MAAS

Bug #2067503
Comment #4

Comment 4 for bug 2067503

Revision history for this message

Andrew (andrew-boatrocker) wrote on 2024-05-29:

Hi Anton,

The non-ascii symbols are in a comment line in the .pem file. Their ultimate source is the Mozilla root CA list, in the NetLock Arany entry:

https://wiki.mozilla.org/CA/Included_Certificates
https://ccadb.my.salesforce-sites.com/mozilla/IncludedCACertificateReport

Redhat puts them into the /etc/pki/tls/cert.pem file by default. When we add our private cert chain to that file with "update-ca-certs", the NetLock Arany entry remains (along with all of the other Mozilla root certs). So it's a very long file, and in the middle of it is this:

5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oGI/hGoiLtk/bdmuYqh7GYVPEi92tF4+KO
dh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmgkpzNNIaRkPpkUZ3+/uul
9XXeifdy
-----END CERTIFICATE-----

# NetLock Arany (Class Gold) Főtanúsítvány
-----BEGIN CERTIFICATE-----
MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG
EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3
MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl

I don't get a proper traceback. All that I get other than the error is a usage message. Here's the full output:

$ maas login --cacerts /etc/pki/tls/cert.pem $USER https://$MAAS_HOST:5443/MAAS `cat ~/maas-api-key`
usage: maas [-h] COMMAND ...

options:
-h, --help show this help message and exit

drill down:
  COMMAND
    login Log in to a remote API, and remember its description and credentials.
    logout Log out of a remote API, purging any stored credentials.
    list List remote APIs that have been logged-in to.
    refresh Refresh the API descriptions of all profiles.
    init Initialise MAAS in the specified run mode.
    config View or change controller configuration.
    status Status of controller services.
    migrate Perform migrations on connected database.
    apikey Used to manage a user's API keys. Shows existing keys unless --generate or --delete is passed.
    configauth Configure external authentication.
    config-tls Configure MAAS Region TLS.
    config-vault Configure MAAS Region Vault integration.
    createadmin Create a MAAS administrator account.
    changepassword
                  Change a MAAS user's password.
    <user>
                  Interact with https://$MAAS_HOST:5443/MAAS/api/2.0/

https://maas.io/

'ascii' codec can't encode character '\u0151' in position 137865: ordinal not in range(128)

Hi Anton,

The non-ascii symbols are in a comment line in the .pem file.  Their ultimate source is the Mozilla root CA list, in the NetLock Arany entry:

https://wiki.mozilla.org/CA/Included_Certificates
https://ccadb.my.salesforce-sites.com/mozilla/IncludedCACertificateReport

Redhat puts them into the /etc/pki/tls/cert.pem file by default.  When we add our private cert chain to that file with "update-ca-certs", the NetLock Arany entry remains (along with all of the other Mozilla root certs).  So it's a very long file, and in the middle of it is this:

5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oGI/hGoiLtk/bdmuYqh7GYVPEi92tF4+KO
dh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmgkpzNNIaRkPpkUZ3+/uul
9XXeifdy
-----END CERTIFICATE-----

I don't get a proper traceback.  All that I get other than the error is a usage message.  Here's the full output:

$ maas login --cacerts /etc/pki/tls/cert.pem $USER https://$MAAS_HOST:5443/MAAS `cat ~/maas-api-key`
usage: maas [-h] COMMAND ...

options:
  -h, --help      show this help message and exit

drill down:
  COMMAND
    login         Log in to a remote API, and remember its description and credentials.
    logout        Log out of a remote API, purging any stored credentials.
    list          List remote APIs that have been logged-in to.
    refresh       Refresh the API descriptions of all profiles.
    init          Initialise MAAS in the specified run mode.
    config        View or change controller configuration.
    status        Status of controller services.
    migrate       Perform migrations on connected database.
    apikey        Used to manage a user's API keys. Shows existing keys unless --generate or --delete is passed.
    configauth    Configure external authentication.
    config-tls    Configure MAAS Region TLS.
    config-vault  Configure MAAS Region Vault integration.
    createadmin   Create a MAAS administrator account.
    changepassword
                  Change a MAAS user's password.
    <user>
                  Interact with https://$MAAS_HOST:5443/MAAS/api/2.0/

https://maas.io/

'ascii' codec can't encode character '\u0151' in position 137865: ordinal not in range(128)