Ubuntu
python-httplib2 package

  1. Bug #1906720
  2. Comment #0

Comment 0 for bug 1906720

Revision history for this message
Jorge Niedbalski (niedbalski) wrote :

[Environment]

Bionic
python3-httplib2 | 0.9.2+dfsg-1ubuntu0.2

[Description]

maas cli fails to work with apis over https with self-signed certificates due to the lack
of disable_ssl_certificate_validation option with python 3.5.

[Distribution/Release, Package versions, Platform]
cat /etc/lsb-release; dpkg -l | grep maas
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.5 LTS"
ii maas 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all "Metal as a Service" is a physical cloud and IPAM
ii maas-cli 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all MAAS client and command-line interface
ii maas-common 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all MAAS server common files
ii maas-dhcp 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all MAAS DHCP server
ii maas-proxy 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all MAAS Caching Proxy
ii maas-rack-controller 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all Rack Controller for MAAS
ii maas-region-api 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all Region controller API service for MAAS
ii maas-region-controller 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all Region Controller for MAAS
ii python3-django-maas 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all MAAS server Django web framework (Python 3)
ii python3-maas-client 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all MAAS python API client (Python 3)
ii python3-maas-provisioningserver 2.8.2-8577-g.a3e674063-0ubuntu1~18.04.1 all MAAS server provisioning libraries (Python 3)

[Steps to Reproduce]

- prepare a maas server(installed by packages for me and the customer). it doesn't have to be HA to reproduce
- prepare a set of certificate, key and ca-bundle
- place a new conf[2] in /etc/nginx/sites-enabled and `sudo systemctl restart nginx`
- add the ca certificates to the host
sudo mkdir /usr/share/ca-certificates/extra
sudo cp -v ca-bundle.crt /usr/share/ca-certificates/extra/
dpkg-reconfigure ca-certificates
- login with a new profile over https url
- when not added the ca-bundle to the trusted ca cert store, it fails to login and '--insecure' flag also doesn't work[3]

[Known Workarounds]
None