2020-08-06 13:46:25 |
Michael Fosgerau |
description |
I'm having trouble enabling / running canonical-livepatch through a corporate proxy with it's own root trusted CA cert.
I've managed to setup everything else so traffic goes through it, including snap, apt, browser(s) and so forth.
All requests to enable livepatch always result in:
$ sudo -E canonical-livepatch enable MY_SECRET_TOKEN
2020/08/06 14:42:59 error executing enable: cannot enable machine: cannot send request: Post https://livepatch.canonical.com/api/machine-tokens: x509: certificate signed by unknown authority
I've tried in a number of ways to get the CA cert registered with livepatch, sofar without any luck. For example:
$ sudo -E canonical-livepatch config ca-certs="$(cat ~/workspace/setup-ubuntu/CertEmulationCA.crt)"
invalid config "ca-certs=-----BEGIN CERTIFICATE-----\nscrambled-content-goes-on-and-on-and-on\n-----END CERTIFICATE-----" ignored (bad name)
Also, I've tried with a direct path to the cert like:
$ sudo canonical-livepatch config ca-certs="~/workspace/setup-ubuntu/CertEmulationCA.crt"
$ sudo -E canonical-livepatch enable MY_SECRET_TOKEN
2020/08/06 14:42:59 error executing enable: cannot enable machine: cannot send request: Post https://livepatch.canonical.com/api/machine-tokens: x509: certificate signed by unknown authority
I've successfully set the proxy using:
sudo canonical-livepatch config http-proxy="PROXYHOSTNAME:PORT" https-proxy="PROXYHOSTNAME:PORT"
Please document how the command + arguments are intended to work and to be used, as this (current doc) does not help a lot:
-------------------------
$ canonical-livepatch config --help
NAME:
canonical-livepatch config - configure livepatching on the machine
USAGE:
canonical-livepatch config [arguments...]
-------------------------
$ canonical-livepatch config ca-certs --help
NAME:
canonical-livepatch config - configure livepatching on the machine
USAGE:
canonical-livepatch config [arguments...]
-------------------------
Thanks in advance! =)
Best regards
Michael F. |
(Note: The requested output from the various commands according to your bug reporting guidelines are attached as a txt file).
I'm having trouble enabling / running canonical-livepatch through a corporate proxy with it's own root trusted CA cert.
I've managed to setup everything else so traffic goes through it, including snap, apt, browser(s) and so forth.
All requests to enable livepatch always result in:
$ sudo -E canonical-livepatch enable MY_SECRET_TOKEN
2020/08/06 14:42:59 error executing enable: cannot enable machine: cannot send request: Post https://livepatch.canonical.com/api/machine-tokens: x509: certificate signed by unknown authority
I've tried in a number of ways to get the CA cert registered with livepatch, sofar without any luck. For example:
$ sudo -E canonical-livepatch config ca-certs="$(cat ~/workspace/setup-ubuntu/CertEmulationCA.crt)"
invalid config "ca-certs=-----BEGIN CERTIFICATE-----\nscrambled-content-goes-on-and-on-and-on\n-----END CERTIFICATE-----" ignored (bad name)
Also, I've tried with a direct path to the cert like:
$ sudo canonical-livepatch config ca-certs="~/workspace/setup-ubuntu/CertEmulationCA.crt"
$ sudo -E canonical-livepatch enable MY_SECRET_TOKEN
2020/08/06 14:42:59 error executing enable: cannot enable machine: cannot send request: Post https://livepatch.canonical.com/api/machine-tokens: x509: certificate signed by unknown authority
I've successfully set the proxy using:
sudo canonical-livepatch config http-proxy="PROXYHOSTNAME:PORT" https-proxy="PROXYHOSTNAME:PORT"
Please document how the command + arguments are intended to work and to be used, as this (current doc) does not help a lot:
-------------------------
$ canonical-livepatch config --help
NAME:
canonical-livepatch config - configure livepatching on the machine
USAGE:
canonical-livepatch config [arguments...]
-------------------------
$ canonical-livepatch config ca-certs --help
NAME:
canonical-livepatch config - configure livepatching on the machine
USAGE:
canonical-livepatch config [arguments...]
-------------------------
Thanks in advance! =)
Best regards
Michael F. |
|