ERROR – ‘NoneType’ object has no attribute ‘_x509’

The VCAV installation involves a few configurations steps where you may run into a strange error which goes like the below trace , highlighted blue .

 

OpenSSL.SSL.Error: [(‘SSL routines’, ‘SSL3_GET_RECORD’, ‘wrong version number’)]
ERROR – ‘NoneType’ object has no attribute ‘_x509’
Traceback (most recent call last):
File “/opt/vmware/vcav-installer/pyvcav/agents/__init__.py”, line 53, in handle
return command.handle()
File “/opt/vmware/vcav-installer/pyvcav/commands/__init__.py”, line 236, in handle
self._validate()
File “/opt/vmware/vcav-installer/pyvcav/commands/hcs.py”, line 139, in _validate
if self.amqp.is_trusted() is False:
File “/opt/vmware/vcav-installer/pyvcav/endpoints/amqp.py”, line 33, in is_trusted
tp = TrustedThumbprint(self.address, self.port, self.get_thumbprint())
File “/opt/vmware/vcav-installer/pyvcav/endpoints/amqp.py”, line 42, in get_thumbprint
cert = self.get_certificate()
File “/opt/vmware/vcav-installer/pyvcav/endpoints/amqp.py”, line 39, in get_certificate
return pyvcav.getCertificate(self.address, self.port)
File “/opt/vmware/vcav-installer/pyvcav/__init__.py”, line 264, in getCertificate
binary_pem = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
File “/usr/lib/python3.4/site-packages/OpenSSL/crypto.py”, line 1680, in dump_certificate
result_code = _lib.PEM_write_bio_X509(bio, cert._x509)
AttributeError: ‘NoneType’ object has no attribute ‘_x509’
INFO – RC: 1

 

This error doesn’t mean the certificate has an error.  It  means the code never got the certificate.  This is a secondary error and not the primary cause.  You should turn on the –debug option, and attempt to determine the root cause.  The –debug command should show the original cause.

 

Sample Execution – HCS configure with Non SSL RABBIT PORT 5672

vcloud_availability:~ # vcav hcs configure –hcs-address=192.168.100.162 –amqp-password-file=~/.ssh/.amqp –cassandra-replication-factor=1 –vcd-address=192.168.100.142 –vcd-user=administrator@SYSTEM –vcd-password-file=~/.ssh/.vcd –sso-user=administrator@vsphere.local –sso-password-file=~/.ssh/.sso -d
INFO – Run /opt/vmware/bin/vcav hcs configure –hcs-address=192.168.100.162 –amqp-password-file=~/.ssh/.amqp –cassandra-replication-factor=1 –vcd-address=192.168.100.142 –vcd-user=administrator@SYSTEM –vcd-password-file=~/.ssh/.vcd –sso-user=administrator@vsphere.local –sso-password-file=~/.ssh/.sso –d

DEBUG – Check for ovftool in /sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/games:/usr/java/jre-vmware/bin:/opt/vmware/bin
INFO – Run `which ovftool`
DEBUG – Build a command for `hcs configure`
DEBUG – Get SSLv23 certificate for 192.168.100.142:443
DEBUG – Get SSLv23 certificate for 192.168.100.142:443
DEBUG – Starting new HTTPS connection (1): 192.168.100.142
DEBUG – https://192.168.100.142:443 “GET /api/versions HTTP/1.1” 200 None
DEBUG – https://192.168.100.142:443 “POST /api/sessions HTTP/1.1” 200 1415
INFO – Run `None` on 192.168.100.162
INFO – Run `ovfenv | grep deployment_scenario` on 192.168.100.162
DEBUG – RC: 0
DEBUG – STDOUT:
DEBUG – [deployment_scenario]=VRCS
DEBUG – STDERR:
DEBUG –
INFO – Run `test -f ~/.vcav.configured` on 192.168.100.162
DEBUG – RC: 1
DEBUG – STDOUT:
DEBUG –
DEBUG – STDERR:
DEBUG –
DEBUG – Get SSLv23 certificate for 192.168.100.142:443
DEBUG – https://192.168.100.142:443 “GET /api/admin HTTP/1.1” 200 3985
DEBUG – https://192.168.100.142:443 “GET /api/admin/org/a93c9db9-7471-3192-8d09-a8f7eeda85f9 HTTP/1.1” 200 2948
DEBUG – https://192.168.100.142:443 “GET /api/admin/org/a93c9db9-7471-3192-8d09-a8f7eeda85f9/settings/federation HTTP/1.1” 200 1774
DEBUG – Get SSLv23 certificate for resource-psc.corp.local:443
DEBUG – https://192.168.100.142:443 “GET /api/admin/extension/settings/amqp HTTP/1.1” 200 505
DEBUG – Get SSLv23 certificate for 192.168.100.154:5672

 

Here the issue is that Rabbit MQ listens on port 5672 for Non SSL and on port 5671 for SSL and there is no certificate received at 5671

 

root@jump ~]# openssl s_client -connect 192.168.100.154:5672
CONNECTED(00000003)
140492704577440:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:769:

no peer certificate available

No client certificate CA names sent

SSL handshake has read 7 bytes and written 247 bytes

A Valid connection looks like below

[root@jump ~]# openssl s_client -connect 192.168.100.154:5671
CONNECTED(00000003)
depth=1 CN = DR2CCA
verify error:num=19:self signed certificate in certificate chain
verify return:0


Certificate chain
0 s:/CN=rmq.easpnet.inc/O=server
i:/CN=DR2CCA
1 s:/CN=DR2CCA
i:/CN=DR2CCA

Server certificate

Sri

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s