Cosbench dosen't works with selfi signed certificate

[alebeta90]

Hello friends!

OS:Ubuntu Server
im using cosbench 0.4.2 and i want test my S3 environment with SSL, but is not working i recieve the next output:

2015-06-19 12:35:42,481 [ERROR] [AbstractOperator] - worker 1 fail to perform operation ga-cosbench1
com.intel.cosbench.api.storage.StorageException: com.amazonaws.AmazonClientException: Unable to execute HTTP request: peer not authenticated

i read that in other version cosbench support self signed certificate. But here is not working

Thanks! and all the best.
Alejandro B

[ywang19]

Hi Alejandro,

Normally, if you use a “https” protocol in “endpoint” parameter, the connection will automatically switch to use SSL. Could you paste the workload xml file?

-yaguang

From: alebeta90 [mailto:[email protected]]
Sent: Friday, June 19, 2015 6:39 PM
To: intel-cloud/cosbench
Subject: [cosbench] Cosbench dosen't works with selfi signed certificate (#277)

Hello friends!

OS:Ubuntu Server
im using cosbench 0.4.2 and i want test my S3 environment with SSL, but is not working i recieve the next output:

2015-06-19 12:35:42,481 [ERROR] [AbstractOperator] - worker 1 fail to perform operation ga-cosbench1
com.intel.cosbench.api.storage.StorageException: com.amazonaws.AmazonClientException: Unable to execute HTTP request: peer not authenticated

i read that in other version cosbench support self signed certificate. But here is not working

Thanks! and all the best.
Alejandro B

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/277.

[alebeta90]

Hello Yaguang!

Yes i already read about cosbench automatically must switch to use ssl, but i have this problem. Let me show you the workload.

Thanks for your Help!! and all the best.

<workstage name="init">
  <work type="init" workers="1" config="cprefix=ga-cosbench;containers=r(1,30)" />
</workstage>

<workstage name="prepare">
  <work type="prepare" workers="1" config="cprefix=ga-cosbench;containers=r(1,30);objects=r(1,30);sizes=c(64)KB" />
</workstage>

<workstage name="main">
  <work name="main" workers="8" runtime="30">
    <operation type="read" ratio="80" config="cprefix=ga-cosbench;containers=u(1,30);objects=u(1,30)" />
    <operation type="write" ratio="20" config="cprefix=ga-cosbench;containers=u(1,30);objects=u(11,30);sizes=c(1)GB" />

  </work>
</workstage>

<workstage name="cleanup">
  <work type="cleanup" workers="1" config="cprefix=ga-cosbench;containers=r(1,30);objects=r(1,30)" />
</workstage>

<workstage name="dispose">
  <work type="dispose" workers="1" config="cprefix=ga-cosbench;containers=r(1,30)" />
</workstage>

[ywang19]

Could you paste the complete one? Especially important part is the and section.

From: alebeta90 [mailto:[email protected]]
Sent: Tuesday, June 23, 2015 5:13 PM
To: intel-cloud/cosbench
Cc: Wang, Yaguang
Subject: Re: [cosbench] Cosbench dosen't works with selfi signed certificate (#277)

Hello Yaguang!

Yes i already read about cosbench automatically must switch to use ssl, but i have this problem. Let me show you the workload.

Thanks for your Help!! and all the best.

<operation type="read" ratio="80" config="cprefix=ga-cosbench;containers=u(1,30);objects=u(1,30)" />

<operation type="write" ratio="20" config="cprefix=ga-cosbench;containers=u(1,30);objects=u(11,30);sizes=c(1)GB" />

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/277#issuecomment-114415877.

[alebeta90]

<workstage name="init">
  <work type="init" workers="1" config="cprefix=ga-cosbench;containers=r(1,30)" />
</workstage>

<workstage name="prepare">
  <work type="prepare" workers="1" config="cprefix=ga-cosbench;containers=r(1,30);objects=r(1,30);sizes=c(64)KB" />
</workstage>

<workstage name="main">
  <work name="main" workers="8" runtime="30">
    <operation type="read" ratio="80" config="cprefix=ga-cosbench;containers=u(1,30);objects=u(1,30)" />
    <operation type="write" ratio="20" config="cprefix=ga-cosbench;containers=u(1,30);objects=u(11,30);sizes=c(1)GB" />

  </work>
</workstage>

<workstage name="cleanup">
  <work type="cleanup" workers="1" config="cprefix=ga-cosbench;containers=r(1,30);objects=r(1,30)" />
</workstage>

<workstage name="dispose">
  <work type="dispose" workers="1" config="cprefix=ga-cosbench;containers=r(1,30)" />
</workstage>

[alebeta90]

Hello Yaguang! I put the workload in pastebin, because for some reason here i cant paste all the workload, github like erease the section with the auth and storage label.

http://pastebin.com/Ay3d5g4x

thanks a lot! have a nice day

[ywang19]

I can’t access the pastebin ☹.

From: alebeta90 [mailto:[email protected]]
Sent: Wednesday, June 24, 2015 3:59 PM
To: intel-cloud/cosbench
Cc: Wang, Yaguang
Subject: Re: [cosbench] Cosbench dosen't works with selfi signed certificate (#277)

Hello Yaguang! I put the workload in pastebin, because for some reason here i cant paste all the workload, github like erease the section with the auth and storage label.

http://pastebin.com/Ay3d5g4x

thanks a lot! have a nice day

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/277#issuecomment-114772568.

[alebeta90]

and this one https://paste.fedoraproject.org/236085/43514147/ ??

[ywang19]

could u have a try on 0.4.2.c2? the 0.4.2.c1 has a bug which will break other than ceph.

[Ravi-Tripathi21]

I am facing the same issue with cosbench 0.4.1.0. Trying to configure it for S3 with https access. but its failing with below error-

2015-10-05 03:10:12,343 [ERROR] [S3Storage] - connection is created:id:78
2015-10-05 03:10:12,366 [INFO] [NoneStorage] - performing PUT at /mycontainers1
2015-10-05 03:10:16,704 [ERROR] [S3Storage] - ERROR:Unable to execute HTTP request: Connection to https://MYHOSTNAME refused.

My workload auth section is as below

auth - none
config - none
storage type="s3"
config=accesskey=MYKEY
secretkey=MYSECRETKEY
endpoint=https://MYHOSTNAME
path_style_access=true

I have to do in this format as the original format of the workload is getting uploaded here.

Please suggest.

[ywang19]

For the "peer not athenticated" error, one is to use http:// instead of https:// to choose http protocol if https is not your exepcted. or, if you really expect https, this link may help, the basic idea is you'd make self-signed certificate into JVM trust store before issuing requests.
http://stackoverflow.com/questions/12961570/sslpeerunverifiedexception-peer-not-authenticated

in short, the steps are:

1.Run the following command, replace $ADDRESS with the URL, minus the "https://":

echo -n | openssl s_client -connect $ADDRESS:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/$ADDRESS.cert

2.Run the following command, replace $ALIAS a short name for the key, $ADDRESS with the cert name from above, $PATH with the path to cacerts in your JRE.

sudo keytool -importcert -alias "$ALIAS" -file /tmp/$ADDRESS.cert -keystore $PATH/cacerts -storepass changeit