SSL Certificates could not be verified

[gundasiva]

@drstrangelooker - could you please take a look into this issue?

Here is my Dockerfile

FROM python:3.9

Install dependencies

RUN apt-get update -y && apt-get install -y ca-certificates

included all certs

RUN update-ca-certificates

ENV CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt

add if using node

ENV NODE_EXTRA_CA_CERTS=${CURL_CA_BUNDLE}

add if using ruby

ENV BUNDLE_SSL_CA_CERT=${CURL_CA_BUNDLE}

add if using perl

ENV HTTPS_CA_FILE=${CURL_CA_BUNDLE}
ENV PERL_LWP_SSL_CA_FILE=${CURL_CA_BUNDLE}

add if using python

ENV REQUESTS_CA_BUNDLE=${CURL_CA_BUNDLE}
ENV SSL_CERT_FILE=${CURL_CA_BUNDLE}

RUN apt update
RUN apt -y install ruby ruby-dev
RUN gem install gazer

RUN apt -y install git
RUN git clone https://github.com/looker-open-source/looker_deployer.git

WORKDIR /looker_deployer

COPY looker.ini .
RUN pip install .

ENTRYPOINT ["ldeploy"]

docker run \
-v /Users/abc/repos/looker/ldeploy_settings:/ldeploy_settings
-v /Users/abc/repos/looker/ldeploy_output:/ldeploy_output
ldeploy content export
--debug
--ini /ldeploy_settings/looker.ini
--local-target /ldeploy_output
--env prod --folders 231
{"levelname": "DEBUG", "module": "deploy_content_export", "funcName": "main", "message": "ini file", "ini": "/ldeploy_settings/looker.ini", "timestamp": "2023-06-23T04:44:06.165962Z"}
{"levelname": "INFO", "module": "deploy_content_export", "funcName": "main", "message": "Exporting content", "env": "prod", "folders": ["231"], "dashboards": null, "looks": null, "local_target": "/ldeploy_output", "timestamp": "2023-06-23T04:44:06.166097Z"}
{"levelname": "DEBUG", "module": "deploy_content_export", "funcName": "recurse_folders", "message": "recursive folder crawl status", "current_id": "231", "folder_name": "myuser", "current_list": ["myuser"], "timestamp": "2023-06-23T04:44:07.031501Z"}
{"levelname": "DEBUG", "module": "deploy_content_export", "funcName": "recurse_folders", "message": "going for recursion", "parent_id": "2", "timestamp": "2023-06-23T04:44:07.031599Z"}
{"levelname": "DEBUG", "module": "deploy_content_export", "funcName": "recurse_folders", "message": "recursive folder crawl status", "current_id": "2", "folder_name": "Users", "current_list": ["myuser", "Users"], "timestamp": "2023-06-23T04:44:07.494477Z"}
{"levelname": "DEBUG", "module": "deploy_content_export", "funcName": "send_export", "message": "folder_list", "folder_id": "231", "list": ["Users", "myuser"], "timestamp": "2023-06-23T04:44:07.494613Z"}
options: {"debug"=>true, "host"=>"mylooker.cloud.looker.com", "port"=>"443", "ssl"=>true, "verify_ssl"=>false, "timeout"=>60, "force"=>false, "persistent"=>false, "token_file"=>false, "client_id"=>"myclientid", "client_secret"=>"mysecret", "dir"=>"/ldeploy_output/Users"}
using options ["debug=>true", "host=>mylooker.cloud.looker.com", "port=>443", "ssl=>true", "verify_ssl=>false", "timeout=>60", "force=>false", "persistent=>false", "token_file=>false", "client_id=>myclientid", "dir=>/ldeploy_output/Users"]
logout
ERROR: SSL Certificate could not be verified
Do you need the --no-verify-ssl option or the --no-ssl option?

[drstrangelooker]

That is weird. Can you try removing the line that says ENV BUNDLE_SSL_CA_CERT=${CURL_CA_BUNDLE} and try again. That shouldn't be required.

[gundasiva]

Thanks for the response. I removed the above line. I tried both verify_ssl=True and verify_ssl=False both did not work.

options: {"debug"=>true, "host"=>"hostname", "port"=>"443", "ssl"=>true, "verify_ssl"=>true, "timeout"=>60, "force"=>false, "token_file"=>false, "client_id"=>"", "client_secret"=>"", "dir"=>"/ldeploy_output/Users"}
using options ["debug=>true", "host=>", "port=>443", "ssl=>true", "verify_ssl=>true", "timeout=>60", "force=>false", "token_file=>false", "client_id=>", "dir=>/ldeploy_output/Users"]
logout
ERROR: SSL Certificate could not be verified
Do you need the --no-verify-ssl option or the --no-ssl option?

options: {"debug"=>true, "host"=>"hostname", "port"=>"443", "ssl"=>true, "verify_ssl"=>false, "timeout"=>60, "force"=>false, "token_file"=>false, "client_id"=>"", "client_secret"=>"", "dir"=>"/ldeploy_output/Users"}
using options ["debug=>true", "host=>", "port=>443", "ssl=>true", "verify_ssl=>false", "timeout=>60", "force=>false", "token_file=>false", "client_id=>", "dir=>/ldeploy_output/Users"]
logout
ERROR: SSL Certificate could not be verified
Do you need the --no-verify-ssl option or the --no-ssl option?

Could you please let me know any other things you could think of? Thanks

[RedPeppersPLF]

Hello,
I managed to make it work not following the Docker guide from here, but using the Docker guide from gzr itself. I suppose certificate bundle does not work the same in ruby docker image or python docker image. Here is mine :

FROM --platform=linux/amd64 ruby:3.2.2-bullseye

ADD mycert.crt /usr/local/share/ca-certificates/mycert.crt
RUN update-ca-certificates
RUN gem install gazer -v 0.3.14

RUN apt-get update
RUN apt-get -y install python3 python3-pip
RUN pip3 install looker-deployer
RUN cat /usr/local/share/ca-certificates/mycert.crt >> $(python3 -m certifi)
ENV SSL_CERT_FILE=/ect/ssl/certs/ca-certificates.crt

WORKDIR /root

COPY looker.ini .

Here I am registering certificate in base certificate store for both ruby and python to use it.
Then I run :
docker run --rm -v /tmp/share:/tmp/share ld ldeploy content export --dashboards 106 --env uat --local-target /tmp/share --debug

Hope it helps