-
Bug
-
Resolution: Done
-
Critical
-
quay-v3.4.0
-
This issue no longer exists with the new config-tool. RHOCS storage behind SSL in a TNG operator environment has been tested and this issue could not be recreated.
-
Utapau [Quay 188]
Description:
This is an issue when configure Quay to use RHOCS as backend registry, after upload Noobaa's SSL cert, provide all required RHOCS configurations, enable "Require SSL", click "save configurations", quay-config app was failed to validate configurations, check Quay config-app POD logs, get "Unable to install certificates. Unexpected error: 'NoneType' object has no attribute 'fork_exec'", and "ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed". see attached logs
Quay Image: quay.io/projectquay/quay:50ba6130
Steps:
- Open Quay config-app
- Upload Noobaa's SSL cert
- In Registry Store, choose RHOCS
- Input all required RHOCS configurations, including enable "require SSL"
- Click button "Save configuration"
Expected Results:
Quay Config-app validations should complete successfully.
Actual Results:
Quay Config-app validations was failed.
Quay Config-app POD logs:
gunicorn-config stdout | 2020-08-05 06:53:26,164 [53] [ERROR] [config_app.config_endpoints.api.superuser] Unable to install certificates. Unexpected error: 'NoneType' object has no attribute 'fork_exec'
gunicorn-config stdout | Traceback (most recent call last):
gunicorn-config stdout | File "/quay-registry/config_app/config_endpoints/api/superuser.py", line 81, in post
gunicorn-config stdout | process = Popen([script_filename], stderr=PIPE, stdout=PIPE, env=script_env)
gunicorn-config stdout | File "/usr/lib64/python3.6/subprocess.py", line 729, in _init_
gunicorn-config stdout | restore_signals, start_new_session)
gunicorn-config stdout | File "/usr/lib64/python3.6/subprocess.py", line 1288, in _execute_child
gunicorn-config stdout | self.pid = _posixsubprocess.fork_exec(
gunicorn-config stdout | AttributeError: 'NoneType' object has no attribute 'fork_exec'
......
File "/quay-registry/src/boto/boto/connection.py", line 943, in _mexe
request.body, request.headers)
File "/quay-registry/src/boto/boto/s3/key.py", line 806, in sender
http_conn.endheaders()
File "/usr/lib64/python3.6/http/client.py", line 1249, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib64/python3.6/http/client.py", line 1036, in _send_output
self.send(msg)
File "/usr/lib64/python3.6/http/client.py", line 974, in send
self.connect()
File "/usr/lib64/python3.6/http/client.py", line 1422, in connect
server_hostname=server_hostname)
File "/usr/local/lib64/python3.6/site-packages/gevent/_ssl3.py", line 66, in wrap_socket
_session=session)
File "/usr/local/lib64/python3.6/site-packages/gevent/ssl3.py", line 267, in __init_
raise x
File "/usr/local/lib64/python3.6/site-packages/gevent/ssl3.py", line 263, in __init_
self.do_handshake()
File "/usr/local/lib64/python3.6/site-packages/gevent/_ssl3.py", line 587, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/quay-registry/util/config/validator.py", line 83, in validate_service_for_config
VALIDATORS[service](validator_context)
File "/quay-registry/util/config/validators/validate_storage.py", line 44, in validate
"Invalid storage configuration: %s: %s" % (name, msg)
util.config.validators.ConfigValidationException: Invalid storage configuration: noobaa: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)
