Symptoms

Since the latest python-libs package update (2.7.5-58.el7) its behavior about untrusted certificates has been changed (link) :

Note: The Python standard library was updated to enable certificate verification by default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219110)
https://access.redhat.com/articles/2039753

i.e. it now check if certificate is trusted by default. As a result, the following errors appear on attempt to work with Billing API or APS API methods via Python (API interfaces with SSL enabled):

Stdout: Traceback (most recent call last):
File "/usr/local/bm/tools_py/connect_to_poa.py", line 148, in <module>
update_pemgate(api_ip, api_port, o.is_ssl_enabled, o.api_login, o.api_passwd)
File "/usr/local/bm/tools_py/connect_to_poa.py", line 73, in update_pemgate
api.PEMGATE.PEMOptionsUpdate(api_ip, api_port, 6, 1)
File "/usr/lib/python2.7/site-packages/poaupdater/pbaapi.py", line 81, in __call__
return self.server.api(self.server.name, self.name, *args)
...
File "/usr/lib64/python2.7/ssl.py", line 833, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)

Cause

This behavior has been reported to Odin Development team as request #POA-112708: "Upgrade failed if MN on RHEL7 (not CentOS) with Python < 2.7.9".

Resolution

Please contact Technical Account Manager or pta@odin.com to trace the status of the request.

In order to workaround the issue disable certificate verification in /etc/python/cert-verification.cfg configuration file by specifying the following line:

[https] 
verify=disable

Internal content