[slurm-users] ProfileInfluxDB: Influxdb server with self-signed certificate
Jeffrey T Frey
frey at udel.edu
Fri Aug 14 13:17:44 UTC 2020
Making the certificate globally-available on the host may not always be permissible. If I were you, I'd write/suggest a modification to the plugin to make the CA path (CURLOPT_CAPATH) and verification itself (CURLOPT_SSL_VERIFYPEER) configurable in Slurm. They are both straightforward options in the CURL API (a char* and an int, respectively) that could be set directly from parsed Slurm config options. Many other SSL CURL options would be just as easy (revocation path, etc.).
> On Aug 14, 2020, at 08:55 , Stefan Staeglich <staeglis at informatik.uni-freiburg.de> wrote:
>
> Hi,
>
> all except of /etc/ssl/certs/ca-certificates.crt is ignored. So I've copied it
> to /usr/local/share/ca-certificates/ and run update-ca-certificates.
>
> Now it's working :)
>
> Best,
> Stefan
>
> Am Freitag, 14. August 2020, 11:42:04 CEST schrieb Stefan Staeglich:
>> Hi,
>>
>> I try to setup the acct_gather plugin ProfileInfluxDB. Unfortunately our
>> influxdb server has a self-signed certificate only:
>> [2020-08-14T09:54:30.007] [46.0] error: acct_gather_profile/influxdb
>> _send_data: curl_easy_perform failed to send data (discarded). Reason: SSL
>> peer certificate or SSH remote key was not OK
>>
>> I've copied the certificate to /etc/ssl/certs/ but this doesn't help. But
>> his command is working:
>> curl 'https://influxdb-server.privat:8086' --cacert /etc/ssl/certs/
>> influxdb.crt
>>
>> Has someone a solution for this issue?
>>
>> Best,
>> Stefan
>
>
> --
> Stefan Stäglich, Universität Freiburg, Institut für Informatik
> Georges-Köhler-Allee, Geb.74, 79110 Freiburg, Germany
>
> E-Mail : staeglis at informatik.uni-freiburg.de
> WWW : ml.informatik.uni-freiburg.de
> Telefon: +49 761 203-54216
> Fax : +49 761 203-74217
>
>
>
>
More information about the slurm-users
mailing list