Can't login into my CloudFoundry instance. SSL error

StackOverflow https://stackoverflow.com/questions/14154990

  •  13-01-2022
  •  | 
  •  

質問

I deployed CloudFoundry on top of vSphere using BOSH (full BOSH with CF manifest file) with attribute srv_api_uri: http://api.cf.epam.by When I trying to login into my CloudFoundry instance I got error

vmc login
target: http://api.cf.epam.by

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown protocol
For more information, see ~/.vmc/crash

result of vmc login -t is 

target: http://api.cf.epam.by

>>>
REQUEST: GET /info
REQUEST_HEADERS:
  accept : application/json
  user-agent : Ruby
  content-length : 0
RESPONSE: [200]
RESPONSE_HEADERS:
  date : Fri, 04 Jan 2013 09:51:24 GMT
  server : nginx
  content-type : application/json; charset=utf-8
  etag : "35acd28a7b24338237a8a1025d78f6ca"
  cache-control : max-age=0, private, must-revalidate
  x-ua-compatible : IE=Edge,chrome=1
  transfer-encoding : chunked
{
  "name": "vcap",
  "build": 2222,
  "support": "http://support.cloudfoundry.com",
  "version": "0.999",
  "description": "VMware's Cloud Application Platform",
  "allow_debug": false,
  "frameworks": {
    "sinatra": {
      "name": "sinatra",
      "runtimes": [
        {
          "name": "ruby18",
          "version": "1.8.7p357",
          "description": "Ruby 1.8"
        },
        {
          "name": "ruby19",
          "version": "1.9.2p180",
          "description": "Ruby 1.9"
        }
      ],
      "detection": [
        {
          "*.rb": "\\s*require[\\s\\(]*['\"]sinatra(/base)?['\"]"
        },
        {
          "config/environment.rb": false
        }
      ]
    },
    "play": {
      "name": "play",
      "runtimes": [
        {
          "name": "java",
          "version": "1.6.0_24",
          "description": "Java 6"
        },
        {
          "name": "java7",
          "version": "1.7.0_04",
          "description": "Java 7"
        }
      ],
      "detection": [
        {
          "lib/play.*.jar": true
        }
      ]
    },
    "standalone": {
      "name": "standalone",
      "runtimes": [
        {
          "name": "java",
          "version": "1.6.0_24",
          "description": "Java 6"
        },
        {
          "name": "java7",
          "version": "1.7.0_04",
          "description": "Java 7"
        },
        {
          "name": "ruby18",
          "version": "1.8.7p357",
          "description": "Ruby 1.8"
        },
        {
          "name": "ruby19",
          "version": "1.9.2p180",
          "description": "Ruby 1.9"
        },
        {
          "name": "node",
          "version": "0.4.12",
          "description": "Node.js"
        },
        {
          "name": "node06",
          "version": "0.6.8",
          "description": "Node.js"
        },
        {
          "name": "node08",
          "version": "0.8.2",
          "description": "Node.js"
        }
      ],
      "detection": [ ]
    },
    "rack": {
      "name": "rack",
      "runtimes": [
        {
          "name": "ruby18",
          "version": "1.8.7p357",
          "description": "Ruby 1.8"
        },
        {
          "name": "ruby19",
          "version": "1.9.2p180",
          "description": "Ruby 1.9"
        }
      ],
      "detection": [
        {
          "config.ru": true
        },
        {
          "config/environment.rb": false
        }
      ]
    },
    "node": {
      "name": "node",
      "runtimes": [
        {
          "name": "node",
          "version": "0.4.12",
          "description": "Node.js"
        },
        {
          "name": "node06",
          "version": "0.6.8",
          "description": "Node.js"
        },
        {
          "name": "node08",
          "version": "0.8.2",
          "description": "Node.js"
        }
      ],


         "detection": [
       {
          "*.js": "."
        }
     ]
    },
    "spring": {
      "name": "spring",
      "runtimes": [
        {
          "name": "java",
          "version": "1.6.0_24",
          "description": "Java 6"
        },
        {
          "name": "java7",
          "version": "1.7.0_04",
          "description": "Java 7"
        }
      ],
      "detection": [
        {
          "*.war": true
        }
      ]
    },
    "lift": {
      "name": "lift",
      "runtimes": [
        {
          "name": "java",
          "version": "1.6.0_24",
          "description": "Java 6"
        },
        {
          "name": "java7",
          "version": "1.7.0_04",
          "description": "Java 7"
        }
      ],
      "detection": [
        {
          "*.war": true
        }
      ]
    },
    "rails3": {
      "name": "rails3",
      "runtimes": [
        {
          "name": "ruby18",
          "version": "1.8.7p357",
          "description": "Ruby 1.8"
        },
        {
          "name": "ruby19",
          "version": "1.9.2p180",
          "description": "Ruby 1.9"
        }
      ],
      "detection": [
        {
          "config/application.rb": true
        },
        {
          "config/environment.rb": true
        }
      ]
    },
    "java_web": {
      "name": "java_web",
      "runtimes": [
        {
          "name": "java",
          "version": "1.6.0_24",
          "description": "Java 6"
        },
        {
          "name": "java7",
          "version": "1.7.0_04",
          "description": "Java 7"
        }
      ],
      "detection": [
        {
          "*.war": true
        }
      ]
    },
    "grails": {
      "name": "grails",
      "runtimes": [
        {
          "name": "java",
          "version": "1.6.0_24",
          "description": "Java 6"
        },
        {
          "name": "java7",
          "version": "1.7.0_04",
          "description": "Java 7"
        }
      ],
      "detection": [
        {
          "*.war": true
        }
      ]
    }
  },
  "authorization_endpoint": "https://uaa.cf.epam.by"
}
<<<
>>>
REQUEST: GET /login
REQUEST_HEADERS:
  accept : application/json
  user-agent : Ruby
  content-length : 0
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown protocol

For more information, see ~/.vmc/crash

Why it's trying to use SSL? Why "authorization_endpoint": "https://uaa.cf.epam.by" used https rather http? ( http://uaa.cf.epam.by is available but not a https://uaa.cf.epam.by)

P.S. I open such discussion at Google Groups https://groups.google.com/a/cloudfoundry.org/forum/#!topic/vcap-dev/OAZcsFiZ3LA%5B1-25-false%5D but on this moment I have nothing. Can somebody help me to figure out what is wrong?

役に立ちましたか?

解決

The current cf-release jobs have cloud_controller.yml.erb with a hard-coded https URL for the UAA. This is definitely mandatory in production, but I can see why you might want to change it in a dev environment. There are other places where the protocol is configured or guessed, e.g. in login.yml.erb:

<% if !properties.login || !properties.login.uaa_base
  # Fix this to https when SSL certs are working in dev and staging
  protocol = (properties.login && properties.login.protocol) ? properties.login.protocol : "http"
  uaa_base = "#{protocol}://uaa.#{properties.domain}"
else
  uaa_base = properties.login.uaa_base
end %>

You could modify the cloud_controller.yml.erb to do something similar and re-deploy.

他のヒント

There is yet-to-be merged patch available for cf-release to allow http-only uaa endpoints. Perhaps try this out and comment on the gerrit patch.

http://reviews.cloudfoundry.org/#/c/13137/

ライセンス: CC-BY-SA帰属
所属していません StackOverflow
scroll top