Custom SSL certs into the runners - python az cli errors #3316
Unanswered
ostanescu777
asked this question in
Questions
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
We are trying to make a set of runners with custom root CAs preinstaled
then after instantiating them use them, we need to install some more az cli items (bicep, etc.)
these az cli commands are not happening because SSL errors like this.,..
2024-02-05T20:51:18.5842639Z File "/opt/az/lib/python3.11/site-packages/urllib3/connectionpool.py", line 1058, in validate_conn
2024-02-05T20:51:18.5843059Z conn.connect()
2024-02-05T20:51:18.5843597Z File "/opt/az/lib/python3.11/site-packages/urllib3/connection.py", line 419, in connect
2024-02-05T20:51:18.5844015Z self.sock = ssl_wrap_socket(
2024-02-05T20:51:18.5844291Z ^^^^^^^^^^^^^^^^
2024-02-05T20:51:18.5844831Z File "/opt/az/lib/python3.11/site-packages/urllib3/util/ssl.py", line 449, in ssl_wrap_socket
2024-02-05T20:51:18.5845252Z ssl_sock = ssl_wrap_socket_impl(
2024-02-05T20:51:18.5845549Z ^^^^^^^^^^^^^^^^^^^^^^
So what are we missing?
We are putting the certs in these folders - with a docker file like bellow.
Do we need a python command similar to "update-ca-certificates"?
FROM summerwind/actions-runner
COPY ./custom_CA_crt/* /usr/local/share/ca-certificates/
COPY ./custom_CA_pem/* /opt/az/lib/python3.11/site-packages/certifi/
USER root
RUN cat <> /opt/az/lib/python3.11/site-packages/certifi/cacert.pem
bla bla certificate text 1
bla bla certificate text 2
EOT
ENV REQUESTS_CA_BUNDLE /opt/az/lib/python3.11/site-packages/certify
RUN update-ca-certificates
Beta Was this translation helpful? Give feedback.
All reactions