| openstackgerrit | Pierre GINDRAUD proposed recordsansible/ara master: Add TIME_ZONE as initial value for settings file https://review.opendev.org/680906 | 04:19 |
|---|---|---|
| openstackgerrit | Pierre GINDRAUD proposed recordsansible/ara master: Handle timezone from TZ variable https://review.opendev.org/678348 | 05:01 |
| *** gvincent has joined #ara | 06:23 | |
| *** vincent- has joined #ara | 07:35 | |
| *** vincent-- has joined #ara | 07:40 | |
| *** vincent- has quit IRC | 07:42 | |
| *** sshnaidm|afk is now known as sshnaidm | 07:51 | |
| *** sshnaidm is now known as sshnaidm|ruck | 07:51 | |
| *** vincent--- has joined #ara | 08:10 | |
| *** vincent-- has quit IRC | 08:12 | |
| *** vincent--- has quit IRC | 08:15 | |
| *** idir__ has joined #ara | 08:18 | |
| idir__ | hello, i'm deploying ara in front on traefik with https, all works well but, when i'm trying to use ara callback with ansible on jenkins, i have this error (HTTPSConnectionPool(host='mdsa403api.devops.april.interne.fr', port=443): Max | 08:20 |
| idir__ | protocol (_ssl.c:841)'),))) | 08:20 |
| idir__ | before setting https all was working well | 08:21 |
| idir__ | can you help me please ? | 08:21 |
| apollo13 | idir__: you will have to show the full traceback and where does this happen | 08:32 |
| idir__ | ok | 08:32 |
| apollo13 | (use dpaste.com, don't paste the whole trace into the channel) | 08:33 |
| apollo13 | or dpaste.de rather | 08:33 |
| idir__ | yes | 08:33 |
| idir__ | http://dpaste.com/3B9N1JF | 08:34 |
| idir__ | when deploying gitlab with ansible/jenkins | 08:34 |
| idir__ | i install ara and configure it to call the API whiwh is on https server | 08:34 |
| apollo13 | how old is your python? | 08:37 |
| idir__ | 3.6 | 08:37 |
| idir__ | with ansible 2.8 | 08:37 |
| apollo13 | you might wanna try to follow this https://stackoverflow.com/questions/33410577/python-requests-exceptions-sslerror-eof-occurred-in-violation-of-protocol | 08:37 |
| *** apollo13 has quit IRC | 08:38 | |
| idir__ | ok i'll see thank you apollo :) | 08:38 |
| idir__ | there is another problem with encoding, is there an issue talking about this ? | 08:39 |
| *** apollo13 has joined #ara | 08:40 | |
| idir__ | so for ssl problem, i try to unset some proxy vars and it does not work i will https://stackoverflow.com/questions/33410577/python-requests-exceptions-sslerror-eof-occurred-in-vio... | 08:42 |
| apollo13 | well you probably would know if you configured a proxy | 08:43 |
| apollo13 | but I'd also check https://stackoverflow.com/a/50681396 | 08:43 |
| apollo13 | which TLS versions do you require in traefik? | 08:43 |
| idir__ | tls 1.2 | 08:46 |
| apollo13 | and which openssl version? | 08:46 |
| idir__ | nothing in docs :/ | 08:47 |
| apollo13 | openssl version ;) | 08:47 |
| apollo13 | apparently tls 1.2 is since 1.0.1 | 08:47 |
| idir__ | yes | 08:48 |
| apollo13 | either way, you can try going down to 1.1/1.0 in traefik and see if that fixes it, then you know you know are on the right track | 08:48 |
| apollo13 | if that all doesn't help use tcpdump to see which side fails the exchange where | 08:48 |
| idir__ | when trying to request the api from commande line using python request it works | 08:50 |
| *** idir__ has quit IRC | 09:00 | |
| *** vincent--- has joined #ara | 09:13 | |
| *** vincent--- has quit IRC | 10:09 | |
| *** vincent- has joined #ara | 10:10 | |
| *** krion has joined #ara | 10:12 | |
| openstackgerrit | Jean-Philippe Evrard proposed recordsansible/ara master: Make env setup allow use of other plugins https://review.opendev.org/679281 | 10:17 |
| *** sshnaidm|ruck is now known as sshnaidm|afk | 11:15 | |
| *** sshnaidm|afk is now known as sshnaidm|ruck | 12:32 | |
| *** spiette has quit IRC | 13:04 | |
| *** spiette has joined #ara | 13:08 | |
| *** idir__ has joined #ara | 13:49 | |
| idir__ | i'm facing the same problem since this morning, the https configuration of ara, when curl the ara api which is secure all work well but when trying to ara callback configuration on ansible then is ssl error | 13:51 |
| idir__ | there is ssl error ! | 13:51 |
| idir__ | is there some one to help, appllo13 helped me this morning but i still have the problem | 13:53 |
| dmsimard | idir__: what version of django ? | 13:56 |
| *** dbpiv has joined #ara | 13:57 | |
| idir__ | i guess is the last one which used in ara | 13:57 |
| dmsimard | idir__: I vaguely remember someone telling me about a ssl issue that was fixed by downgrading django to <2.2 | 13:58 |
| dmsimard | which is still within the requirements of >=2.1.5 | 13:58 |
| idir__ | i'm using the callback and the api separately | 14:00 |
| idir__ | the api in a server with http and i install ara with ansible in another host | 14:00 |
| dmsimard | ok, sure | 14:01 |
| dmsimard | that should work | 14:01 |
| idir__ | yes it's work well but the problem is when i use activate ssl on traefik which is on front of gunicorn | 14:02 |
| idir__ | i can curl | 14:02 |
| idir__ | but when i combine | 14:02 |
| idir__ | ara callback with ansible and configure to send on this api, i have the problem ( [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:777)'),))) | 14:03 |
| dmsimard | idir__: do you have access to a python interpreter where the callback is installed ? | 14:03 |
| idir__ | yes | 14:04 |
| idir__ | in this host i just install ara not ara[server] so there not problem with django | 14:05 |
| idir__ | the api is installed on docker containers | 14:05 |
| idir__ | i created an architecture using docker and docker compose to deploy many instances of ara | 14:06 |
| dmsimard | idir__: so if I run this little snippet locally, it'll work with a https endpoint: https://gist.github.com/dmsimard/783e4e190322f1a346b296437400929b | 14:07 |
| dmsimard | idir__: can you run that exact snippet and let me know if that works ? | 14:07 |
| idir__ | ok | 14:07 |
| idir__ | i have a big json | 14:10 |
| idir__ | so i think it work | 14:10 |
| dmsimard | idir__: ok, so how about you change the endpoint so it's yours | 14:10 |
| idir__ | yes i'm changing | 14:10 |
| idir__ | erro :/ | 14:11 |
| dmsimard | I'm not familiar with traefik but maybe there's something wrong with the config | 14:12 |
| dmsimard | the api.demo endpoint uses nginx for ssl termination | 14:12 |
| dmsimard | and it's a letsencrypt certificate | 14:13 |
| idir__ | yes i was using nginx but it's not work very well | 14:13 |
| idir__ | i'm not using the letencrypt | 14:14 |
| idir__ | i'm using a self signed cert of the company | 14:14 |
| dmsimard | idir__: is the CA certificate part of the bundle ? | 14:14 |
| dmsimard | curl and python requests are not necessarily using the same certificate store | 14:15 |
| idir__ | is there something to tel python to not verify the cert | 14:16 |
| dmsimard | idir__: there is an env variable to get requests to load different CAs, ex: https://stackoverflow.com/a/42982144 | 14:17 |
| idir__ | or how can i tell python to use the same key store like curl | 14:17 |
| idir__ | ok i'll try this | 14:18 |
| idir__ | i use the env vars | 14:21 |
| idir__ | i re execute the littre script i now i dont have the same error | 14:21 |
| idir__ | i have 401 it's normal because i set auth o | 14:21 |
| idir__ | on | 14:21 |
| idir__ | it works :) thank you a lot :) | 14:25 |
| idir__ | you are the best ;) | 14:25 |
| dmsimard | idir__: yay | 14:35 |
| *** idir__ has quit IRC | 14:41 | |
| *** sshnaidm|ruck is now known as sshnaidm|afk | 16:00 | |
| *** njt has quit IRC | 16:50 | |
| *** njt has joined #ara | 16:52 | |
| *** vincent- has quit IRC | 17:22 | |
| *** dbpiv has quit IRC | 17:28 | |
| *** dbpiv has joined #ara | 17:28 | |
| *** dbpiv has quit IRC | 17:35 | |
| *** vincent- has joined #ara | 18:18 | |
| *** vincent- has quit IRC | 19:31 | |
| *** vincent- has joined #ara | 19:35 | |
| *** vincent- has quit IRC | 19:48 | |
| *** gvincent has quit IRC | 19:50 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!