Search Engine: Elastic

Article ID: 131394, created on Aug 31, 2017, last review on Sep 26, 2017

  • Applies to:
  • Operations Automation 7.1
  • Odin Automation Essentials 7.1

Symptoms

Since the latest python-libs package update (2.7.5-58.el7) its behavior about untrusted certificates has been changed (link) :

Note: The Python standard library was updated to enable certificate verification by default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219110)
https://access.redhat.com/articles/2039753

i.e. it now check if certificate is trusted by default. As a result, the following errors appear on attempt to work with Billing API or APS API methods via Python (API interfaces with SSL enabled):

Stdout: Traceback (most recent call last):
File "/usr/local/bm/tools_py/connect_to_poa.py", line 148, in <module>
update_pemgate(api_ip, api_port, o.is_ssl_enabled, o.api_login, o.api_passwd)
File "/usr/local/bm/tools_py/connect_to_poa.py", line 73, in update_pemgate
api.PEMGATE.PEMOptionsUpdate(api_ip, api_port, 6, 1)
File "/usr/lib/python2.7/site-packages/poaupdater/pbaapi.py", line 81, in __call__
return self.server.api(self.server.name, self.name, *args)
...
File "/usr/lib64/python2.7/ssl.py", line 833, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)

Cause

This behavior has been reported to Odin Development team as request #POA-112708: "Upgrade failed if MN on RHEL7 (not CentOS) with Python < 2.7.9".

Resolution

Please contact Technical Account Manager or pta@odin.com to trace the status of the request.

In order to workaround the issue disable certificate verification in /etc/python/cert-verification.cfg configuration file by specifying the following line:

[https] 
verify=disable

5356b422f65bdad1c3e9edca5d74a1ae caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07 8c199f0ee4305da1a577740620df4a51 1941880841f714e458ae4dc3d9f3062d d29f8259a7236d291b08be8147a45abd e2dd85103e4d5b8ef7231deccb87506e

Email subscription for changes to this article
Save as PDF