1662898 – "bkr command --insecure" fails on ssl verification problem

Bug 1662898 - "bkr command --insecure" fails on ssl verification problem

Summary: "bkr command --insecure" fails on ssl verification problem

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Beaker
Classification:	Retired
Component:	command line
Sub Component:
Version:	26
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	27.0
Assignee:	Martin Styk
QA Contact:	tools-bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-01-02 10:51 UTC by michal novacek
Modified:	2019-12-04 12:05 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-01-07 07:38:15 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Beaker Project Gerrit	6357	0	'None'	'MERGED'	'Common:Add support for insecure calling for XMLRPC'	2019-12-04 12:01:45 UTC

Description michal novacek 2019-01-02 10:51:01 UTC

Description of problem:
It seems that ssl verification cannot be switched off with '--insecure' switch (checked with 'bkr whoami' and 'bkr job-submit job.xml).

As for the commandline help I believe that ssl certificates verification can be switched off: 

$ bkr whoami --help
...
  --insecure               Skip SSL certificate validity checks


Version-Release number of selected component (if applicable):
Beaker 26.1 on centos7 with kerberos authetication.

How reproducible: always

Steps to Reproduce:
1. run 'bkr whoami --insecure' against a system with unknown CA

Actual results: Errror: SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)

Expected results: ignore invalid ssl certificates and give me correct output

Additional info:

[root@centos7 temp]# cat /etc/beaker/client.conf 
HUB_URL="https://beaker.cluster-qe.lab.eng.brq.redhat.com/bkr/"
AUTH_METHOD="krbv"
KRB_SERVICE = "HTTP"
KRB_REALM = "REDHAT.COM"

[root@centos7 ~]# bkr whoami
2019-01-02 10:33:30,645 bkr.common.xmlrpc WARNING XML-RPC connection to beaker.cluster-qe.lab.eng.brq.redhat.com failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579), 5 retries left
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/bkr/common/xmlrpc.py", line 571, in request
    result = transport_class.request(self, *args, **kwargs)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1273, in request
    return self.single_request(host, handler, request_body, verbose)
  File "/usr/lib/python2.7/site-packages/bkr/common/xmlrpc.py", line 445, in _single_request
    self.send_content(h, request_body)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1448, in send_content
    connection.endheaders(request_body)
  File "/usr/lib64/python2.7/httplib.py", line 1037, in endheaders
    self._send_output(message_body)
  File "/usr/lib64/python2.7/httplib.py", line 881, in _send_output
    self.send(msg)
  File "/usr/lib64/python2.7/httplib.py", line 843, in send
    self.connect()
  File "/usr/lib64/python2.7/httplib.py", line 1260, in connect
    server_hostname=sni_hostname)
  File "/usr/lib64/python2.7/ssl.py", line 348, in wrap_socket
    _context=self)
  File "/usr/lib64/python2.7/ssl.py", line 609, in __init__
    self.do_handshake()
  File "/usr/lib64/python2.7/ssl.py", line 831, in do_handshake
    self._sslobj.do_handshake()
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
^CTraceback (most recent call last):
  File "/usr/bin/bkr", line 9, in <module>
    load_entry_point('beaker-client==26.1', 'console_scripts', 'bkr')()
  File "/usr/lib/python2.7/site-packages/bkr/client/main.py", line 103, in main
    return cmd.run(*cmd_args, **cmd_opts.__dict__)
  File "/usr/lib/python2.7/site-packages/bkr/client/commands/cmd_whoami.py", line 57, in run
    self.set_hub(**kwargs)
  File "/usr/lib/python2.7/site-packages/bkr/client/__init__.py", line 78, in set_hub
    proxy_user=proxy_user)
  File "/usr/lib/python2.7/site-packages/bkr/client/command.py", line 291, in set_hub
    self.hub = HubProxy(conf=self.conf, auto_login=auto_login)
  File "/usr/lib/python2.7/site-packages/bkr/common/hub.py", line 68, in __init__
    self._login()
  File "/usr/lib/python2.7/site-packages/bkr/common/hub.py", line 95, in _login
    login_method()
  File "/usr/lib/python2.7/site-packages/bkr/common/hub.py", line 193, in _login_krbv
    self._hub.auth.login_krbv(req_enc, proxyuser)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1591, in __request
    verbose=self.__verbose
  File "/usr/lib/python2.7/site-packages/bkr/common/xmlrpc.py", line 585, in request
    time.sleep(self.retry_timeout)
KeyboardInterrupt



[root@centos7 ~]# bkr whoami --insecure
2019-01-02 10:33:26,244 bkr.common.xmlrpc WARNING XML-RPC connection to beaker.cluster-qe.lab.eng.brq.redhat.com failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579), 5 retries left
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/bkr/common/xmlrpc.py", line 571, in request
    result = transport_class.request(self, *args, **kwargs)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1273, in request
    return self.single_request(host, handler, request_body, verbose)
  File "/usr/lib/python2.7/site-packages/bkr/common/xmlrpc.py", line 445, in _single_request
    self.send_content(h, request_body)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1448, in send_content
    connection.endheaders(request_body)
  File "/usr/lib64/python2.7/httplib.py", line 1037, in endheaders
    self._send_output(message_body)
  File "/usr/lib64/python2.7/httplib.py", line 881, in _send_output
    self.send(msg)
  File "/usr/lib64/python2.7/httplib.py", line 843, in send
    self.connect()
  File "/usr/lib64/python2.7/httplib.py", line 1260, in connect
    server_hostname=sni_hostname)
  File "/usr/lib64/python2.7/ssl.py", line 348, in wrap_socket
    _context=self)
  File "/usr/lib64/python2.7/ssl.py", line 609, in __init__
    self.do_handshake()
  File "/usr/lib64/python2.7/ssl.py", line 831, in do_handshake
    self._sslobj.do_handshake()
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
^CTraceback (most recent call last):
  File "/usr/bin/bkr", line 9, in <module>
    load_entry_point('beaker-client==26.1', 'console_scripts', 'bkr')()
  File "/usr/lib/python2.7/site-packages/bkr/client/main.py", line 103, in main
    return cmd.run(*cmd_args, **cmd_opts.__dict__)
  File "/usr/lib/python2.7/site-packages/bkr/client/commands/cmd_whoami.py", line 57, in run
    self.set_hub(**kwargs)
  File "/usr/lib/python2.7/site-packages/bkr/client/__init__.py", line 78, in set_hub
    proxy_user=proxy_user)
  File "/usr/lib/python2.7/site-packages/bkr/client/command.py", line 291, in set_hub
    self.hub = HubProxy(conf=self.conf, auto_login=auto_login)
  File "/usr/lib/python2.7/site-packages/bkr/common/hub.py", line 68, in __init__
    self._login()
  File "/usr/lib/python2.7/site-packages/bkr/common/hub.py", line 95, in _login
    login_method()
  File "/usr/lib/python2.7/site-packages/bkr/common/hub.py", line 193, in _login_krbv
    self._hub.auth.login_krbv(req_enc, proxyuser)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1591, in __request
    verbose=self.__verbose
  File "/usr/lib/python2.7/site-packages/bkr/common/xmlrpc.py", line 585, in request
    time.sleep(self.retry_timeout)
KeyboardInterrupt


[root@centos7 temp]# bkr job-submit --insecure a.xml
2019-01-02 10:41:27,469 bkr.common.xmlrpc WARNING XML-RPC connection to beaker.cluster-qe.lab.eng.brq.redhat.com failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579), 5 retries left
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/bkr/common/xmlrpc.py", line 571, in request
    result = transport_class.request(self, *args, **kwargs)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1273, in request
    return self.single_request(host, handler, request_body, verbose)
  File "/usr/lib/python2.7/site-packages/bkr/common/xmlrpc.py", line 445, in _single_request
    self.send_content(h, request_body)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1448, in send_content
    connection.endheaders(request_body)
  File "/usr/lib64/python2.7/httplib.py", line 1037, in endheaders
    self._send_output(message_body)
  File "/usr/lib64/python2.7/httplib.py", line 881, in _send_output
    self.send(msg)
  File "/usr/lib64/python2.7/httplib.py", line 843, in send
    self.connect()
  File "/usr/lib64/python2.7/httplib.py", line 1260, in connect
    server_hostname=sni_hostname)
  File "/usr/lib64/python2.7/ssl.py", line 348, in wrap_socket
    _context=self)
  File "/usr/lib64/python2.7/ssl.py", line 609, in __init__
    self.do_handshake()
  File "/usr/lib64/python2.7/ssl.py", line 831, in do_handshake
    self._sslobj.do_handshake()
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
^CTraceback (most recent call last):
  File "/usr/bin/bkr", line 9, in <module>
    load_entry_point('beaker-client==26.1', 'console_scripts', 'bkr')()
  File "/usr/lib/python2.7/site-packages/bkr/client/main.py", line 103, in main
    return cmd.run(*cmd_args, **cmd_opts.__dict__)
  File "/usr/lib/python2.7/site-packages/bkr/client/commands/cmd_job_submit.py", line 200, in run
    self.set_hub(**kwargs)
  File "/usr/lib/python2.7/site-packages/bkr/client/__init__.py", line 78, in set_hub
    proxy_user=proxy_user)
  File "/usr/lib/python2.7/site-packages/bkr/client/command.py", line 291, in set_hub
    self.hub = HubProxy(conf=self.conf, auto_login=auto_login)
  File "/usr/lib/python2.7/site-packages/bkr/common/hub.py", line 68, in __init__
    self._login()
  File "/usr/lib/python2.7/site-packages/bkr/common/hub.py", line 95, in _login
    login_method()
  File "/usr/lib/python2.7/site-packages/bkr/common/hub.py", line 193, in _login_krbv
    self._hub.auth.login_krbv(req_enc, proxyuser)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1591, in __request
    verbose=self.__verbose
  File "/usr/lib/python2.7/site-packages/bkr/common/xmlrpc.py", line 585, in request
    time.sleep(self.retry_timeout)
KeyboardInterrupt


Using env variable PYTHONHTTPSVERIFY=0 solves the problem for job-submit:

[root@centos7 temp]# PYTHONHTTPSVERIFY=0 bkr job-submit a.xml
Submitted: ['J:90244']

Comment 2 Martin Styk 2019-01-28 10:07:45 UTC

Beaker 26.3 has been released.

Note You need to log in before you can comment on or make changes to this bug.