Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please add support for self signed certificates in Aqua integration (ssl_verify: false) #1286

Open
makrauz opened this issue Apr 26, 2022 · 3 comments
Open

Please add support for self signed certificates in Aqua integration (ssl_verify: false) #1286

makrauz opened this issue Apr 26, 2022 · 3 comments

Comments

@makrauz
Copy link

makrauz commented Apr 26, 2022

Output of the info page

Agent (v7.32.2)
Status date: 2022-04-25 20:31:50.601 UTC (1650918710601)
Agent start: 2022-04-25 19:25:15.476 UTC (1650914715476)
Pid: 1
Go Version: go1.16.7
Python Version: 3.8.11
Build arch: amd64
Agent flavor: agent
Check Runners: 4
Log Level: INFO

Paths
Config File: /etc/datadog-agent/datadog.yaml
conf.d: /etc/datadog-agent/conf.d
checks.d: /etc/datadog-agent/checks.d
Clocks
NTP offset: -1.624ms
System time: 2022-04-25 20:31:50.601 UTC (1650918710601)
Host Info
bootTime: 2022-04-22 14:53:13 UTC (1650639193000)
kernelArch: x86_64
kernelVersion: 5.4.0-1062-azure
os: linux
platform: ubuntu
platformFamily: debian
platformVersion: 21.04
procs: 197
uptime: 76h32m5s
=========
Collector
Running Checks
aqua (1.0.0)
------------
  Instance ID: aqua:c4d59678e70b91da [OK]
  Configuration Source: file:/etc/datadog-agent/conf.d/aqua.yaml
  Total Runs: 265
  Metric Samples: Last Run: 0, Total: 0
  Events: Last Run: 0, Total: 0
  Service Checks: Last Run: 1, Total: 265
  Average Execution Time : 62ms
  Last Execution Date : 2022-04-25 20:31:40 UTC (1650918700000)
  Last Successful Execution Date : 2022-04-25 20:31:40 UTC (1650918700000)

Additional environment details (Operating System, Cloud provider, etc):
Datadog agent with Aqua integration enabled in AKS
The cluster is hosting Aqua agent and Istio

Yaml config:

aqua.yaml: |-
cluster_check: true
init_config:
instances:
- url: https://aqua-web.dev.domain.com/
ssl_verify: false
port: 443
api_user: aquauser
password:

Steps to reproduce the issue:

  1. Enable aqua integration as per documentation
  2. Deploy Datadog Agent to AKS cluster
  3. Verify if integration is connecting to Aqua

Describe the results you received:

Error when initializing agent:
2022-04-25 20:25:10 UTC | CORE | ERROR | (pkg/collector/python/datadog_agent.go:122 in LogMessage) | aqua:c4d59678e70b91da | (aqua.py:52) | Failed to get Aqua token, skipping check. Error: HTTPSConnectionPool(host='aqua-web.dev.domain.com', port=443): Max retries exceeded with url: /api/v1/login (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1131)')))

Describe the results you expected:

Self signed certificate is accepted/not verified

Additional information you deem important (e.g. issue happens only occasionally):
@hithwen
Copy link
Contributor

hithwen commented Apr 27, 2022

Hallo, can you contact support about this issue?

@hithwen hithwen closed this as completed Apr 27, 2022
@makrauz
Copy link
Author

makrauz commented Apr 27, 2022

Already did contact support. They said it is a community developed integration.

@aamilev94 aamilev94 reopened this May 11, 2022
@aamilev94
Copy link

@hithwen We have exhausted options form Datadog support side. The integration does not appear to support the tls_verify parameter hence why we cannot get past the SSL Verification error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hithwen @makrauz @aamilev94