-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Paolo,
Excellent, glad that fixed it for you.
Concerning StarCluster versions, there's no need to uninstall
StarCluster 0.92, simply running "easy_install StarCluster" should
install and use the new version.
In case you're interested, here's a little background on the boto https
certificate validation problem:
In reality https_validate_certificates *should* be True by default (even
without a boto user config) for improved security, however, certificate
validation in boto isn't as robust as it needs to be at the moment (see
https://github.com/boto/boto/pull/378#issuecomment-2511847). This is why
boto upstream has it set to False by default in order to avoid those
issues for now. To make matters worse, the cacerts.txt file needed for
validation was also left out of the boto 2.0 release by accident which
is directly causing the error you encountered. This file has been
restored in the latest 2.1.1 version of boto, however, I just tested and
certificate validation still fails:
InvalidCertificateException: Host ec2.amazonaws.com returned an invalid
certificate (remote hostname "ec2.amazonaws.com" does not match
certificate): {'notAfter': 'Oct 7 23:59:59 2013 GMT', 'subject':
((('countryName', u'US'),), (('stateOrProvinceName', u'Washington'),),
(('localityName', u'Seattle'),), (('organizationName', u'Amazon.com
Inc.'),), (('commonName', u'ec2.us-east-1.amazonaws.com'),))
According to
https://github.com/mbr/boto/commit/243f7184ce63670239c243d5db64c9782a67c0d0
this is due to:
"Note: Currently, there is an issue connecting to EC2 services using
boto with host name verification enabled. The client connecting will be
redirect, for example from ec2.amazonaws.com to
ec2.us-east-1.amazonaws.com. The python SSL library does not seem to
support the X509v3 Subject Alternative Name fields (even though the
documentation mentions a subjectAltName, this seems to be not of the
x509v3 kind) - verification with the openssl s_client shows that
ec2.us-east-1.amazonaws.com is indeed mentioned on the certificate.
The only solution at the moment seems to be trying to connect to the
host directly where the hostname is presented as the commonName. This
patch hopefully will tip more people in the right direction when they
are looking for errors."
~Justin
On 11/6/11 11:59 AM, Paolo Di Tommaso wrote:
> Hi Justin,
>
> Bingo! you are right. I've changed https_validate_certificates to false
in the ~/boto file and now it is working! Thanks.
>
> About the StarCluster version, I had the 0.92 release installed on my
machine before install the latest one.
>
> Do you suggest to remove it before installing the 0.92.1 version? Is
there a procedure to uninstall StarCluster? I haven't found it.
>
>
>
>
>
> Cheers,
> Paolo
>
>
>
>
> On Nov 6, 2011, at 5:41 PM, Justin Riley wrote:
>
>> Hi Paolo,
>>
>> I'm having trouble reproducing this issue on Mac OSX 10.6.8 using a
>> fresh virtual environment on Python 2.7.1. I noticed the screen output
>> you sent is for the latest 0.92.1 version, however, the crash reports
>> you sent are from version 0.92. Do you have the same issue with both
>> 0.92.1 and 0.92 versions on OSX Lion?
>>
>> Also, after a bit of research this error usually occurs if you have
>> https certificate validation enabled. Looking at the code for boto 2.0
>> (the current version of boto that StarCluster uses) it appears this can
>> *only* be enabled using a boto config file as far as I can tell
>> although I could be wrong.
>>
>> Do you by chance have either /etc/boto.cfg or $HOME/.boto config files
>> on your mac?
>>
>> ~Justin
>>
>> On Sun Nov 6 06:54:28 2011, Paolo Di Tommaso wrote:
>>> Hi Justin, Thanks for that.
>>>
>>> I've installed it on Mac OSX Lion (10.7.2) but I get the following
>>> error on start and listclusters (the only ones I've tried)
>>>
>>> $ starcluster start -c basic 2node
>>> StarCluster - (http://web.mit.edu/starcluster) (v. 0.92.1)
>>> Software Tools for Academics and Researchers (STAR)
>>> Please submit bug reports to starcluster_at_mit.edu
>>> <mailto:starcluster_at_mit.edu>
>>>
>>> !!! ERROR - Unable to connect: [Errno 185090050] _ssl.c:336:
>>> error:0B084002:x509 certificate
>>> routines:X509_load_cert_crl_file:system lib
>>> !!! ERROR - Check your internet connection?
>>>
>>>
>>> I've attached the crash reports.
>>>
>>>
>>> Thank,
>>> Paolo
>>>
>>
>>
>> _______________________________________________
>> StarCluster mailing list
>> StarCluster_at_mit.edu
>> http://mailman.mit.edu/mailman/listinfo/starcluster
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org/
iEYEARECAAYFAk62xRwACgkQ4llAkMfDcrlCHACeIR0JUUYHuGKx0PmXeHDblbEK
FpgAn3pPOtoPEdNUVipbmYB3iwqkbkGg
=BDg6
-----END PGP SIGNATURE-----
Received on Sun Nov 06 2011 - 12:34:24 EST