we have a python script we use to pull down the repos and create the series and pockets etc, however this time it’s giving us https timeouts and will not finish pulling down the jobs before erroring.
when trying manually with the command above it will return a login page for landscape in jason format.
I am putting the uri because if I don’t, it will error and ask for the uri, the command on this page does not include the uri
Second, I assume the distribution and series were created successfully? Can you confirm?
Third, from command line, what does this give you? landscape-api
Third,
execute curl https://{landscape-hostname}/ what is the result?
execute curl https://{landscape-hostname}/api/ what is the result?
check your /var/log/syslog as well, and see if anything is showing up with respect to landscape-api execution.
now, what is exact response to landscape-api sync-mirror-pocket security bionic ubuntu ?
Do you have other ubuntu OS series installed? focal? Is it the same result?
I have added these credentials to .profile, this hasn’t stopped it from prompting me to add these to the command, and using the python script I was able to create the distribution and series, with the landscape API I cannot get that to work either as it will too ask for credentials, uri and then give me a JSON output of:
root@landscape-XXXX-XX:~# landscape-api create-distribution ubuntu --key XXXXXXXXXXXXXX --secret XXXXXXXXXXXXXXXX --uri Index of /ubuntu
Got unexpected server error:
Status: 404
Error message:
404 Not FoundThe requested URL was not found on this server.
root@landscape-master-a1:~# landscape-api
Landscape API client (Python 3) - version 0.9.0
usage: /usr/local/bin/landscape-api [-h] [–key KEY] [–secret SECRET] [–uri URI] [–json] [–ssl-ca-file SSL_CA_FILE] [action]
Global Arguments:
-h, --help show this help message and exit
–key KEY The Landscape access key to use when making the API request. It defaults to the environment variable LANDSCAPE_API_KEY if not provided.
–secret SECRET The Landscape secret key to use when making the API request. It defaults to the environment variable LANDSCAPE_API_SECRET if not provided.
–uri URI The URI of your Landscape endpoint. It defaults to the environment variable LANDSCAPE_API_URI if not provided.
–json Output directly the JSON structure instead of the Python representation.
–ssl-ca-file SSL_CA_FILE
SSL CA certificate to validate server. If not provided, the SSL certificate provided by the server will be verified with the system CAs. It defaults to the
environment variable LANDSCAPE_API_SSL_CA_FILE if not provided
Actions:
accept-pending-computers
add-access-groups-to-role
add-annotation-to-computers
add-apt-sources-to-repository-profile
add-package-filters-to-pocket
add-permissions-to-role
add-persons-to-role
add-pockets-to-repository-profile
add-tags-to-computers
add-uploader-gpg-keys-to-pocket
approve-activities
associate-alert
associate-package-profile
associate-removal-profile
associate-repository-profile
associate-upgrade-profile
cancel-activities
change-computers-access-group
copy-package-profile
copy-role
copy-script
create-access-group
create-apt-source
create-cloud-otps
create-distribution
create-package-profile
create-pocket
create-removal-profile
create-repository-profile
create-role
create-saved-search
create-script
create-script-attachment
create-series
create-upgrade-profile
derive-series
diff-pull-pocket
disable-administrator
disassociate-alert
disassociate-package-profile
disassociate-removal-profile
disassociate-repository-profile
disassociate-upgrade-profile
edit-package-profile
edit-pocket
edit-removal-profile
edit-repository-profile
edit-saved-search
edit-script
edit-upgrade-profile
execute-script
get-access-groups
get-activities
get-activity-types
get-administrators
get-alert-subscribers
get-alerts
get-apt-sources
get-computers
get-computers-not-upgraded
get-csv-compliance-data
get-distributions
get-event-log
get-gpg-keys
get-juju-environments
get-juju-models
get-not-pinging-computers
get-package-profiles
get-packages
get-pending-computers
get-permissions
get-removal-profiles
get-repository-profiles
get-roles
get-saved-searches
get-script-code
get-scripts
get-settings
get-upgrade-profiles
get-upgraded-computers-by-frequency
get-usn-time-to-fix
import-gpg-key
install-packages
invite-administrator
list-pocket
modify-package-profile
pull-packages-to-pocket
reboot-computers
register-juju-environment
register-juju-model
reject-pending-computers
remove-access-group
remove-access-groups-from-role
remove-annotation-from-computers
remove-apt-source
remove-apt-source-from-repository-profile
remove-apt-sources
remove-apt-sources-from-repository-profile
remove-computers
remove-distribution
remove-gpg-key
remove-juju-environment
remove-juju-model
remove-package-filters-from-pocket
remove-package-profile
remove-packages
remove-packages-from-pocket
remove-permissions-from-role
remove-persons-from-role
remove-pocket
remove-pockets-from-repository-profile
remove-removal-profile
remove-repository-profile
remove-repository-profiles
remove-role
remove-saved-search
remove-script
remove-script-attachment
remove-series
remove-tags-from-computers
remove-upgrade-profile
remove-uploader-gpg-keys-from-pocket
rename-computers
set-settings
shutdown-computers
ssh
subscribe-to-alert
sync-mirror-pocket
unsubscribe-from-alert
upgrade-packages
curl https://{landscape-hostname}/
returns json for landscape login page
curl https://{landscape-hostname}/api
returns Query API Service
/var/log/syslog - doesn’t show any particular errors in regards to landscape API, can only see few entries for when I restarted landscape services
this is the exact response for:
root@landscape-master-a1:/var/log# landscape-api sync-mirror-pocket security bionic ubuntu --key {KEY} --secret {SECRET} --uri Index of /ubuntu
Got unexpected server error:
Status: 404
Error message:
404 Not FoundThe requested URL was not found on this server.
when trying focal I get the same result
when you execute “landscape-api create-distribution ubuntu” that is attempting to create that information on YOUR landscape server. Specifying --uri for the internet URL https://archive/ubuntu.com may cause problems. To minimize issues, Export the variables, and to make sure they are set, execute $echo $variable_name ← do this for each variable. Setting these up first will save you from needing to add anything to the landscape-api commands.
Also, make sure you setup an initial ID on YOUR landscape server. Use your browser and https://(your_server) and register the ID in landscape.
I have done as you suggested and exported the variables, and we have setup a user for landscape-api on the server, as well as a user for myself.
after exporting I do not get a prompt for the uri I get more https timeouts:
root@landscape-master-a1:~# landscape-api create-distribution ubuntu
HTTPSConnectionPool(host=‘landscape-int.mol.dmgt.net’, port=443): Max retries exceeded with url: /api/ (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)’)))
the ca file has been exported with:
export LANDSCAPE_API_SSL_CA_FILE=“/path/to/ca/file”
with the landscape_server_ca.crt file specified
openssl s_client -connect landscape-xxx.xxx.xxxx.net:443
when running the above I get a successful handshake
How are you executing this? Often I find if you execute within python or other languages the search for the certificate fails because that module/language being used has it’s own CA store somewhere (i.e., its not using the operating system standard path for CA)
I am using a linux command to execute this:
landscape-api create-distribution ubuntu
It should be searching that OS standard path for CA?
Ok. If using landscape-api at command line then it should find it in /etc/ssl/cert/ if not specifically told where to look , I assume it was placed there. Check the landscape issuing CA cert in there and confirm it is able to verify the landscape cert assigned to your web site. Use openssl command to validate all this.
Also execute update-ca-certificates command, that is sometimes required.
Also, check your apache2 file being used for your server, confirm the certificates are pointing to the same location.