Re: [slurm-users] ProfileInfluxDB: Influxdb server with self-signed certificate
Making the certificate globally-available on the host may not always be permissible. If I were you, I'd write/suggest a modification to the plugin to make the CA path (CURLOPT_CAPATH) and verification itself (CURLOPT_SSL_VERIFYPEER) configurable in Slurm. They are both straightforward options in the CURL API (a char* and an int, respectively) that could be set directly from parsed Slurm config options. Many other SSL CURL options would be just as easy (revocation path, etc.). > On Aug 14, 2020, at 08:55 , Stefan Staeglich > wrote: > > Hi, > > all except of /etc/ssl/certs/ca-certificates.crt is ignored. So I've copied > it > to /usr/local/share/ca-certificates/ and run update-ca-certificates. > > Now it's working :) > > Best, > Stefan > > Am Freitag, 14. August 2020, 11:42:04 CEST schrieb Stefan Staeglich: >> Hi, >> >> I try to setup the acct_gather plugin ProfileInfluxDB. Unfortunately our >> influxdb server has a self-signed certificate only: >> [2020-08-14T09:54:30.007] [46.0] error: acct_gather_profile/influxdb >> _send_data: curl_easy_perform failed to send data (discarded). Reason: SSL >> peer certificate or SSH remote key was not OK >> >> I've copied the certificate to /etc/ssl/certs/ but this doesn't help. But >> his command is working: >> curl 'https://influxdb-server.privat:8086' --cacert /etc/ssl/certs/ >> influxdb.crt >> >> Has someone a solution for this issue? >> >> Best, >> Stefan > > > -- > Stefan Stäglich, Universität Freiburg, Institut für Informatik > Georges-Köhler-Allee, Geb.74, 79110 Freiburg,Germany > > E-Mail : staeg...@informatik.uni-freiburg.de > WWW: ml.informatik.uni-freiburg.de > Telefon: +49 761 203-54216 > Fax: +49 761 203-74217 > > > >
Re: [slurm-users] ProfileInfluxDB: Influxdb server with self-signed certificate
Hi, all except of /etc/ssl/certs/ca-certificates.crt is ignored. So I've copied it to /usr/local/share/ca-certificates/ and run update-ca-certificates. Now it's working :) Best, Stefan Am Freitag, 14. August 2020, 11:42:04 CEST schrieb Stefan Staeglich: > Hi, > > I try to setup the acct_gather plugin ProfileInfluxDB. Unfortunately our > influxdb server has a self-signed certificate only: > [2020-08-14T09:54:30.007] [46.0] error: acct_gather_profile/influxdb > _send_data: curl_easy_perform failed to send data (discarded). Reason: SSL > peer certificate or SSH remote key was not OK > > I've copied the certificate to /etc/ssl/certs/ but this doesn't help. But > his command is working: > curl 'https://influxdb-server.privat:8086' --cacert /etc/ssl/certs/ > influxdb.crt > > Has someone a solution for this issue? > > Best, > Stefan -- Stefan Stäglich, Universität Freiburg, Institut für Informatik Georges-Köhler-Allee, Geb.74, 79110 Freiburg,Germany E-Mail : staeg...@informatik.uni-freiburg.de WWW: ml.informatik.uni-freiburg.de Telefon: +49 761 203-54216 Fax: +49 761 203-74217
[slurm-users] ProfileInfluxDB: Influxdb server with self-signed certificate
Hi, I try to setup the acct_gather plugin ProfileInfluxDB. Unfortunately our influxdb server has a self-signed certificate only: [2020-08-14T09:54:30.007] [46.0] error: acct_gather_profile/influxdb _send_data: curl_easy_perform failed to send data (discarded). Reason: SSL peer certificate or SSH remote key was not OK I've copied the certificate to /etc/ssl/certs/ but this doesn't help. But his command is working: curl 'https://influxdb-server.privat:8086' --cacert /etc/ssl/certs/ influxdb.crt Has someone a solution for this issue? Best, Stefan -- Stefan Stäglich, Universität Freiburg, Institut für Informatik Georges-Köhler-Allee, Geb.74, 79110 Freiburg,Germany E-Mail : staeg...@informatik.uni-freiburg.de WWW: ml.informatik.uni-freiburg.de Telefon: +49 761 203-54216 Fax: +49 761 203-74217