Comments (2)
lizardslair
commented on September 21, 2024
I work with @swvjeff and just wanted to share our findings in the unique issue in case anyone else happens to have this same problem in the future.
I found that there are different distros of gsutil - one seems to be "standalone" and one shipped with the "google-cloud-sdk".
When the cloud version is invoked, it appears that it attempts to lookup "metadata.google.internal" to determine if the machine that is running the command is a part of Google's cloud infrastructure and on the network (hense the .intenral TLD would resolve to Google's internal IPs).
As a feature of DNS resolution, you can set a set of "search" domains that will be suffixed to any entry in the case the entry doesn't exist alone. For example, if your device is configured to search "testing.com".. and you try to lookup simply "db"... it will fall-back to looking up "db.testing.com" if the initial lookup failed. Similar if you try to look up "server1.db" ... it will finally try "server1.db.testing.com".
So in our case... we set up a wildcard cname for *.mydomain.com. Similarly, our "db" server has "mydomain.com" as a search domain by default.
Therefore, when the SDK version of gsutil was invoked, it attempted to resolve "metadata.google.internal" to see if it was on Google's internal network. Then the fall-back domain search was used in the lookup, which essentially became "metadata.google.internal.mydomain.com", and because of the wildcard "*.mydomain.com" it resolved to our primary website IP.
So, now gsutil tried connecting to the IP, which was our webserver that had an SSL certificate for "*.mydomain.com", which does not match the expected target of "metadata.google.internal" and threw a SSL connection exception.
So, we came up with two solutions:
-
Use the standalone version of
gsutilthat does not query for the ".internal" domain name to resolve. -
Update our machines' /etc/resolv.conf line for "search" domains to not include our primary domain name that now will answer to anything because of the wildcard entry (such as "a.b.c.d" would translate to "a.b.c.d.mydomain.com" which would resolve our website target IP)
from python-storage.
frankyn
commented on September 21, 2024
This should be filed against https://github.com/googlecloudplatform/gsutil/issues/
Closing as it's not part of this library.
from python-storage.
Related Issues (20)
- tests.system.test_bucket: test_blob_exists_hierarchy failed HOT 1
- tests.system.test_bucket: test_bucket_list_blobs_hierarchy_root_level failed
- tests.system.test_bucket: test_bucket_list_blobs_hierarchy_first_level failed
- tests.system.test_bucket: test_bucket_list_blobs_hierarchy_second_level failed
- tests.system.test_bucket: test_bucket_list_blobs_hierarchy_third_level failed
- tests.system.test_bucket: test_bucket_list_blobs_hierarchy_w_include_trailing_delimiter failed
- tests.system.test_bucket: test_bucket_list_blobs failed HOT 1
- tests.system.test_bucket: test_bucket_list_blobs_w_user_project failed
- tests.system.test_bucket: test_bucket_list_blobs_paginated failed HOT 1
- tests.system.test_bucket: test_bucket_list_blobs_paginated_w_offset failed HOT 1
- tests.system.test_transfer_manager: test_upload_many_skip_if_exists failed HOT 2
- tests.system.test_transfer_manager: test_upload_many_from_filenames_with_attributes failed HOT 1
- tests.system.test_transfer_manager: test_download_many failed HOT 1
- tests.system.test_transfer_manager: test_download_many_with_threads_and_file_objs failed HOT 1
- tests.system.test_bucket: test_ubla_set_unset_preserves_acls failed HOT 1
- tests.system.test_kms_integration: test_bucket_w_default_kms_key_name failed HOT 1
- Make it possible to update / add to the user-agent for an existing client object
- Micropi cannot install the package HOT 1
- OSError occurred while downloading files using transfer_manager.download_many_to_path HOT 6
- Warning: a recent release failed
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from python-storage.