributionPoints': 
(u'http://ss.symcb.com/ss.crl',), 'subjectAltName': (('DNS', 
'*.smoot.apple.com'),), 'notBefore': u'Oct 21 00:00:00 2014 GMT', 'caIssuers': 
(u'http://ss.symcb.com/ss.crt',), 'OCSP': (u'http://ss.symcd.com',), 
'serialNumber': u'1776B0F5475C499C142D8075C2F7BD9E', 'notAfter': 'Oct 20 
23:59:59 2016 GMT', 'version': 3L, 'subject': ((('countryName', u'US'),), 
(('stateOrProvinceName', u'California'),), (('localityName', u'Cupertino'),), 
(('organizationName', u'Apple Inc.'),), (('organizationalUnitName', u'Siri 
SF'),), (('commonName', u'*.smoot.apple.com'),)), 'issuer': ((('countryName', 
u'US'),), (('organizationName', u'Symantec Corporation'),), 
(('organizationalUnitName', u'Symantec Trust Network'),), (('commonName', 
u'Symantec Class 3 Secure Server CA - G4'),))}

Installation information:

Google Cloud SDK [94.0.0]

Platform: [Mac OS X, x86_64]
Python Version: [2.7.10 (default, Oct 23 2015, 18:05:06)  [GCC 4.2.1 Compatible 
Apple LLVM 7.0.0 (clang-700.0.59.5)]]
Python Location: [/usr/bin/python]
Site Packages: [Disabled]

Installation Root: [/Users/rbuskens/google-cloud-sdk]
Installed Components:
  core: [2016.01.22]
  core-nix: [2015.11.24]
  kubectl: []
  gsutil-nix: [4.15]
  gsutil: [4.16]
  bq: [2.0.18]
  bq-nix: [2.0.18]
  kubectl-darwin-x86_64: [1.1.4]
System PATH: 
[/Users/rbuskens/google-cloud-sdk/bin:/usr/local/git/current/bin:/usr/local/bin:
/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin]
Cloud SDK on PATH: [True]

Installation Properties: [/Users/rbuskens/google-cloud-sdk/properties]
User Config Directory: [/Users/rbuskens/.config/gcloud]
User Properties: [/Users/rbuskens/.config/gcloud/properties]
Current Workspace: [None]
Workspace Config Directory: [None]
Workspace Properties: [None]

Account: [rbuskens@google.com]
Project: [my-spinnaker-project-1195]

Current Properties:
  [core]
    project: [my-spinnaker-project-1195]
    account: [rbuskens@google.com]
    disable_usage_reporting: [False]
  [compute]
    zone: [us-central1-f]

Logs Directory: [/Users/rbuskens/.config/gcloud/logs]
Last Log File: 
[/Users/rbuskens/.config/gcloud/logs/2016.02.04/12.38.18.310935.log]
============ END TRUNCATED INFORMATION (PLEASE CONSIDER INCLUDING) =============

Please provide any additional information below.

Traceback (most recent call last):
  File "lib/googlecloudsdk/gcloud_main.py", line 169, in main
    gcloud_cli.Execute()
  File "lib/googlecloudsdk/calliope/cli.py", line 643, in Execute
    result = args.cmd_func(cli=self, args=args)
  File "lib/googlecloudsdk/calliope/backend.py", line 1402, in Run
    resources = command_instance.Run(args)
  File "lib/surface/compute/ssh.py", line 125, in Run
    instance = self.GetInstance(instance_ref)
  File "lib/googlecloudsdk/api_lib/compute/ssh_utils.py", line 561, in GetInstance
    custom_get_requests=None))
  File "lib/googlecloudsdk/api_lib/compute/request_helper.py", line 146, in MakeRequests
    requests=requests, http=http, batch_url=batch_url)
  File "lib/googlecloudsdk/api_lib/compute/batch_helper.py", line 42, in MakeRequests
    responses = batch_request.Execute(http)
  File "lib/googlecloudsdk/third_party/apitools/base/py/batch.py", line 209, in Execute
    batch_http_request.Execute(http)
  File "lib/googlecloudsdk/third_party/apitools/base/py/batch.py", line 464, in Execute
    self._Execute(http)
  File "lib/googlecloudsdk/third_party/apitools/base/py/batch.py", line 425, in _Execute
    response = http_wrapper.MakeRequest(http, request)
  File "lib/googlecloudsdk/third_party/apitools/base/py/http_wrapper.py", line 341, in MakeRequest
    http, http_request, e, retry, max_retry_wait))
[output truncated]

Original issue reported on code.google.com by rbusk...@google.com on 4 Feb 2016 at 10:27

[GoogleCodeExporter]

This looks like you hit a captive portal--were you on guest wifi (possibly run 
by Apple) at this point?

See this part of the message:
Server presented certificate that does not match host www.googleapis.com: 
{'crlDistributionPoints': (u'http://ss.symcb.com/ss.crl',), 'subjectAltName': 
(('DNS', '*.smoot.apple.com'),), 'notBefore': u'Oct 21 00:00:00 2014 GMT', 
'caIssuers': (u'http://ss.symcb.com/ss.crt',), 'OCSP': (u'http://ss.symcd.com', 
'serialNumber': u'1776B0F5475C499C142D8075C2F7BD9E', 'notAfter': 'Oct 20 
23:59:59 2016 GMT', 'version': 3L, 'subject': ((('countryName', u'US'),), 
(('stateOrProvinceName', u'California'),), (('localityName', u'Cupertino'),), 
(('organizationName', u'Apple Inc.'),), (('organizationalUnitName', u'Siri 
SF'),), (('commonName', u'*.smoot.apple.com'),)), 'issuer': ((('countryName', 
u'US'),), (('organizationName', u'Symantec Corporation'),), 
(('organizationalUnitName', u'Symantec Trust Network'),), (('commonName', 
u'Symantec Class 3 Secure Server CA - G4'),))}

Crashing is obviously not the right thing to do here, but I don't think there's 
a way around this on the gcloud end.

Original comment by z...@google.com on 4 Feb 2016 at 10:56

• Changed state: NeedsMoreInfo

[GoogleCodeExporter]

Yes, I was on guest wifi. I don't know if it was an Apple wifi network.

I guess I don't understand the error / what happened. I used the same guest 
network earlier in the day and everything worked fine. Also, about 30 minutes 
after I encountered this problem, everything seemed to work again.

What should I be doing to avoid this problem in the future? If I see the 
problem again, is there anything I can do to work around it?

Original comment by rbusk...@google.com on 5 Feb 2016 at 10:17

[GoogleCodeExporter]

Was it one that you had to click through a terms & conditions page for? My 
hunch is that the network "forgot" your connection after a while.

The stack trace indicates that gcloud tried to open an HTTPS connection to 
www.googleapis.com, but was presented a bad SSL certificate. This indicates a 
network problem of some sort--whether it's a malicious MitM or your WiFi access 
point just wants you to click through. I bet, for instance, that `curl 
https://www.googleapis.com/` (normally gives a 404) would result in an SSL 
error. The thing to do here is to "fix" your network connection, or configure 
`gcloud` to use a proxy.

gcloud did the right thing here in refusing to proceed (but should definitely 
present a nicer error).

Original comment by z...@google.com on 5 Feb 2016 at 10:35