Making the certificate globally-available on the host may not always be permissible. If I were you, I'd write/suggest a modification to the plugin to make the CA path (CURLOPT_CAPATH) and verification itself (CURLOPT_SSL_VERIFYPEER) configurable in Slurm. They are both straightforward options in the CURL API (a char* and an int, respectively) that could be set directly from parsed Slurm config options. Many other SSL CURL options would be just as easy (revocation path, etc.).
> On Aug 14, 2020, at 08:55 , Stefan Staeglich > <staeg...@informatik.uni-freiburg.de> wrote: > > Hi, > > all except of /etc/ssl/certs/ca-certificates.crt is ignored. So I've copied > it > to /usr/local/share/ca-certificates/ and run update-ca-certificates. > > Now it's working :) > > Best, > Stefan > > Am Freitag, 14. August 2020, 11:42:04 CEST schrieb Stefan Staeglich: >> Hi, >> >> I try to setup the acct_gather plugin ProfileInfluxDB. Unfortunately our >> influxdb server has a self-signed certificate only: >> [2020-08-14T09:54:30.007] [46.0] error: acct_gather_profile/influxdb >> _send_data: curl_easy_perform failed to send data (discarded). Reason: SSL >> peer certificate or SSH remote key was not OK >> >> I've copied the certificate to /etc/ssl/certs/ but this doesn't help. But >> his command is working: >> curl 'https://influxdb-server.privat:8086' --cacert /etc/ssl/certs/ >> influxdb.crt >> >> Has someone a solution for this issue? >> >> Best, >> Stefan > > > -- > Stefan Stäglich, Universität Freiburg, Institut für Informatik > Georges-Köhler-Allee, Geb.74, 79110 Freiburg, Germany > > E-Mail : staeg...@informatik.uni-freiburg.de > WWW : ml.informatik.uni-freiburg.de > Telefon: +49 761 203-54216 > Fax : +49 761 203-74217 > > > >
