connection operation time out when testing simian authentication

[周扬]

I follow the project wiki(https://github.com/google/simian/wiki/AdminSetup) to set up simian, after complete packaging a deplorable client and install on my client, i run command following to test authentication:

sudo /usr/local/munki/preflight --debug...

and get error message:

/usr/local/munki/simian/lib/python2.6/site-packages/simian-2.4-py2.6.egg/simian/client/gae_client.zip/google/appengine/tools/dev_appserver_login.py:33: DeprecationWarning: the md5 module is deprecated; use hashlib instead

/usr/local/munki/simian/lib/python2.6/site-packages/tlslite-0.3.8-py2.6.egg/tlslite/utils/cryptomath.py:9: DeprecationWarning: the sha module is deprecated; use the hashlib module instead

DEBUG:root:SimianClient.__init__(https://simianshanghaitech.appspot.com [default=False], 443, True)

DEBUG:root:LoadHost(https://simianshanghaitech.appspot.com, 443)

DEBUG:root:LoadHost(): hostname = simianshanghaitech.appspot.com, port = None, use_https = True

DEBUG:root:_LoadRootCertChain()

DEBUG:root:_Get(root_ca_cert_chain_pem_path)

DEBUG:root:_GetExternalValue(root_ca_cert_chain_pem_path)

DEBUG:root:_GetExternalConfiguration(settings)

WARNING:root:Root CA Cert Chain was EMPTY!

DEBUG:root:GetSystemRootCACertChain: Executing ['/usr/bin/security', 'find-certificate', '-a', '-p', '/System/Library/Keychains/SystemRootCertificates.keychain']

DEBUG:root:GetSystemRootCACertChain: returning 323284 bytes

DEBUG:root:LoadCaParameters

DEBUG:root:_Get(ca_id)

DEBUG:root:_GetExternalValue(ca_id)

DEBUG:root:_GetExternalConfiguration(settings)

DEBUG:root:_Get(ca_public_cert_pem)

DEBUG:root:_GetExternalPem(ca_public_cert_pem)

DEBUG:root:_GetExternalConfiguration(ca_public_cert.pem)

DEBUG:root:_Get(server_public_cert_pem)

DEBUG:root:_GetExternalPem(server_public_cert_pem)

DEBUG:root:_GetExternalConfiguration(server_public_cert.pem)

DEBUG:root:_Get(required_issuer)

DEBUG:root:_GetExternalValue(required_issuer)

DEBUG:root:Loaded ca_params

DEBUG:root:_Get(ca_public_cert_pem)

DEBUG:root:_GetExternalPem(ca_public_cert_pem)

DEBUG:root:_Get(server_public_cert_pem)

DEBUG:root:_GetExternalPem(server_public_cert_pem)

DEBUG:root:_Get(required_issuer)

DEBUG:root:_GetExternalValue(required_issuer)

DEBUG:root:Loaded default_ca_params

DEBUG:root:SimianAuthClient._GetPuppetSslDetails

INFO:root:GetFacter: facter cache file does not exist.

DEBUG:root:Certname from facter: "None"

WARNING:root:Certname was not found in facter!

DEBUG:root:_GetPuppetSslDetails(None.pem)

DEBUG:root:_ValidatePuppetSslCert: required_issuer C=CN,ST=ShangHai,L=ShangHai,O=shanghaitech,OU=SIST,CN=zhouyang,emailAddress=****

DEBUG:root:_ValidatePuppetSslCert: default_required_issuer C=CN,ST=ShangHai,L=ShangHai,O=shanghaitech,OU=SIST,CN=zhouyang,emailAddress=*****

DEBUG:root:Skipped cert None.pem, IO Error [Errno 2] No such file or directory: '/etc/simian/ssl/certs/None.pem'

ERROR:root:Failed to harvest Puppet SSL cert facter specified.

DEBUG:root:_GetNewestPuppetSslCert found certs C17N3Z2YG085.pem

DEBUG:root:_ValidatePuppetSslCert: required_issuer C=CN,ST=ShangHai,L=ShangHai,O=shanghaitech,OU=SIST,CN=zhouyang,emailAddress=****

DEBUG:root:_ValidatePuppetSslCert: default_required_issuer C=CN,ST=ShangHai,L=ShangHai,O=shanghaitech,OU=SIST,CN=zhouyang,emailAddress=****

DEBUG:root:_ValidatePuppetSslCert: /etc/simian/ssl/certs/C17N3Z2YG085.pem

DEBUG:root:Looking at issuer C=CN,ST=ShangHai,L=ShangHai,O=shanghaitech,OU=SIST,CN=zhouyang,emailAddress=****

DEBUG:root:_GetPuppetSslDetails found cert C17N3Z2YG085.pem with timestamp 1441782668.0

DEBUG:root:_GetPuppetSslDetails priv should be /etc/simian/ssl/private_keys/C17N3Z2YG085.pem

DEBUG:root:_Get(ca_id)

DEBUG:root:_GetExternalValue(ca_id)

DEBUG:root:_GetExternalConfiguration(settings)

DEBUG:root:_Get(ca_public_cert_pem)

DEBUG:root:_GetExternalPem(ca_public_cert_pem)

DEBUG:root:_Get(server_public_cert_pem)

DEBUG:root:_GetExternalPem(server_public_cert_pem)

DEBUG:root:_Get(required_issuer)

DEBUG:root:_GetExternalValue(required_issuer)

DEBUG:root:Do(POST, /auth) try #1

DEBUG:root:Connecting to https://simianshanghaitech.appspot.com:None

DEBUG:root:Loaded 323284 bytes of CA cert chain and configured ctx

DEBUG:root:SSL configuring with context

DEBUG:root:SSL connect(('simianshanghaitech.appspot.com', 443))

Traceback (most recent call last):

  File "/usr/local/munki/simian_client.py", line 87, in <module>

    sys.exit(main(sys.argv[1:]))

  File "/usr/local/munki/simian_client.py", line 73, in main

    preflight.RunPreflight(runtype, server_url=server_url)

  File "/usr/local/munki/simian/lib/python2.6/site-packages/simian-2.4-py2.6.egg/simian/mac/client/preflight.py", line 431, in RunPreflight

    secure_config, client_id, user_settings, client_exit)

  File "/usr/local/munki/simian/lib/python2.6/site-packages/simian-2.4-py2.6.egg/simian/mac/client/preflight.py", line 140, in LoginToServer

    token = client.GetAuthToken()

  File "/usr/local/munki/simian/lib/python2.6/site-packages/simian-2.4-py2.6.egg/simian/client/client.py", line 1828, in GetAuthToken

    self.DoSimianAuth()

  File "/usr/local/munki/simian/lib/python2.6/site-packages/simian-2.4-py2.6.egg/simian/client/client.py", line 1358, in DoSimianAuth

    response = self.Do('POST', auth_url, {'n': cn})

  File "/usr/local/munki/simian/lib/python2.6/site-packages/simian-2.4-py2.6.egg/simian/client/client.py", line 718, in Do

    method, url, body=body, headers=headers, output_file=output_file)

  File "/usr/local/munki/simian/lib/python2.6/site-packages/simian-2.4-py2.6.egg/simian/client/client.py", line 664, in _DoRequestResponse

    conn = self._Connect()

  File "/usr/local/munki/simian/lib/python2.6/site-packages/simian-2.4-py2.6.egg/simian/client/client.py", line 586, in _Connect

    raise SimianClientError('_Connect() httplib.socket.error: %s' % str(e))

simian.client.client.SimianClientError: _Connect() httplib.socket.error: [Errno 60] Operation timed out

due to the great wall(i am in china), i can’t connect the simian server directly , so i use the shadow socks , but also get the message above. 

How to solve this problem? 

[Dan O'Boyle]

周扬 ,

You are correctly diagnosing this as a timeout to your simian instance.  Can you try another method VPN? 
This may be an issue in the long run, if your intended clients cannot easily connect to AppEngine.

Dan OBoyle