Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot download apps from splunkbase behind a TLS-inspecting corporate web proxy #686

Open
Res260 opened this issue Oct 24, 2024 · 0 comments

Comments

@Res260
Copy link

Res260 commented Oct 24, 2024

Title says it all. Here is an example error:

2024-10-24 12:58:01 "/usr/lib/python3.9/site-packages/requests/adapters.py", line 489, in send
2024-10-24 12:58:01 resp = conn.urlopen(   File "/usr/lib/python3.9/site-
2024-10-24 12:58:01 packages/urllib3/connectionpool.py", line 802, in urlopen     retries =
2024-10-24 12:58:01 retries.increment(   File "/usr/lib/python3.9/site-
2024-10-24 12:58:01 packages/urllib3/util/retry.py", line 594, in increment     raise
2024-10-24 12:58:01 MaxRetryError(_pool, url, error or ResponseError(cause))
2024-10-24 12:58:01 urllib3.exceptions.MaxRetryError:
2024-10-24 12:58:01 HTTPSConnectionPool(host='splunkbase.splunk.com', port=443): Max retries
2024-10-24 12:58:01 exceeded with url: /api/account:login/ (Caused by
2024-10-24 12:58:01 SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
2024-10-24 12:58:01 certificate verify failed: unable to get local issuer certificate
2024-10-24 12:58:01 (_ssl.c:1133)')))  During handling of the above exception, another exception
2024-10-24 12:58:01 occurred:  Traceback (most recent call last):   File
2024-10-24 12:58:01 "/opt/ansible/inventory/environ.py", line 891, in <module>     main()   File
2024-10-24 12:58:01 "/opt/ansible/inventory/environ.py", line 877, in main
2024-10-24 12:58:01 getSplunkInventory(inventory)   File "/opt/ansible/inventory/environ.py", line
2024-10-24 12:58:01 95, in getSplunkInventory     inventory["all"]["vars"] = getDefaultVars()
2024-10-24 12:58:01 File "/opt/ansible/inventory/environ.py", line 146, in getDefaultVars
2024-10-24 12:58:01 getSplunkbaseToken(defaultVars)   File "/opt/ansible/inventory/environ.py",
2024-10-24 12:58:01 line 350, in getSplunkbaseToken     resp =
2024-10-24 12:58:01 requests.post("https://splunkbase.splunk.com/api/account:login/",   File
2024-10-24 12:58:01 "/usr/lib/python3.9/site-packages/requests/api.py", line 115, in post
2024-10-24 12:58:01 return request("post", url, data=data, json=json, **kwargs)   File
2024-10-24 12:58:01 "/usr/lib/python3.9/site-packages/requests/api.py", line 59, in request
2024-10-24 12:58:01 return session.request(method=method, url=url, **kwargs)   File
2024-10-24 12:58:01 "/usr/lib/python3.9/site-packages/requests/sessions.py", line 587, in request
2024-10-24 12:58:01 resp = self.send(prep, **send_kwargs)   File "/usr/lib/python3.9/site-
2024-10-24 12:58:01 packages/requests/sessions.py", line 701, in send     r = adapter.send(request,
2024-10-24 12:58:01 **kwargs)   File "/usr/lib/python3.9/site-packages/requests/adapters.py", line
2024-10-24 12:58:01 563, in send     raise SSLError(e, request=request)
2024-10-24 12:58:01 requests.exceptions.SSLError: HTTPSConnectionPool(host='splunkbase.splunk.com',
2024-10-24 12:58:01 port=443): Max retries exceeded with url: /api/account:login/ (Caused by
2024-10-24 12:58:01 SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
2024-10-24 12:58:01 certificate verify failed: unable to get local issuer certificate
2024-10-24 12:58:01 (_ssl.c:1133)')))
2024-10-24 12:58:01 [WARNING]:  * Failed to parse /opt/ansible/inventory/environ.py with ini
2024-10-24 12:58:01 plugin: /opt/ansible/inventory/environ.py:16: Expected key=value host variable
2024-10-24 12:58:01 assignment, got: __future__
2024-10-24 12:58:01 [WARNING]: Unable to parse /opt/ansible/inventory/environ.py as an inventory
2024-10-24 12:58:01 source
2024-10-24 12:58:01 ERROR! No inventory was parsed, please check your configuration and options.

Here, splunkbase.splunk.com cannot be accessed because the cert is not recognized (because of the TLS-inspecting corporate proxy).

I read the documentation, and there seems to exist no way of disabling TLS/SSL verification with an environment variable.

In some organizations, removing TLS inspections on a domain is hard and I think docker-splunk should provide an option to either provide an intermediate CA or disable TLS verification altogether.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant