|
|
| Subject: | AWS Zenpack via a webproxy with Data protection |
| Author: | [Not Specified] |
| Posted: | 2015-04-30 06:32 |
Hi
I'm trying to connect from Zenoss 4.2.5 on CentOS 6.5 to AWS via the AWS zenpack, and am getting the below error
"SSLError: [Errno 1] _ssl.c:503: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"
The Zenoss instance is in a corporate environment where I need to connect to the internet via a proxy server which does data inspection. e.g. it decrypts all traffic at the proxy. This means all certs protecting websites etc. are issued by an internal Certificate Authority (CA).
My Zenoss instance works because SNMP monitors are working
Zenoss with the AWS zenpack works (incl AWS auth keys etc), because took the VM home and it worked perfectly on a clean internet connection
My Question:
1. Where do I need to establish trust with my CA and how
Is in CentOS by importing the CA's root key as a trusted CA
In Zenoss somewhere
In configuration of the AWS Zenpack
The last unfortunate circumstance is that the server is behind a firewall and can't talk to the internal CA.
Detailed error message is below:
2015-04-29 18:00:14,146 INFO zen.ZenModeler: Connecting to localhost:8789
2015-04-29 18:00:14,152 INFO zen.ZenModeler: Connected to ZenHub
2015-04-29 18:00:14,303 INFO zen.ZenModeler: Collecting for device ADSAWS
2015-04-29 18:00:14,401 INFO zen.ZenModeler: skipping WMI-based collection, PySamba zenpack not installed
2015-04-29 18:00:14,430 INFO zen.ZenModeler: Python collection device ADSAWS
2015-04-29 18:00:14,430 INFO zen.ZenModeler: plugins: aws.EC2
2015-04-29 18:00:14,431 INFO zen.PythonClient: Python client finished collection for ADSAWS
2015-04-29 18:00:14,431 INFO zen.ZenModeler: Modeler aws.EC2 processing data for device ADSAWS
2015-04-29 18:00:15,210 ERROR zen.ZenModeler: Problem while executing plugin aws.EC2
2015-04-29 18:00:15,214 ERROR zen.ZenModeler: Traceback (most recent call last):
File "/opt/zenoss/Products/DataCollector/zenmodeler.py", line 647, in processClient
datamaps = plugin.process(device, results, self.log)
File "/opt/zenoss/ZenPacks/ZenPacks.zenoss.AWS-2.2.2.egg/ZenPacks/zenoss/AWS/modeler/plugins/aws/EC2.py", line 74, in process
ec2_regions = ec2conn.get_all_regions()
File "/opt/zenoss/ZenPacks/ZenPacks.zenoss.AWS-2.2.2.egg/ZenPacks/zenoss/AWS/lib/boto-2.34.0-py2.6.egg/boto/ec2/connection.py", line 3478, in get_all_regions
[('item', RegionInfo)], verb='POST')
File "/opt/zenoss/ZenPacks/ZenPacks.zenoss.AWS-2.2.2.egg/ZenPacks/zenoss/AWS/lib/boto-2.34.0-py2.6.egg/boto/connection.py", line 1166, in get_list
response = self.make_request(action, params, path, verb)
File "/opt/zenoss/ZenPacks/ZenPacks.zenoss.AWS-2.2.2.egg/ZenPacks/zenoss/AWS/lib/boto-2.34.0-py2.6.egg/boto/connection.py", line 1112, in make_request
return self._mexe(http_request)
File "/opt/zenoss/ZenPacks/ZenPacks.zenoss.AWS-2.2.2.egg/ZenPacks/zenoss/AWS/lib/boto-2.34.0-py2.6.egg/boto/connection.py", line 913, in _mexe
self.is_secure)
File "/opt/zenoss/ZenPacks/ZenPacks.zenoss.AWS-2.2.2.egg/ZenPacks/zenoss/AWS/lib/boto-2.34.0-py2.6.egg/boto/connection.py", line 705, in get_http_connection
return self.new_http_connection(host, port, is_secure)
File "/opt/zenoss/ZenPacks/ZenPacks.zenoss.AWS-2.2.2.egg/ZenPacks/zenoss/AWS/lib/boto-2.34.0-py2.6.egg/boto/connection.py", line 747, in new_http_connection
connection = self.proxy_ssl(host, is_secure and 443 or 80)
File "/opt/zenoss/ZenPacks/ZenPacks.zenoss.AWS-2.2.2.egg/ZenPacks/zenoss/AWS/lib/boto-2.34.0-py2.6.egg/boto/connection.py", line 835, in proxy_ssl
ca_certs=self.ca_certificates_file)
File "/opt/zenoss/lib/python2.7/ssl.py", line 372, in wrap_socket
ciphers=ciphers)
File "/opt/zenoss/lib/python2.7/ssl.py", line 134, in __init__
self.do_handshake()
File "/opt/zenoss/lib/python2.7/ssl.py", line 296, in do_handshake
self._sslobj.do_handshake()
SSLError: [Errno 1] _ssl.c:503: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2015-04-29 18:00:15,215 INFO zen.ZenModeler: No change in configuration detected
2015-04-29 18:00:15,219 INFO zen.ZenModeler: No command plugins found for ADSAWS
2015-04-29 18:00:15,220 INFO zen.ZenModeler: SNMP monitoring off for ADSAWS
2015-04-29 18:00:15,220 INFO zen.ZenModeler: No portscan plugins found for ADSAWS
2015-04-29 18:00:15,220 INFO zen.ZenModeler: Scan time: 0.92 seconds
2015-04-29 18:00:15,223 INFO zen.ZenModeler: Daemon ZenModeler shutting down
| Subject: | That's a problem of AWS boto |
| Author: | Jan Garaj |
| Posted: | 2015-04-30 07:55 |
That's a problem of AWS boto lib. Configure boto - http://boto.readthedocs.org/en/latest/boto_config_tut.html ,setting ca_certificates_file.
A boto config file is a text file formatted like an .ini configuration file that specifies values for options that control the behavior of the boto library. In Unix/Linux systems, on startup, the boto library looks for configuration files in the following locations and in the following order:
/etc/boto.cfg - for site-wide settings that all users on this machine will use
~/.boto - for user-specific settings
~/.aws/credentials - for credentials shared between SDKs
Devops Monitoring Expert advice:
Dockerize/automate/monitor all the things.
DevOps stack:
Docker / Kubernetes / Mesos / Zabbix / Zenoss / Grafana / Puppet / Ansible / Vagrant / Terraform /
Elasticsearch
| < |
Previous Installing Zenpacks - where is 'zenpack' |
Next SNMP Hex String - Not a string really? |
> |