[Pulp-list] Can't access API on fresh new pulp instance via https

Tim Black timblaktu at gmail.com
Wed Nov 4 23:54:40 UTC 2020 

I have installed a new pulp instance using pulp.pulp_installer 3.8.1 and
the below ansible play, which mostly uses defaults. The containing playbook
runs to completion with no errors, but I get the following error trying to
access the api status endpoint with httpie:

[tblack-stretch]cmm/ansible/projects/pulp > http
https://pulp.biamp.com/pulp/api/v3/status
<https://pulp.mydomain.com/pulp/api/v3/status>

http: error: SSLError: HTTPSConnectionPool(host='pulp.biamp.com
<http://pulp.mydomain.com>', port=443): Max retries exceeded with url:
/pulp/api/v3/status (Caused by SSLError(SSLError("bad handshake:
Error([('SSL routines', 'tls_process_server_certificate', 'certificate
verify failed')],)",),)) while doing GET request to URL:
https://pulp.biamp.com/pulp/api/v3/status
<https://pulp.mydomain.com/pulp/api/v3/status>

It says it failed to verify the certificate. I've read the docs about ssl
configuration
<https://docs.pulpproject.org/pulpcore/installation/instructions.html#ssl>,
and I have copied both the pulp-generated self-signed root CA and
webserver certs from `/etc/pulp/certs/` to the client (tblack-stretch) I'm
running httpie from. There, I imported the certs by placing them in
/usr/local/share/ca-certificates/extra and running update-ca-certificates,
but still got the same error.

Here is my play that invokes  pulp.pulp_installer.pulp_all_services. Any
help would be appreciated. Thanks.

- name: Install Pulp
  hosts: pulp_cluster
  vars:
    # Pulp Installer Variables Documentation:
https://pulp-installer.readthedocs.io/en/3.8.1/#variables
    pulp_install_plugins:
      # IMPORTANT! Compatibility Between Pulpcore and Pulp Plugins Must be
Manually Confirmed/Specified!
      #
https://pulp-installer.readthedocs.io/en/3.8.1/#note-on-plugin-version-compatibility-with-pulpcore
      # There is a tool that helps you find the compatible plugin versions.
      #   https://github.com/fao89/pdc
      pulp-ansible:
        version: 0.5.0
      pulp-container:
        version: 2.1.0
      pulp-deb:
        version: 2.7.0
      pulp-file:
        version: 1.3.0
      pulp-python:
        version: 3.0.0b11
    pulp_default_admin_password: "{{ pulp_admin_password }}"
    pulp_settings:
      secret_key: "{{ pulp_django_secret_key }}"
      content_origin: "https://{{ ansible_fqdn }}"
  pre_tasks:
    # The version string below is the highest of all those in roles'
metadata:
    # "min_ansible_version". It needs to be kept manually up-to-date.
    - name: Verify Ansible meets min required version
      assert:
        that: "ansible_version.full is version_compare('2.8', '>=')"
        msg: >
          "You must update Ansible to at least 2.8 to use this version of
Pulp 3 Installer."
  roles:
    - pulp.pulp_installer.pulp_all_services
  environment:
    DJANGO_SETTINGS_MODULE: pulpcore.app.settings
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20201104/4ee5c1d2/attachment.htm>

More information about the Pulp-list mailing list