[Pulp-list] Can't access API on fresh new pulp instance via https
Tim Black
timblaktu at gmail.com
Wed Nov 4 23:54:40 UTC 2020
I have installed a new pulp instance using pulp.pulp_installer 3.8.1 and
the below ansible play, which mostly uses defaults. The containing playbook
runs to completion with no errors, but I get the following error trying to
access the api status endpoint with httpie:
[tblack-stretch]cmm/ansible/projects/pulp > http
https://pulp.biamp.com/pulp/api/v3/status
<https://pulp.mydomain.com/pulp/api/v3/status>
http: error: SSLError: HTTPSConnectionPool(host='pulp.biamp.com
<http://pulp.mydomain.com>', port=443): Max retries exceeded with url:
/pulp/api/v3/status (Caused by SSLError(SSLError("bad handshake:
Error([('SSL routines', 'tls_process_server_certificate', 'certificate
verify failed')],)",),)) while doing GET request to URL:
https://pulp.biamp.com/pulp/api/v3/status
<https://pulp.mydomain.com/pulp/api/v3/status>
It says it failed to verify the certificate. I've read the docs about ssl
configuration
<https://docs.pulpproject.org/pulpcore/installation/instructions.html#ssl>,
and I have copied both the pulp-generated self-signed root CA and
webserver certs from `/etc/pulp/certs/` to the client (tblack-stretch) I'm
running httpie from. There, I imported the certs by placing them in
/usr/local/share/ca-certificates/extra and running update-ca-certificates,
but still got the same error.
Here is my play that invokes pulp.pulp_installer.pulp_all_services. Any
help would be appreciated. Thanks.
- name: Install Pulp
hosts: pulp_cluster
vars:
# Pulp Installer Variables Documentation:
https://pulp-installer.readthedocs.io/en/3.8.1/#variables
pulp_install_plugins:
# IMPORTANT! Compatibility Between Pulpcore and Pulp Plugins Must be
Manually Confirmed/Specified!
#
https://pulp-installer.readthedocs.io/en/3.8.1/#note-on-plugin-version-compatibility-with-pulpcore
# There is a tool that helps you find the compatible plugin versions.
# https://github.com/fao89/pdc
pulp-ansible:
version: 0.5.0
pulp-container:
version: 2.1.0
pulp-deb:
version: 2.7.0
pulp-file:
version: 1.3.0
pulp-python:
version: 3.0.0b11
pulp_default_admin_password: "{{ pulp_admin_password }}"
pulp_settings:
secret_key: "{{ pulp_django_secret_key }}"
content_origin: "https://{{ ansible_fqdn }}"
pre_tasks:
# The version string below is the highest of all those in roles'
metadata:
# "min_ansible_version". It needs to be kept manually up-to-date.
- name: Verify Ansible meets min required version
assert:
that: "ansible_version.full is version_compare('2.8', '>=')"
msg: >
"You must update Ansible to at least 2.8 to use this version of
Pulp 3 Installer."
roles:
- pulp.pulp_installer.pulp_all_services
environment:
DJANGO_SETTINGS_MODULE: pulpcore.app.settings
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20201104/4ee5c1d2/attachment.htm>
More information about the Pulp-list
mailing list