Installation

Trying to install an app via the REST API, why am I getting error "'NoneType' object has no attribute '_cafile'"?

gawbul
Explorer

I've started getting the following error when trying to install an app via the REST API:

<?xml version="1.0" encoding="UTF-8"?>
<response>
  <messages>
    <msg type="ERROR">
 In handler 'appinstall': 'NoneType' object has no attribute '_cafile'</msg>
  </messages>
</response>

The command I used is as follows (edited for privacy):

curl -1 -s -k -u admin:changeme https://localhost:8089/services/apps/appinstall -d name=http://local.repo/files/splunk_apps/sideview-utils-lgpl_135.tgz

This worked fine in Splunk version 6.2.0, but I noticed that versions 6.3.x+ (including the latest 6.4 version) started throwing this error. I haven't tested any other 6.2.x versions.

I seem to have tracked this down to the $SPLUNK_HOME/lib/python2.7/site-packages/splunk/appbuilder.py and $SPLUNK_HOME/lib/python2.7/site-packages/splunk/clilib/bundle_paths.py code. Specifically the installApp and install_from_url methods that contain an sslpol=None argument.

The following line calls sslpol._cafile without checking that sslpol isn't None?

lib/python2.7/site-packages/splunk/clilib/bundle_paths.py:260:            logger.debug("Verifying server cert: %s cafile: %s" % (req.get_full_url(), sslpol._cafile))

sslpol doesn't seem to be assigned anywhere?

[root@6f2de504bfa4 splunk]# grep -Rin --exclude=*.py? sslpol lib
lib/python2.7/site-packages/splunk/appbuilder.py:153:def installApp(location, force=False, sslpol=None):
lib/python2.7/site-packages/splunk/appbuilder.py:160:            return installer.install_from_url(req, force, sslpol)
lib/python2.7/site-packages/splunk/clilib/bundle_paths.py:254:    def install_from_url(self, req, force=False, sslpol=None):
lib/python2.7/site-packages/splunk/clilib/bundle_paths.py:260:            logger.debug("Verifying server cert: %s cafile: %s" % (req.get_full_url(), sslpol._cafile))
lib/python2.7/site-packages/splunk/clilib/bundle_paths.py:261:            self.validate_server_cert(req.get_full_url(), sslpol)
lib/python2.7/site-packages/splunk/clilib/bundle_paths.py:324:    def validate_server_cert(self, url, sslpol):
lib/python2.7/site-packages/splunk/clilib/bundle_paths.py:325:        validator = ServerCertValidator(sslpol)
lib/python2.7/site-packages/splunk/clilib/bundle_paths.py:851:class SSLPolicy:

UPDATE:

A bit of additional investigation shows where sslpol is defined:

etc/system/bin/appsmanager.py:82:        self._sslpol = bundle_paths.SSLPolicy()
etc/system/bin/appsmanager.py:112:                    self._sslpol._cafile = bundle_paths.expandvars(s["caCertFile"])
etc/system/bin/appsmanager.py:114:                    self._sslpol._sslCommonNameList = bundle_paths.expandvars(s["sslCommonNameList"])
etc/system/bin/appsmanager.py:116:                    self._sslpol._cipherSuite = bundle_paths.expandvars(s["cipherSuite"])
etc/system/bin/appsmanager.py:127:        if self._sslpol._cafile is None:
etc/system/bin/appsmanager.py:128:            logger.debug("applicationsManagement.caCertFile = %s" % str(self._sslpol._cafile))
etc/system/bin/appsmanager.py:129:        if self._sslpol._sslCommonNameList is None:
etc/system/bin/appsmanager.py:130:            logger.debug("applicationsManagement.sslCommonNameList = %s" % str(self._sslpol._sslCommonNameList))
etc/system/bin/appsmanager.py:131:        if self._sslpol._cipherSuite is None:
etc/system/bin/appsmanager.py:132:            logger.debug("applicationsManagement.cipherSuite = %s" % str(self._sslpol._cipherSuite))
etc/system/bin/appsmanager.py:149:            bundle_paths.BundleInstaller().validate_server_cert(self._login, self._sslpol)
etc/system/bin/appsmanager.py:260:            b, status = installer.install_from_url(req, sslpol=self._sslpol)
etc/system/bin/appsmanager.py:336:            bundle_paths.BundleInstaller().validate_server_cert(target_url, self._sslpol)

I'm assuming bundle_paths.expandvars(s["caCertFile"]) isn't expanding correctly?

I think perhaps this might be server config related, though the error message isn't particularly helpful. Any advice on configuration should be greatly appreciated!?

UPDATE 2:

If I install from a local file, this works fine, e.g.:

curl -1 -s -k -u admin:changeme https://localhost:8089/services/apps/appinstall -d 'name=/root/sideview-utils-lgpl_135.tgz'

This makes me believe it may be a bug, as opposed to config related?

UPDATE 3:

I turned on debug mode and get the following output in /opt/splunk/var/log/splunk/splunkd.log:

[root@fb8562ae3b7a splunk]# tail -F var/log/splunk/splunkd.log | grep cafile
05-25-2016 12:15:49.180 +0000 DEBUG AdminManagerExternal - Got back data: <eai_error><recognized>true</recognized><type><class 'splunk.admin.InternalException'></type><message>'NoneType' object has no attribute '_cafile'</message><stacktrace>Traceback (most recent call last):\n  File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 129, in init\n    hand.execute(info)\n  File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 589, in execute\n    if self.requestedAction == ACTION_CREATE:   self.handleCreate(confInfo)\n  File "/opt/splunk/etc/system/bin/appinstall.py", line 38, in handleCreate\n    bundle, status = appbuilder.installApp(location, force)\n  File "/opt/splunk/lib/python2.7/site-packages/splunk/appbuilder.py", line 170, in installApp\n    raise admin.InternalException(e)\nInternalException: 'NoneType' object has no attribute '_cafile'\n</stacktrace></eai_error>\n

05-25-2016 12:15:49.180 +0000 DEBUG AdminManagerExternal - Serialized error: name="<class 'splunk.admin.InternalException'>", msg="'NoneType' object has no attribute '_cafile'", stack="\nTraceback (most recent call last):\n  File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 129, in init\n    hand.execute(info)\n  File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 589, in execute\n    if self.requestedAction == ACTION_CREATE:   self.handleCreate(confInfo)\n  File "/opt/splunk/etc/system/bin/appinstall.py", line 38, in handleCreate\n    bundle, status = appbuilder.installApp(location, force)\n  File "/opt/splunk/lib/python2.7/site-packages/splunk/appbuilder.py", line 170, in installApp\n    raise admin.InternalException(e)\nInternalException: 'NoneType' object has no attribute '_cafile'\n".

05-25-2016 12:15:49.180 +0000 ERROR AdminManagerExternal - 'NoneType' object has no attribute '_cafile'

The problem seems to be here:

bundle, status = appbuilder.installApp(location, force)

It looks as though a call is being made to appbuilder.installAppat line 38 of /opt/splunk/etc/system/bin/appinstall.py with the arguments location and force, however this method also takes an sslpol argument, that defaults to None if not supplied. Line 160 of /opt/splunk/lib/python2.7/site-packages/splunk/appbuilder.py then calls installer.install_from_url(req, force, sslpol) with sslpol set to None.

def installApp(location, force=False, sslpol=None):
    installer = bundle_paths.BundleInstaller()
    location = location.strip()

    try:
        if location.startswith('http'):
            req = urllib2.Request(url=location)
            return installer.install_from_url(req, force, sslpol)
        else:
            return installer.install_from_tar(location, force)
    except splunk.ResourceNotFound, e:
        raise admin.ArgValidationException(e.msg)
    except splunk.RESTException, e:
        if e.statusCode == 409:
            raise admin.AlreadyExistsException(e.msg)
        raise admin.InternalException(e.msg)
    except Exception, e:
        raise admin.InternalException(e)

I tried changing to this:

bundle, status = appbuilder.installApp(location, force, bundle_paths.SSLPolicy())

Now the install from url works again! I'm not sure if this is the right fix or not, or whether something different should be handling /apps/appinstall in restmap.conf for example? I've submitted this as a support request to Splunk, and will update this post once I have more information from their engineers.

NB: The line numbers above may be different in different versions of Splunk (these are relevant to version 6.4.1).

Labels (1)
0 Karma

mchheda_splunk
Splunk Employee
Splunk Employee

Try using apps/local end point to upload your app using a URI. So, if I were you, considering the example you gave I would do something like this

curl -1 -s -k -u admin:changeme https://localhost:8089/services/apps/local -d name=http://local.repo/files/splunk_apps/sideview-utils-lgpl_135.tgz -d filename=true

the extra filename parameter is for stating that the URI is a file indeed.

I hope this helps.

0 Karma

jmallorquin
Builder

Hi,

Change the default admin password

Hope i help you

0 Karma

gawbul
Explorer

I downvoted this post because this doesn't answer my question!

0 Karma

gawbul
Explorer

That isn't my actual password! Hence:

The command I used is as follows (edited for privacy):

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...