Quando inicio um LSBInitScript como um serviço, recebo um erro SSL porque meu script usa um certificado SSL para operar. O certificado está no mesmo diretório do script em si. Por que recebo o erro ao iniciar como serviço, mas quando chamado no console, não o faço?
Erro SSL ao iniciar o serviço:
ubuntu@ip-0-0-0-0:/heartbeat/deviceAPI$ sudo service deviceAPIClient.service start
* DeviceAPIClient process is not running
* Starting the process DeviceAPIClient Traceback (most recent call last):
File "/heartbeat/deviceAPI/DeviceAPIClient.py", line 120, in <module>
main()
File "/heartbeat/deviceAPI/DeviceAPIClient.py", line 90, in main
res = register(instanceName)
File "/heartbeat/deviceAPI/DeviceAPIClient.py", line 40, in register
verify = 'cloud-server-ca-chain.pem'
File "/usr/lib/python2.7/dist-packages/requests/api.py", line 88, in post
return request('post', url, data=data, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/api.py", line 44, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 455, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 558, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 385, in send
raise SSLError(e)
requests.exceptions.SSLError: [Errno 185090050] _ssl.c:344: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
Nenhum erro ao iniciar o script python no console:
ubuntu@ip-0-0-0-0:/heartbeat/deviceAPI$ /heartbeat/deviceAPI/DeviceAPIClient.py
Successful registering at cloud with 02-57-49-9c-d4
Using API endpoint https://mydomain
Update API endpoint (not used in Demo) https://mydomain.com/device-api
Sending Data to Cloud...
Atualizar
Como sugerido por @ mrc02_kr, coloquei o certificado cloud-server-ca-chain.pem
na pasta /etc/ssl/certs
. O erro foi alterado para um problema de chave privada '' SSL_CTX_use_PrivateKey_file ':
ubuntu@ip-0-0-0-0:/heartbeat/deviceAPI$ sudo service deviceAPIClient.service start
* DeviceAPIClient process is not running
* Starting the process DeviceAPIClient Traceback (most recent call last):
File "/heartbeat/deviceAPI/DeviceAPIClient.py", line 120, in <module>
main()
File "/heartbeat/deviceAPI/DeviceAPIClient.py", line 90, in main
res = register(instanceName)
File "/heartbeat/deviceAPI/DeviceAPIClient.py", line 40, in register
verify = '/etc/ssl/certs/cloud-server-ca-chain.pem'
File "/usr/lib/python2.7/dist-packages/requests/api.py", line 88, in post
return request('post', url, data=data, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/api.py", line 44, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 455, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 558, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 385, in send
raise SSLError(e)
requests.exceptions.SSLError: [Errno 336265218] _ssl.c:355: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib
Você precisa saber que o script usa uma chave privada para se identificar e o certificado do servidor em nuvem para identificar o servidor.
Eu preciso armazenar a chave privada em uma pasta especial também?
Atualização 2
A chave privada que posso instalar em /etc/ssl/private
e adaptar o script de acordo.