You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@openwhisk.apache.org by GitBox <gi...@apache.org> on 2019/09/29 19:26:11 UTC
[GitHub] [openwhisk-deploy-kube] brunowego opened a new issue #532: Unable
to verify the first certificate
brunowego opened a new issue #532: Unable to verify the first certificate
URL: https://github.com/apache/openwhisk-deploy-kube/issues/532
Hi, I am trying to understand where I am making a mistake. After try run `wsk action invoke` to `contactdb/create-database`, I receive the follow error:
## Issue Log
```sh
$ wsk action invoke contactdb/create-database -r -i -v
REQUEST:
[POST] https://openwhisk.192.168.64.2.nip.io:443/api/v1/namespaces/_/actions/contactdb/create-database?blocking=true&result=true
Req Headers
{
"Authorization": [
"Basic MjNiYzQ2YjEtNzFmNi00ZWQ1LThjNTQtODE2YWE0ZjhjNTAyOjEyM3pPM3haQ0xyTU42djJCS0sxZFhZRnBYbFBrY2NPRnFtMTJDZEFzTWdSVTRWck5aOWx5R1ZDR3VNREdJd1A="
],
"Content-Type": [
"application/json"
],
"User-Agent": [
"OpenWhisk-CLI/1.0 (not set) darwin amd64"
]
}
Req Body
{}
RESPONSE:Got response with code 502
Resp Headers
{
"Access-Control-Allow-Headers": [
"Authorization, Origin, X-Requested-With, Content-Type, Accept, User-Agent"
],
"Access-Control-Allow-Methods": [
"GET, DELETE, POST, PUT, HEAD"
],
"Access-Control-Allow-Origin": [
"*"
],
"Connection": [
"keep-alive"
],
"Content-Length": [
"850"
],
"Content-Type": [
"application/json"
],
"Date": [
"Sun, 29 Sep 2019 08:00:19 GMT"
],
"Server": [
"openresty/1.15.8.1"
],
"X-Openwhisk-Activation-Id": [
"f01d5caadfed4c2e9d5caadfedac2e78"
],
"X-Request-Id": [
"da4d34722dfb36043fd8d35446ed233a"
]
}
Response body size is 850 bytes
Response body received:
{"error":{"code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE","description":"unable to verify the first certificate","errid":"request","message":"error happened in your connection","name":"Error","scope":"socket","stack":"Error: unable to verify the first certificate\n at Error (native)\n at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)\n at emitNone (events.js:86:13)\n at TLSSocket.emit (events.js:185:7)\n at TLSSocket._finishInit (_tls_wrap.js:609:8)\n at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:439:38)","stacktrace":["Error: unable to verify the first certificate"," at Error (native)"," at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)"," at emitNone (events.js:86:13)"," at TLSSocket.emit (events.js:185:7)"," at TLSSocket._finishInit (_tls_wrap.js:609:8)"," at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:439:38)"]}}
{
"error": {
"code": "UNABLE_TO_VERIFY_LEAF_SIGNATURE",
"description": "unable to verify the first certificate",
"errid": "request",
"message": "error happened in your connection",
"name": "Error",
"scope": "socket",
"stack": "Error: unable to verify the first certificate\n at Error (native)\n at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)\n at emitNone (events.js:86:13)\n at TLSSocket.emit (events.js:185:7)\n at TLSSocket._finishInit (_tls_wrap.js:609:8)\n at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:439:38)",
"stacktrace": [
"Error: unable to verify the first certificate",
" at Error (native)",
" at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)",
" at emitNone (events.js:86:13)",
" at TLSSocket.emit (events.js:185:7)",
" at TLSSocket._finishInit (_tls_wrap.js:609:8)",
" at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:439:38)"
]
}
}
```
Do you have any tip about how solve this? Thanks.
## Steps to Reproduce
```sh
kubectl label nodes --all openwhisk-role=invoker
kubectl create namespace openwhisk
```
```sh
git clone https://github.com/apache/openwhisk-deploy-kube.git
```
```sh
kubectl create secret tls example.tls-secret \
--cert='/etc/ssl/certs/example/root-ca.crt' \
--key='/etc/ssl/private/example/root-ca.key' \
-n openwhisk
```
```sh
helm install openwhisk-deploy-kube/helm/openwhisk \
-n openwhisk \
--namespace openwhisk \
--set whisk.ingress.apiHostName="openwhisk.$(minikube ip).nip.io" \
--set whisk.ingress.apiHostPort='443' \
--set whisk.ingress.type='Standard' \
--set whisk.ingress.domain="openwhisk.$(minikube ip).nip.io" \
--set whisk.ingress.tls.enabled=true \
--set whisk.ingress.tls.secretenabled=true \
--set whisk.ingress.tls.secretname='example.tls-secret' \
--set whisk.ingress.annotations."nginx\.ingress\.kubernetes\.io/proxy-body-size"=0
```
```sh
rm -fR openwhisk-deploy-kube
```
```sh
curl -k "https://openwhisk.$(minikube ip).nip.io/v1/health-check"
```
```sh
cat << EOF | kubectl apply -f -
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: openwhisk-couchdb
namespace: openwhisk
spec:
rules:
- host: couchdb.$(minikube ip).nip.io
http:
paths:
- backend:
serviceName: openwhisk-couchdb
servicePort: 5984
path: /
tls:
- hosts:
- couchdb.$(minikube ip).nip.io
secretName: example.tls-secret
EOF
```
```sh
wsk property set \
--apihost "openwhisk.$(minikube ip).nip.io:443"
wsk property set \
--auth '23bc46b1-71f6-4ed5-8c54-816aa4f8c502:123zO3xZCLrMN6v2BKK1dXYFpXlPkccOFqm12CdAsMgRU4VrNZ9lyGVCGuMDGIwP'
wsk package update contact -i
wsk package list -i
wsk action update contact/form ./contact/form.js --web true -i
wsk action get contact/form --url -i 2> /dev/null
wsk action list -i
wsk action update contact/submit ./contact/submit.js --web true -i
wsk action list -i
wsk package bind /whisk.system/cloudant contactdb \
-p username 'whisk_admin' \
-p password 'some_passw0rd' \
-p host "couchdb.$(minikube ip).nip.io" \
-p dbname contactdb \
-i
wsk package get contactdb -i
wsk package list -i
wsk action invoke contactdb/create-database -r -i -v
wsk action list -i
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services