Is there a config setting or environmental variable for `lak lakeFS #help

Is there a config setting or environmental variabl...

Thomas Vander Wal

05/12/2021, 7:17 PM

Is there a config setting or environmental variable for

lakectl

to use a custom SSL certificate? When I use an insecure route the cli works fine but when I secure it with our SSL certificate I get the following error.

Copy code

❯ lakectl branch list <lakefs://repo/|lakefs://repo/>
Error executing command: Get "<https://secure-route/api/v1/repositories/repo/branches?after=&amount=100|https://secure-route/api/v1/repositories/repo/branches?after=&amount=100>": x509: certificate signed by unknown authority

Barak Amar

05/12/2021, 7:19 PM

Hi Tomas, checking

Barak Amar

05/12/2021, 7:21 PM

it should use the same env variables that openssl uses - SSL_CERT_FILE worked for you on the server, right?

Thomas Vander Wal

05/12/2021, 7:21 PM

Thanks Barak If it helps here is the output when I use the non TLS route.

Copy code

❯ lakectl branch list <lakefs://repo/|lakefs://repo/>
+--------+------------------------------------------------------------------+
| BRANCH | COMMIT ID                                                        |
+--------+------------------------------------------------------------------+
| main   | 82a967204bcbbf819302876bac2bd3d9cd1fb1becf65d0b1200ae4ed27222670 |
+--------+------------------------------------------------------------------+

Thomas Vander Wal

05/12/2021, 7:26 PM

Hmm I already have that one set for tools like

kubectl

which seems to use it fine.

Barak Amar

05/12/2021, 7:27 PM

the lakectl you use this the one downloaded from github or the one found inside the lakefs docker container?

Thomas Vander Wal

05/12/2021, 7:30 PM

This is version

0.40.3

downloaded from GitHub

Barak Amar

05/12/2021, 7:32 PM

lakectl uses Go runtime that should support these variables. which platform do you use - I want to send you a different binary

Thomas Vander Wal

05/12/2021, 7:37 PM

I’m on macOS. Also I was able to curl that same url so the cert is correct.

Copy code

❯ env | grep lm_ca
PIP_CERT=/Users/me/certs/lm_ca.pem
CURL_CA_BUNDLE=/Users/me/certs/lm_ca.pem
LM_CERT_PATH=/Users/me/certs/lm_ca.pem
REQUESTS_CA_BUNDLE=/me/e379822/certs/lm_ca.pem
SSL_CERTS_FILE=/Users/me/certs/lm_ca.pem
AWS_CA_BUNDLE=/Users/me/certs/lm_ca.pem
PGO_CA_CERT=/Users/me/certs/lm_ca.pem
SSL_CERT_FILE=/Users/me/certs/lm_ca.pem

❯ curl "<https://AKIAJVQCBG3J6X5HPW2Q:redacted@secure-route/api/v1/repositories/repo/branches?after=&amount=100|https://AKIAJVQCBG3J6X5HPW2Q:redacted@secure-route/api/v1/repositories/repo/branches?after=&amount=100>"
{"pagination":{"has_more":false,"max_per_page":1000,"next_offset":"","results":1},"results":[{"commit_id":"82a967204bcbbf819302876bac2bd3d9cd1fb1becf65d0b1200ae4ed27222670","id":"main"}]}

Barak Amar

05/12/2021, 7:39 PM

lakectl.zip

Barak Amar

05/12/2021, 7:46 PM

ok, I see the go runtime code - looks like it supports the name location

Barak Amar

05/12/2021, 7:46 PM

which is the keychain

Barak Amar

05/12/2021, 7:47 PM

can you open

Keychain Access

and drag the certificate into

Certificates

Barak Amar

05/12/2021, 7:48 PM

locate the certificate and change when using the certificate to

Always Trust

Thomas Vander Wal

05/12/2021, 7:53 PM

Thanks Barak that did the trick!

✅ 1

7 Views

Open in Slack

Previous Next