Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: quay-v3.4.0
Affects Version/s: quay-v3.4.0
Component/s: config-tool, quay
Labels:
- Python3

Release Note Text:
This issue no longer exists with the new config-tool. RHOCS storage behind SSL in a TNG operator environment has been tested and this issue could not be recreated.

Sprint:
Utapau [Quay 188]
RICE Score:
0

SFDC Cases Links:
SFDC Cases Counter:

Description

Description:

This is an issue when configure Quay to use RHOCS as backend registry, after upload Noobaa's SSL cert, provide all required RHOCS configurations, enable "Require SSL", click "save configurations", quay-config app was failed to validate configurations, check Quay config-app POD logs, get "Unable to install certificates. Unexpected error: 'NoneType' object has no attribute 'fork_exec'", and "ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed". see attached logs

Quay Image: quay.io/projectquay/quay:50ba6130

Steps:

Open Quay config-app
Upload Noobaa's SSL cert
In Registry Store, choose RHOCS
Input all required RHOCS configurations, including enable "require SSL"
Click button "Save configuration"

Expected Results:

Quay Config-app validations should complete successfully.

Actual Results:

Quay Config-app validations was failed.

Quay Config-app POD logs:

gunicorn-config stdout | 2020-08-05 06:53:26,164 [53] [ERROR] [config_app.config_endpoints.api.superuser] Unable to install certificates. Unexpected error: 'NoneType' object has no attribute 'fork_exec'

gunicorn-config stdout | Traceback (most recent call last):

gunicorn-config stdout | File "/quay-registry/config_app/config_endpoints/api/superuser.py", line 81, in post

gunicorn-config stdout | process = Popen([script_filename], stderr=PIPE, stdout=PIPE, env=script_env)

gunicorn-config stdout | File "/usr/lib64/python3.6/subprocess.py", line 729, in _init_

gunicorn-config stdout | restore_signals, start_new_session)

gunicorn-config stdout | File "/usr/lib64/python3.6/subprocess.py", line 1288, in _execute_child

gunicorn-config stdout | self.pid = _posixsubprocess.fork_exec(

gunicorn-config stdout | AttributeError: 'NoneType' object has no attribute 'fork_exec'

......

File "/quay-registry/src/boto/boto/connection.py", line 943, in _mexe

request.body, request.headers)

File "/quay-registry/src/boto/boto/s3/key.py", line 806, in sender

http_conn.endheaders()

File "/usr/lib64/python3.6/http/client.py", line 1249, in endheaders

self._send_output(message_body, encode_chunked=encode_chunked)

File "/usr/lib64/python3.6/http/client.py", line 1036, in _send_output

self.send(msg)

File "/usr/lib64/python3.6/http/client.py", line 974, in send

self.connect()

File "/usr/lib64/python3.6/http/client.py", line 1422, in connect

server_hostname=server_hostname)

File "/usr/local/lib64/python3.6/site-packages/gevent/_ssl3.py", line 66, in wrap_socket

_session=session)

File "/usr/local/lib64/python3.6/site-packages/gevent/ssl3.py", line 267, in __init_

raise x

File "/usr/local/lib64/python3.6/site-packages/gevent/ssl3.py", line 263, in __init_

self.do_handshake()

File "/usr/local/lib64/python3.6/site-packages/gevent/_ssl3.py", line 587, in do_handshake

self._sslobj.do_handshake()

ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

File "/quay-registry/util/config/validator.py", line 83, in validate_service_for_config

VALIDATORS[service](validator_context)

File "/quay-registry/util/config/validators/validate_storage.py", line 44, in validate

"Invalid storage configuration: %s: %s" % (name, msg)

util.config.validators.ConfigValidationException: Invalid storage configuration: noobaa: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)