Hello,

can't you add the certificate to the list of trusted certificates on the system directly?


Rgds

Le ven. 1 avr. 2022 à 14:48, K L, Shivaschandra (DI SW CAS ES EPT OPS&QA PBU) <Shivaschandra_KL@mentor.com> a écrit :

Hi All ,

 

We had to add the path of certificates in worker.py in lava_dispatcher , as below l and restart the worker ,

 

#########

# Globals

#########

# Create the logger that will be configured later

logging.Formatter.convert = time.gmtime

LOG = logging.getLogger("lava-worker")

FORMAT = "%(asctime)-15s %(levelname)7s %(message)s"

 

SESSION = requests.Session()

SESSION.verify = '<Path to the Certificates>'

 

By adding the certificate path in worker.py file , connection of worker with HTTPS enabled lava-server instance was successful.

Is this the right method to achieve the results , or is there any other method with which we can do the same?

 

Thanks and regards ,

Shivaschandra K L

 

From: K L, Shivaschandra (DI SW CAS ES EPT OPS&QA PBU)
Sent: 29 March 2022 08:02 PM
To: 'lava-users@lists.lavasoftware.org' <lava-users@lists.lavasoftware.org>
Cc: Koturappa, Hemanth <Hemanth_Koturappa@mentor.com>
Subject: HTTPS configuration for LAVA Server.

 

Hi All ,

 

We had lava-server running on HTTP , we needed to migrate to HTTPS for security reasons.

We have configured our lava-server for HTTPS by configuring apache2 with root and issuing SSL certificates.

Post migration from HTTP to HTTPS, lava server works fine , but we are facing issues while worker tries to connect to lava server,

Following is the error that we are getting in lava-worker.log

 

ERROR -> server error: code 503

2022-03-29 19:38:15,598   DEBUG --> HTTPSConnectionPool(host='*.com', port=443): Max retries exceeded with url: /scheduler/internal/v1/workers/<worker-name> /?version=2021.10 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)')))

 

Are there any configurations that we have to do on the worker side to enable the sever – worker communication  to be up and running.

If there are any documentations that need to be followed to configure HTTPS , request to provide the documentation for the same.

 

 

Thanks and regards

Shivaschandra K L

_______________________________________________
Lava-users mailing list -- lava-users@lists.lavasoftware.org
To unsubscribe send an email to lava-users-leave@lists.lavasoftware.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s


--
Rémi Duraffort
TuxArchitect
Linaro