google-cloud-platform sdk cloud terraform-provider-gcp

Installing Google Cloud SDK using Windows SSL error

I'm trying to install Google Cloud SDK on my company computer but it seems it is not working. I think it is something related to the firewall but I couldn't figure it out.

This is the error message. Do you have any clue?

I tried to disable the VPN but it didn't work. Also, I'm running the .exe with admin rights.

Output folder: C:\Program Files (x86)\Google\Cloud SDK
Downloading Google Cloud SDK core.
Extracting Google Cloud SDK core.
Create Google Cloud SDK bat file: C:\Program Files (x86)\Google\Cloud SDK\cloud_env.bat
Installing components.
Welcome to the Google Cloud SDK!
Beginning update. This process may take several minutes.
This will install all the core command line tools necessary for working with
the Google Cloud Platform.
Traceback (most recent call last):
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\third_party\urllib3\contrib\pyopenssl.py", line 488, in wrap_socket
    cnx.do_handshake()
  File "C:\Users\ADMINA~1\AppData\Local\Temp\tmpil4t_39u\python\lib\OpenSSL\SSL.py", line 1894, in do_handshake
    self._raise_ssl_error(self._ssl, result)
  File "C:\Users\ADMINA~1\AppData\Local\Temp\tmpil4t_39u\python\lib\OpenSSL\SSL.py", line 1632, in _raise_ssl_error
    _raise_current_error()
  File "C:\Users\ADMINA~1\AppData\Local\Temp\tmpil4t_39u\python\lib\OpenSSL\_util.py", line 57, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\third_party\urllib3\connectionpool.py", line 670, in urlopen
    httplib_response = self._make_request(
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\third_party\urllib3\connectionpool.py", line 381, in _make_request
    self._validate_conn(conn)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\third_party\urllib3\connectionpool.py", line 976, in _validate_conn
    conn.connect()
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\third_party\urllib3\connection.py", line 361, in connect
    self.sock = ssl_wrap_socket(
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\third_party\urllib3\util\ssl_.py", line 382, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\third_party\urllib3\contrib\pyopenssl.py", line 494, in wrap_socket
    raise ssl.SSLError("bad handshake: %r" % e)
ssl.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])",)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\third_party\requests\adapters.py", line 439, in send
    resp = conn.urlopen(
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\third_party\urllib3\connectionpool.py", line 724, in urlopen
    retries = retries.increment(
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\third_party\urllib3\util\retry.py", line 439, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='dl.google.com', port=443): Max retries exceeded with url: /dl/cloudsdk/channels/rapid/components-2.json (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\\bin\bootstrapping\install.py", line 308, in <module>
    main()
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\\bin\bootstrapping\install.py", line 285, in main
    Install(pargs.override_components, pargs.additional_components)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\\bin\bootstrapping\install.py", line 155, in Install
    InstallOrUpdateComponents(to_install, update=update)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\\bin\bootstrapping\install.py", line 197, in InstallOrUpdateComponents
    _CLI.Execute(
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\calliope\cli.py", line 1013, in Execute
    self._HandleAllErrors(exc, command_path_string, specified_arg_names)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\calliope\cli.py", line 1050, in _HandleAllErrors
    exceptions.HandleError(exc, command_path_string, self.__known_error_handler)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\calliope\exceptions.py", line 547, in HandleError
    core_exceptions.reraise(exc)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\core\exceptions.py", line 146, in reraise
    six.reraise(type(exc_value), exc_value, tb)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\third_party\six\__init__.py", line 693, in reraise
    raise value
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\calliope\cli.py", line 987, in Execute
    resources = calliope_command.Run(cli=self, args=args)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\calliope\backend.py", line 809, in Run
    resources = command_instance.Run(args)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\surface\components\update.py", line 124, in Run
    update_manager.Update(
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\core\updater\update_manager.py", line 946, in Update
    install_state, diff = self._GetStateAndDiff(
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\core\updater\update_manager.py", line 652, in _GetStateAndDiff
    latest_snapshot = self._GetLatestSnapshot(version=version,
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\core\updater\update_manager.py", line 635, in _GetLatestSnapshot
    return snapshots.ComponentSnapshot.FromURLs(
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\core\updater\snapshots.py", line 175, in FromURLs
    data = [
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\core\updater\snapshots.py", line 176, in <listcomp>
    (ComponentSnapshot._DictFromURL(
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\core\updater\snapshots.py", line 200, in _DictFromURL
    response = installers.MakeRequest(url, command_path)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\core\updater\installers.py", line 114, in MakeRequest
    return _RawRequest(url, headers=headers, timeout=timeout)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\core\updater\installers.py", line 162, in _RawRequest
    return retryer.RetryOnException(
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\core\util\retry.py", line 201, in RetryOnException
    exceptions.reraise(exc_info[1], tb=exc_info[2])
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\core\exceptions.py", line 146, in reraise
    six.reraise(type(exc_value), exc_value, tb)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\third_party\six\__init__.py", line 693, in reraise
    raise value
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\core\util\retry.py", line 182, in TryFunc
    return func(*args, **kwargs), None
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\core\updater\installers.py", line 192, in _ExecuteRequestAndRaiseExceptions
    response = requests_session.get(
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\third_party\requests\sessions.py", line 546, in get
    return self.request('GET', url, **kwargs)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\core\transport.py", line 251, in WrappedRequest
    response = orig_request(*modified_args, **modified_kwargs)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\googlecloudsdk\core\requests.py", line 216, in WrappedRequest
    return orig_request_method(*args, **kwargs)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\third_party\requests\sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\third_party\requests\sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\lib\third_party\requests\adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='dl.google.com', port=443): Max retries exceeded with url: /dl/cloudsdk/channels/rapid/components-2.json (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"

Formato de par metro incorrecto: activa: Failed to install.)))

Solution

The SLL error

Basically this can happen for at least 4 different reasons:

Using a self signed certificate for the resource you are accessing.
Your company intercepts and inspects HTTPS traffic thus adding its own certificates at the top of the certificate chain....
The Certificate Authority used to provision the certificate is not known by your operating system.
The Certificate Authority used to provision the certificate is not known by your programming language or framework.

Solution 1: Certificates

I tried to go down the road of capturing the certificate and try to force to load it on the environment from which I was executing the installation.....

That was a rabbit hole. But if you get it to work please let me know as I am interested...

Solution 2: Deactivate the verification

At the end, the easy solution for me was to ensure the the internal verification was disabled. I executed in a couple of minutes de code in debugging mode and found the file I wanted... sessions.py

To find it, if your installation path is:

C:\ProgramFiles\Google\SDK\

You'll have the file at:

C:\ProgramFiles\Google\SDK\google-cloud-sdk\lib\third_party\requests\sessions.py

Within that file, in lines 523-525 you'll find the verify culprit and you just need to update it to False:

        settings = self.merge_environment_settings(
            prep.url, proxies, stream, verify, cert
        )

Just change it to:

        settings = self.merge_environment_settings(
            prep.url, proxies, stream, False, cert
        )

And save. After that just execute in the prompt the install command. I was using the Anaconda prompt but any other with access to python should do.

$ cd C:\ProgramFiles\Google\SDK\google-cloud-sdk
$ install

Not the most elegant solution as the certificates didn't work, but it does the job.

Note:

You'll get some warning during the installation advising you to enable the certificate verification.... like the following:

#= Installing: gcloud cli dependencies                      =#
#C:\ProgramFiles\Google\SDK\google-cloud-sdk\lib\third_party\urllib3\connectionpool.py:979: InsecureRequestWarning: Unverified HTTPS request is being made to host 'dl.google.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  warnings.warn(
============================================================#