Installation

Trying to install an app via the REST API, why am I getting error "'NoneType' object has no attribute '_cafile'"?

gawbul
Explorer

I've started getting the following error when trying to install an app via the REST API:

<?xml version="1.0" encoding="UTF-8"?>
<response>
  <messages>
    <msg type="ERROR">
 In handler 'appinstall': 'NoneType' object has no attribute '_cafile'</msg>
  </messages>
</response>

The command I used is as follows (edited for privacy):

curl -1 -s -k -u admin:changeme https://localhost:8089/services/apps/appinstall -d name=http://local.repo/files/splunk_apps/sideview-utils-lgpl_135.tgz

This worked fine in Splunk version 6.2.0, but I noticed that versions 6.3.x+ (including the latest 6.4 version) started throwing this error. I haven't tested any other 6.2.x versions.

I seem to have tracked this down to the $SPLUNK_HOME/lib/python2.7/site-packages/splunk/appbuilder.py and $SPLUNK_HOME/lib/python2.7/site-packages/splunk/clilib/bundle_paths.py code. Specifically the installApp and install_from_url methods that contain an sslpol=None argument.

The following line calls sslpol._cafile without checking that sslpol isn't None?

lib/python2.7/site-packages/splunk/clilib/bundle_paths.py:260:            logger.debug("Verifying server cert: %s cafile: %s" % (req.get_full_url(), sslpol._cafile))

sslpol doesn't seem to be assigned anywhere?

[root@6f2de504bfa4 splunk]# grep -Rin --exclude=*.py? sslpol lib
lib/python2.7/site-packages/splunk/appbuilder.py:153:def installApp(location, force=False, sslpol=None):
lib/python2.7/site-packages/splunk/appbuilder.py:160:            return installer.install_from_url(req, force, sslpol)
lib/python2.7/site-packages/splunk/clilib/bundle_paths.py:254:    def install_from_url(self, req, force=False, sslpol=None):
lib/python2.7/site-packages/splunk/clilib/bundle_paths.py:260:            logger.debug("Verifying server cert: %s cafile: %s" % (req.get_full_url(), sslpol._cafile))
lib/python2.7/site-packages/splunk/clilib/bundle_paths.py:261:            self.validate_server_cert(req.get_full_url(), sslpol)
lib/python2.7/site-packages/splunk/clilib/bundle_paths.py:324:    def validate_server_cert(self, url, sslpol):
lib/python2.7/site-packages/splunk/clilib/bundle_paths.py:325:        validator = ServerCertValidator(sslpol)
lib/python2.7/site-packages/splunk/clilib/bundle_paths.py:851:class SSLPolicy:

UPDATE:

A bit of additional investigation shows where sslpol is defined:

etc/system/bin/appsmanager.py:82:        self._sslpol = bundle_paths.SSLPolicy()
etc/system/bin/appsmanager.py:112:                    self._sslpol._cafile = bundle_paths.expandvars(s["caCertFile"])
etc/system/bin/appsmanager.py:114:                    self._sslpol._sslCommonNameList = bundle_paths.expandvars(s["sslCommonNameList"])
etc/system/bin/appsmanager.py:116:                    self._sslpol._cipherSuite = bundle_paths.expandvars(s["cipherSuite"])
etc/system/bin/appsmanager.py:127:        if self._sslpol._cafile is None:
etc/system/bin/appsmanager.py:128:            logger.debug("applicationsManagement.caCertFile = %s" % str(self._sslpol._cafile))
etc/system/bin/appsmanager.py:129:        if self._sslpol._sslCommonNameList is None:
etc/system/bin/appsmanager.py:130:            logger.debug("applicationsManagement.sslCommonNameList = %s" % str(self._sslpol._sslCommonNameList))
etc/system/bin/appsmanager.py:131:        if self._sslpol._cipherSuite is None:
etc/system/bin/appsmanager.py:132:            logger.debug("applicationsManagement.cipherSuite = %s" % str(self._sslpol._cipherSuite))
etc/system/bin/appsmanager.py:149:            bundle_paths.BundleInstaller().validate_server_cert(self._login, self._sslpol)
etc/system/bin/appsmanager.py:260:            b, status = installer.install_from_url(req, sslpol=self._sslpol)
etc/system/bin/appsmanager.py:336:            bundle_paths.BundleInstaller().validate_server_cert(target_url, self._sslpol)

I'm assuming bundle_paths.expandvars(s["caCertFile"]) isn't expanding correctly?

I think perhaps this might be server config related, though the error message isn't particularly helpful. Any advice on configuration should be greatly appreciated!?

UPDATE 2:

If I install from a local file, this works fine, e.g.:

curl -1 -s -k -u admin:changeme https://localhost:8089/services/apps/appinstall -d 'name=/root/sideview-utils-lgpl_135.tgz'

This makes me believe it may be a bug, as opposed to config related?

UPDATE 3:

I turned on debug mode and get the following output in /opt/splunk/var/log/splunk/splunkd.log:

[root@fb8562ae3b7a splunk]# tail -F var/log/splunk/splunkd.log | grep cafile
05-25-2016 12:15:49.180 +0000 DEBUG AdminManagerExternal - Got back data: <eai_error><recognized>true</recognized><type><class 'splunk.admin.InternalException'></type><message>'NoneType' object has no attribute '_cafile'</message><stacktrace>Traceback (most recent call last):\n  File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 129, in init\n    hand.execute(info)\n  File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 589, in execute\n    if self.requestedAction == ACTION_CREATE:   self.handleCreate(confInfo)\n  File "/opt/splunk/etc/system/bin/appinstall.py", line 38, in handleCreate\n    bundle, status = appbuilder.installApp(location, force)\n  File "/opt/splunk/lib/python2.7/site-packages/splunk/appbuilder.py", line 170, in installApp\n    raise admin.InternalException(e)\nInternalException: 'NoneType' object has no attribute '_cafile'\n</stacktrace></eai_error>\n

05-25-2016 12:15:49.180 +0000 DEBUG AdminManagerExternal - Serialized error: name="<class 'splunk.admin.InternalException'>", msg="'NoneType' object has no attribute '_cafile'", stack="\nTraceback (most recent call last):\n  File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 129, in init\n    hand.execute(info)\n  File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 589, in execute\n    if self.requestedAction == ACTION_CREATE:   self.handleCreate(confInfo)\n  File "/opt/splunk/etc/system/bin/appinstall.py", line 38, in handleCreate\n    bundle, status = appbuilder.installApp(location, force)\n  File "/opt/splunk/lib/python2.7/site-packages/splunk/appbuilder.py", line 170, in installApp\n    raise admin.InternalException(e)\nInternalException: 'NoneType' object has no attribute '_cafile'\n".

05-25-2016 12:15:49.180 +0000 ERROR AdminManagerExternal - 'NoneType' object has no attribute '_cafile'

The problem seems to be here:

bundle, status = appbuilder.installApp(location, force)

It looks as though a call is being made to appbuilder.installAppat line 38 of /opt/splunk/etc/system/bin/appinstall.py with the arguments location and force, however this method also takes an sslpol argument, that defaults to None if not supplied. Line 160 of /opt/splunk/lib/python2.7/site-packages/splunk/appbuilder.py then calls installer.install_from_url(req, force, sslpol) with sslpol set to None.

def installApp(location, force=False, sslpol=None):
    installer = bundle_paths.BundleInstaller()
    location = location.strip()

    try:
        if location.startswith('http'):
            req = urllib2.Request(url=location)
            return installer.install_from_url(req, force, sslpol)
        else:
            return installer.install_from_tar(location, force)
    except splunk.ResourceNotFound, e:
        raise admin.ArgValidationException(e.msg)
    except splunk.RESTException, e:
        if e.statusCode == 409:
            raise admin.AlreadyExistsException(e.msg)
        raise admin.InternalException(e.msg)
    except Exception, e:
        raise admin.InternalException(e)

I tried changing to this:

bundle, status = appbuilder.installApp(location, force, bundle_paths.SSLPolicy())

Now the install from url works again! I'm not sure if this is the right fix or not, or whether something different should be handling /apps/appinstall in restmap.conf for example? I've submitted this as a support request to Splunk, and will update this post once I have more information from their engineers.

NB: The line numbers above may be different in different versions of Splunk (these are relevant to version 6.4.1).

Labels (1)
0 Karma

mchheda_splunk
Splunk Employee
Splunk Employee

Try using apps/local end point to upload your app using a URI. So, if I were you, considering the example you gave I would do something like this

curl -1 -s -k -u admin:changeme https://localhost:8089/services/apps/local -d name=http://local.repo/files/splunk_apps/sideview-utils-lgpl_135.tgz -d filename=true

the extra filename parameter is for stating that the URI is a file indeed.

I hope this helps.

0 Karma

jmallorquin
Builder

Hi,

Change the default admin password

Hope i help you

0 Karma

gawbul
Explorer

I downvoted this post because this doesn't answer my question!

0 Karma

gawbul
Explorer

That isn't my actual password! Hence:

The command I used is as follows (edited for privacy):

0 Karma
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...