0

I installed a vagrant plugin "vagrant-certificates" and added the following config to my ~/.vagrant.d/Vagrantfile

if !['plugin', 'box'].include? ARGV[0]
    unless Vagrant.has_plugin?("vagrant-ca-certificates")
      raise "Missing required plugin 'vagrant-certificates', run `vagrant plugin install vagrant-certificates`\n"
    end
end

config.certificates.enabled = true
config.certificates.certs = Dir.glob('/home/myhomedirectory/.vagrant.d/*.crt')

and the plugin won't run. Other people that I know who are using that plugin get the following output when they run vagrant up:

==> machine: Uploading root certificates to guest instance...
==> machine: -- /var/folders/mb/1pt7p7zd4q736lq4vdq_309w0000gn/T/vagrant-certificates20200122-60457- 
wop57o => /usr/share/ca-certificates/private/BA%20ROOT.crt
==> machine: -- /var/folders/mb/1pt7p7zd4q736lq4vdq_309w0000gn/T/vagrant-certificates20200122-60457- 
3v8nhs => /usr/share/ca-certificates/private/BA%20NPE%20CA-3%281%29.crt
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.

but I see no output related to certs:

enter image description here

and I'm getting an ssl error which indicates that the certs that I need have not been installed. Can anybody help me debug this?

EDIT: Other ways I've tried to specify the certs:

config.certificates.certs = [
  "./certROOT.crt",
  "./certNPE_CA_3.crt"
]

config.certificates.certs = [
  "http://pki.mycorp.org/certs/certROOT.crt",
  "http://pki.mycorp.org/certs/certNPE_CA_3.crt"
]

EDIT 2: Output of vagrant up --debug 2>&1 >/dev/null | grep -i certificate

 INFO manager:   - vagrant-certificates = [installed: 2.0.0 constraint: > 0]
DEBUG bundler: Current generated plugin dependency list: [<Gem::Dependency type=:runtime name="vagrant-certificates" requirements="= 2.0.0">]
DEBUG bundler: Activating solution set: ["vagrant-certificates-2.0.0"]
DEBUG bundler: Activating gem vagrant-certificates-2.0.0
 INFO manager: Loading plugin `vagrant-certificates` with default require: `vagrant-certificates`
 INFO manager: Registered plugin: vagrant-certificates
DEBUG manager: Successfully loaded plugin `vagrant-certificates`.
 INFO manager:   - vagrant-certificates = [installed: 2.0.0 constraint: > 0]
DEBUG bundler: Current generated plugin dependency list: [<Gem::Dependency type=:runtime name="vagrant-certificates" requirements="= 2.0.0">]
DEBUG bundler: Activating solution set: ["vagrant-certificates-2.0.0"]
DEBUG bundler: Activating gem vagrant-certificates-2.0.0
 INFO manager: Loading plugin `vagrant-certificates` with default require: `vagrant-certificates`
DEBUG manager: Successfully loaded plugin `vagrant-certificates`.
 INFO warden: Calling IN action: #<VagrantPlugins::Certificates::Action::InstallCertificates:0x0000000002eea438>
 INFO warden: Calling OUT action: #<VagrantPlugins::Certificates::Action::InstallCertificates:0x0000000002eea438>
DEBUG subprocess: stdout: fatal: [k8s-master]: FAILED! => {"changed": false, "msg": "Failed to validate the SSL certificate for packages.cloud.google.com:443. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificat

s/cacert.org, /etc/ansible. The exception msg was: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)."} INFO interface: detail: fatal: [k8s-master]: FAILED! => {"changed": false, "msg": "Failed to validate the SSL certificate for packages.cloud.google.com:443. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible. The exception msg was: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)."}

Peter Weeks
  • 291
  • 2
  • 16
  • 1
    Is the certs path correct? or is there a missing slash before home? – saf Jan 22 '20 at 23:03
  • there's a missing slash before home in my code here but not in the original. I'm fairly confident that the issue is not in the way I'm specifying the certs, because I've tried three different ways of doing so. I'll add to my post. – Peter Weeks Jan 23 '20 at 12:57
  • Have you run it with debug mode `vagrant up --debug`? You could search for _certificate_ and see if there is something relevant there, like `DEBUG manager: Successfully loaded plugin 'vagrant-certificates'.` – saf Jan 23 '20 at 16:05
  • yep I see that line: "DEBUG manager: Successfully loaded plugin `vagrant-certificates`." – Peter Weeks Jan 23 '20 at 16:47
  • would it help for me to post the full output of vagrant up --debug? – Peter Weeks Jan 23 '20 at 17:11
  • You should see something looking at certificate related lines: `vagrant up --debug 2>&1 >/dev/null | grep -i certificate` – saf Jan 23 '20 at 23:07

0 Answers0