Discussion:
[vagrant-up] Private box repository and SSL
Nc Diesel
2018-10-24 18:36:45 UTC
Permalink
So my company wants to host their own boxes; all the while supporting
versioning. This turned out to be pretty simple, but I can not get
"vagrant box add" to work using a UR and I was hoping some of you folks
could help. The symptom is the download just hangs for about 80 seconds
and then dies. The error I get is

curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to
mymachine.mydomain:443

General info:

- Running Vagrant 2.2.0 on Windows 10 machine
- curl successfully puls the resources when invoked from the same power
sheel window immediately after the Vagrant failure
- My proxy's certificates were added to the end of cacert.pem in
Vagrants embedded sub-directory

Important part of debug log:

* Connected to proxy.mymachine.mydomain(<snip for privacy>) port 8080 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to mymachine.mydomain:443
CONNECT mymachine.mydomain:443 HTTP/1.1
Host: mymachine.mydomain:443
User-Agent: Vagrant/2.1.5 (+https://www.vagrantup.com; ruby2.4.4)
Proxy-Connection: Keep-Alive
< HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection:
ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: C:\HashiCorp\Vagrant\embedded\cacert.pem
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0

DEBUG subprocess: stderr: * CONNECT phase completed!
DEBUG subprocess: stderr: 0 0 0 0 0 0 0 0
--:--:-- 0:00:02 --:--:-- 0 0 0 0 0 0 0 0
0 --:--:-- 0:00:03 --:--:-- 0

this last line repeats, with no progress noted (except elapsed seconds of
course) until the error shows up.

Thanks for any assistance!!!
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.

GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/6c732bcc-3d89-4a60-85ec-96e9822ae1f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Alvaro Miranda Aguilera
2018-10-25 18:53:47 UTC
Permalink
hello.
you can setup a variable CURL_CA_BUNDLE that points to a CA Bundle that
include your cert.

how you are setting the custom server?

you can use this env var

VAGRANT_SERVER_URL

how are you calling vagrant box add ?

if you share more info, will be better to assist here.

thanks
alvaro
Post by Nc Diesel
So my company wants to host their own boxes; all the while supporting
versioning. This turned out to be pretty simple, but I can not get
"vagrant box add" to work using a UR and I was hoping some of you folks
could help. The symptom is the download just hangs for about 80 seconds
and then dies. The error I get is
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to
mymachine.mydomain:443
- Running Vagrant 2.2.0 on Windows 10 machine
- curl successfully puls the resources when invoked from the same
power sheel window immediately after the Vagrant failure
- My proxy's certificates were added to the end of cacert.pem in
Vagrants embedded sub-directory
* Connected to proxy.mymachine.mydomain(<snip for privacy>) port 8080 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to mymachine.mydomain:443
CONNECT mymachine.mydomain:443 HTTP/1.1
Host: mymachine.mydomain:443
User-Agent: Vagrant/2.1.5 (+https://www.vagrantup.com; ruby2.4.4)
Proxy-Connection: Keep-Alive
< HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: C:\HashiCorp\Vagrant\embedded\cacert.pem
CApath: none
} [5 bytes data]
} [512 bytes data]
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0
DEBUG subprocess: stderr: * CONNECT phase completed!
DEBUG subprocess: stderr: 0 0 0 0 0 0 0 0
--:--:-- 0:00:02 --:--:-- 0 0 0 0 0 0 0 0
0 --:--:-- 0:00:03 --:--:-- 0
this last line repeats, with no progress noted (except elapsed seconds of
course) until the error shows up.
Thanks for any assistance!!!
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in
violation of those guidelines may result in your removal from this mailing
list.
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an
To view this discussion on the web visit
https://groups.google.com/d/msgid/vagrant-up/6c732bcc-3d89-4a60-85ec-96e9822ae1f7%40googlegroups.com
<https://groups.google.com/d/msgid/vagrant-up/6c732bcc-3d89-4a60-85ec-96e9822ae1f7%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
Alvaro
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.

GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/CAHqq0eyc8bfaWSy64TGbOHEMEOBf8bMWWnLLa%3DR7qKqTbitCoA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Nc Diesel
2018-10-25 19:53:46 UTC
Permalink
Thanks Alvaro...

The display in my original post came from the command:

vagrant box add CSIDev/centos7 --debug -name
https://XXX.XXX.XXX/CSIDev/centos.json

Couple more notes:

If I run the command "vagrant box add CSIDev/centos7 --debug -name
*https://www.google.com*" the command works (downloads the google landing
page and then coughs up a hairball because it isn't a json/box file). So I
don't think the problem is the proxy.

I tried VAGRANT_SERVER_URL and CURL_CA_BUNDLE with no success.
I am using vagrant_proxyconf with the appropriate env variables defined
If I retrieve the json file using a browser all is good..

Here is the content of the json file:

{
"name": "CSIDev/centos7",
"description": "This box is the standard release development environment",
"versions": [{
"version": "0.4.0",
"providers": [{
"name": "virtualbox",
"url": "https://XXXX.XXXX.XXXX/CSIDevelopment-0.4.0.box",
"checksum_type": "sha256",
"checksum": "7d6b793259fa9aa780efb9f98be1b1761b1facd3494b07ca80ee4c4441d8617d"
}]
}]
}


Thanks again!

On Thursday, October 25, 2018 at 2:54:05 PM UTC-4, Alvaro Miranda Aguilera
Post by Alvaro Miranda Aguilera
hello.
you can setup a variable CURL_CA_BUNDLE that points to a CA Bundle that
include your cert.
how you are setting the custom server?
you can use this env var
VAGRANT_SERVER_URL
how are you calling vagrant box add ?
if you share more info, will be better to assist here.
thanks
alvaro
Post by Nc Diesel
So my company wants to host their own boxes; all the while supporting
versioning. This turned out to be pretty simple, but I can not get
"vagrant box add" to work using a UR and I was hoping some of you folks
could help. The symptom is the download just hangs for about 80 seconds
and then dies. The error I get is
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to
mymachine.mydomain:443
- Running Vagrant 2.2.0 on Windows 10 machine
- curl successfully puls the resources when invoked from the same
power sheel window immediately after the Vagrant failure
- My proxy's certificates were added to the end of cacert.pem in
Vagrants embedded sub-directory
* Connected to proxy.mymachine.mydomain(<snip for privacy>) port 8080 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to mymachine.mydomain:443
CONNECT mymachine.mydomain:443 HTTP/1.1
Host: mymachine.mydomain:443
User-Agent: Vagrant/2.1.5 (+https://www.vagrantup.com; ruby2.4.4)
Proxy-Connection: Keep-Alive
< HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: C:\HashiCorp\Vagrant\embedded\cacert.pem
CApath: none
} [5 bytes data]
} [512 bytes data]
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0
DEBUG subprocess: stderr: * CONNECT phase completed!
DEBUG subprocess: stderr: 0 0 0 0 0 0 0 0
--:--:-- 0:00:02 --:--:-- 0 0 0 0 0 0 0 0
0 --:--:-- 0:00:03 --:--:-- 0
this last line repeats, with no progress noted (except elapsed seconds of
course) until the error shows up.
Thanks for any assistance!!!
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in
violation of those guidelines may result in your removal from this mailing
list.
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups
"Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an
To view this discussion on the web visit
https://groups.google.com/d/msgid/vagrant-up/6c732bcc-3d89-4a60-85ec-96e9822ae1f7%40googlegroups.com
<https://groups.google.com/d/msgid/vagrant-up/6c732bcc-3d89-4a60-85ec-96e9822ae1f7%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
Alvaro
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.

GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/c42e9f09-951c-40b8-b69e-fc96b0008550%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Alvaro Miranda Aguilera
2018-10-25 20:08:13 UTC
Permalink
Hello.

This command:

vagrant box add CSIDev/centos7 --debug -name
https://XXX.XXX.XXX/CSIDev/centos.json
<https://xxx.xxx.xxx/CSIDev/centos.json>

I think should be


vagrant box add https://XXX.XXX.XXX/CSIDev/centos.json
<https://xxx.xxx.xxx/CSIDev/centos.json>

if this fails, can you send an email to alvaro at hashicorp.com with a full
debug log ?

thanks
alvaro

can you send
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.

GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/CAHqq0ew0f1M4fOigRXOVKjpZm4MWUhdW%3DKAZAYEZ5PW0m4SzSQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Nc Diesel
2018-10-25 20:46:11 UTC
Permalink
Thanks - the CLI indicated I had to have a name when when I used the
command you provided below:

$ vagrant box add https://ctmcsi.wellsfargo.com/CSIDev/centos.json
==> box: Box file was not detected as metadata. Adding it directly...
A name is required when adding a box file directly. Please pass
the `--name` parameter to `vagrant box add`. See
`vagrant box add -h` for more help.


So I simply added one with the --name switch:

vagrant box add https://ctmcsi.wellsfargo.com/CSIDev/centos.json --name test

and that leaves me right where I started from:

OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to
xxxxx.xxxxxxx.com:443

Thanks! I'll send that email now....


On Thursday, October 25, 2018 at 4:08:29 PM UTC-4, Alvaro Miranda Aguilera
Post by Alvaro Miranda Aguilera
Hello.
vagrant box add CSIDev/centos7 --debug -name
https://XXX.XXX.XXX/CSIDev/centos.json
<https://xxx.xxx.xxx/CSIDev/centos.json>
I think should be
vagrant box add https://XXX.XXX.XXX/CSIDev/centos.json
<https://xxx.xxx.xxx/CSIDev/centos.json>
if this fails, can you send an email to alvaro at hashicorp.com with a
full debug log ?
thanks
alvaro
can you send
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.

GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/cb207f4a-ddef-4c07-8578-422ced8266df%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Nc Diesel
2018-10-25 20:58:14 UTC
Permalink
Thanks - the CLI indicated I had to have a name when when I used the
command you provided below:

$ vagrant box add https://ctmcsi.wellsfargo.com/CSIDev/centos.json
==> box: Box file was not detected as metadata. Adding it directly...
A name is required when adding a box file directly. Please pass
the `--name` parameter to `vagrant box add`. See
`vagrant box add -h` for more help.


So I simply added one with the --name switch:

vagrant box add https://xxx.xxx.xxx
<https://ctmcsi.wellsfargo.com/CSIDev/centos.json>/CSIDev/centos.json
<https://ctmcsi.wellsfargo.com/CSIDev/centos.json> --name test

and that leaves me right where I started from:

OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to
xxxxx.xxxxxxx.com:443
<http://www.google.com/url?q=http%3A%2F%2Fxxxxx.xxxxxxx.com%3A443&sa=D&sntz=1&usg=AFQjCNH-gtiuwL-gkwlSlngPs-XO7sRvsA>

Thanks! I'll send that email now....

On Thursday, October 25, 2018 at 4:08:29 PM UTC-4, Alvaro Miranda Aguilera
Post by Alvaro Miranda Aguilera
Hello.
vagrant box add CSIDev/centos7 --debug -name
https://XXX.XXX.XXX/CSIDev/centos.json
<https://xxx.xxx.xxx/CSIDev/centos.json>
I think should be
vagrant box add https://XXX.XXX.XXX/CSIDev/centos.json
<https://xxx.xxx.xxx/CSIDev/centos.json>
if this fails, can you send an email to alvaro at hashicorp.com with a
full debug log ?
thanks
alvaro
can you send
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.

GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/94479c30-566f-4153-9862-850726419db6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Nc Diesel
2018-10-25 20:59:03 UTC
Permalink
Thanks - the CLI indicated I had to have a name when when I used the
command you provided below:

$ vagrant box add https://xxx.xxx.xxx/CSIDev/centos.json
<https://ctmcsi.wellsfargo.com/CSIDev/centos.json>
==> box: Box file was not detected as metadata. Adding it directly...
A name is required when adding a box file directly. Please pass
the `--name` parameter to `vagrant box add`. See
`vagrant box add -h` for more help.


So I simply added one with the --name switch:

vagrant box add https://xxx.xxx.xxx/CSIDev/centos.json
<https://ctmcsi.wellsfargo.com/CSIDev/centos.json> --name test

and that leaves me right where I started from:

OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to
xxxxx.xxxxxxx.com:443
<http://www.google.com/url?q=http%3A%2F%2Fxxxxx.xxxxxxx.com%3A443&sa=D&sntz=1&usg=AFQjCNH-gtiuwL-gkwlSlngPs-XO7sRvsA>

Thanks! I'll send that email now....

On Thursday, October 25, 2018 at 4:08:29 PM UTC-4, Alvaro Miranda Aguilera
Post by Alvaro Miranda Aguilera
Hello.
vagrant box add CSIDev/centos7 --debug -name
https://XXX.XXX.XXX/CSIDev/centos.json
<https://xxx.xxx.xxx/CSIDev/centos.json>
I think should be
vagrant box add https://XXX.XXX.XXX/CSIDev/centos.json
<https://xxx.xxx.xxx/CSIDev/centos.json>
if this fails, can you send an email to alvaro at hashicorp.com with a
full debug log ?
thanks
alvaro
can you send
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.

GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/8177b4e1-3c0b-494d-96bc-a06ce5cd1d47%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Nc Diesel
2018-10-26 14:30:07 UTC
Permalink
Thanks to Alvaro's help, I was able to finally track down the issue.
Windows, and all related programs and utilities such as browsers,
Powershell, etc knew that my server was not behind the proxy(not sure how -
there are no ENV variables set such as no_proxy). Programs unrelated to
Windows, such as the curl executables that come with Vagrant do not have
access to this inside knowledge and therefore tried to use the proxy to
reach my internal server. This was the root cause and setting "no_proxy"
for this server fixed it.

Thanks Alvaro!
Post by Nc Diesel
So my company wants to host their own boxes; all the while supporting
versioning. This turned out to be pretty simple, but I can not get
"vagrant box add" to work using a UR and I was hoping some of you folks
could help. The symptom is the download just hangs for about 80 seconds
and then dies. The error I get is
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to
mymachine.mydomain:443
- Running Vagrant 2.2.0 on Windows 10 machine
- curl successfully puls the resources when invoked from the same
power sheel window immediately after the Vagrant failure
- My proxy's certificates were added to the end of cacert.pem in
Vagrants embedded sub-directory
* Connected to proxy.mymachine.mydomain(<snip for privacy>) port 8080 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to mymachine.mydomain:443
CONNECT mymachine.mydomain:443 HTTP/1.1
Host: mymachine.mydomain:443
User-Agent: Vagrant/2.1.5 (+https://www.vagrantup.com; ruby2.4.4)
Proxy-Connection: Keep-Alive
< HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: C:\HashiCorp\Vagrant\embedded\cacert.pem
CApath: none
} [5 bytes data]
} [512 bytes data]
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0
DEBUG subprocess: stderr: * CONNECT phase completed!
DEBUG subprocess: stderr: 0 0 0 0 0 0 0 0
--:--:-- 0:00:02 --:--:-- 0 0 0 0 0 0 0 0
0 --:--:-- 0:00:03 --:--:-- 0
this last line repeats, with no progress noted (except elapsed seconds of
course) until the error shows up.
Thanks for any assistance!!!
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.

GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/534dc639-f800-41a9-ac02-562ef574e0dc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...