Thank you, Rohit. The latest commit works for me. Best regards Yuri
---------------------------------------- > Date: Wed, 3 Dec 2014 23:12:33 +0530 > From: [email protected] > To: [email protected]; [email protected] > Subject: Re: Cloudmonkey 5.3.0 - problems connecting with self signed > certificate. > > Hi Yuri, > > Thanks for sharing the analysis, I've fixed the issue on master branch > (91afdd318f4ecba13963742f4c0bf28748093ff9). This was a corner case that > I forgot to consider. > > Thanks for your contribution, I'll kickstart CloudMonkey 5.3.1 bugfix > release soon but meanwhile you may download and install cloudmonkey from > the git repo's master branch. > > On Wednesday 03 December 2014 10:09 PM, Yuri Kogun wrote: >> Hi Rohit >> I have tried to get the page directly from python console with and without >> verify and it worked with verify=False. So there is no problems with openssl >> or requests library on the VM >> >> Please see the output below. >> >> >> Python 2.6.6 (r266:84292, Nov 22 2013, 12:16:22) >> [GCC 4.4.7 20120313 (Red Hat 4.4.7-4)] on linux2 >> Type "help", "copyright", "credits" or "license" for more information. >>>>> >>>>> import requests >>>>> r = requests.get('https://localhost:6443/client') >> ..... >> raise SSLError(e, request=request) >> requests.exceptions.SSLError: [Errno 1] _ssl.c:492: error:14090086:SSL >> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >> >>>>> r = requests.get('https://localhost:6443/client',verify=False) >> /usr/lib/python2.6/site-packages/requests/packages/urllib3/connectionpool.py:734: >> InsecureRequestWarning: Unverified HTTPS request is being made. Adding >> certificate verification is strongly advised. See: >> https://urllib3.readthedocs.org/en/latest/security.html >> InsecureRequestWarning) >> >> >> I checked the source code on cloudmonkey and it looks like the problem is in >> the login routine line 72 in the requests.py module in Cloudmonkey. The >> Session.post call does not have verify parameter passed to it. I guess it >> will only affect users trying to login with username/password authentication. >> >> >> def login(url, username, password, domain="/"): >> """ >> Login and obtain a session to be used for subsequent API calls >> Wrong username/password leads to HTTP error code 531 >> """ >> args = {} >> >> args["command"] = 'login' >> args["username"] = username >> args["password"] = password >> args["domain"] = domain >> args["response"] = "json" >> >> sessionkey = '' >> session = requests.Session() >> >> try: >> resp = session.post(url, params=args) >> >> >> >> Best regards >> Yuri >> >> >> >> ---------------------------------------- >>> Date: Wed, 3 Dec 2014 20:52:42 +0530 >>> From: [email protected] >>> To: [email protected] >>> Subject: Re: Cloudmonkey 5.3.0 - problems connecting with self signed >>> certificate. >>> >>> Hi Yuri, >>> >>> Sorry I think I missed that earlier, cloudmonkey uses requests library >>> to make HTTP/S requests; we pass the verifysslcert option to it. If >>> you've set it to false, then when making requests using "requests" >>> library/module we pass it false. You may check the python code and debug >>> why that is happening. It's a dirty fix, ideally you should make sure >>> you've valid SSL certificate. >>> >>> Check this out for reference: >>> http://stackoverflow.com/questions/10667960/python-requests-throwing-up-sslerror >>> >>> Lastly, can you try to upgrade requests and openssl? And share any >>> further details which may help fix this issue. Thanks. >>> >>> On Wednesday 03 December 2014 07:17 PM, Yuri Kogun wrote: >>>> Thanks for reply, Rohit >>>> This is exactly what I am doing, maybe it is not clear from the previous >>>> email. Below is the output from the log >>>> >>>> (local) 🐵> set verifysslcert false(local) 🐵> list zonesConnection refused >>>> by server: [Errno 1] _ssl.c:492: error:14090086:SSL >>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failedError >>>> Authentication failed(local) 🐵> >>>> >>>> Below is the output from the log file: >>>> 2014-12-03 13:44:53,023 - cloudmonkey.py:398 - [DEBUG] Invalid command >>>> result: None2014-12-03 13:46:05,404 - cloudmonkey.py:98 - [DEBUG] Loaded >>>> config fields:['profile=local', 'asyncblock=true', 'paramcompletion=true', >>>> 'history_file=/root/.cloudmonkey/history', >>>> 'cache_file=/root/.cloudmonkey/cache', 'log_file=/root/.cloudmonkey/log', >>>> 'color=true', 'prompt=(local) \xf0\x9f\x90\xb5> ', 'display=default', >>>> 'username=admin', 'domain=/', 'apikey=', >>>> 'url=https://192.168.56.11:6443/client/api', 'expires=600', 'secretkey=', >>>> 'timeout=3600', 'password=password', 'verifysslcert=false']2014-12-03 >>>> 13:46:09,051 - requester.py:46 - [DEBUG] ======== START Request >>>> ========2014-12-03 13:46:09,053 - requester.py:46 - [DEBUG] Requesting >>>> command=listZones, args={}2014-12-03 13:46:09,079 - connectionpool.py:700 >>>> - [INFO] Starting new HTTPS connection (1): 192.168.56.112014-12-03 >>>> 13:46:09,103 - requester.py:46 - [DEBUG] ======== END Request ======== >>>> 2014-12-03 13:46:09,108 - cloudmonkey.py:398 - [DEBUG] Invalid command >>>> result: None >>>> >>>> Best regards Yuri >>>>> From: [email protected] >>>>> To: [email protected] >>>>> CC: [email protected] >>>>> Subject: Re: Cloudmonkey 5.3.0 - problems connecting with self signed >>>>> certificate. >>>>> Date: Wed, 3 Dec 2014 13:37:11 +0000 >>>>> >>>>> Hi Yuri, >>>>> >>>>> For the specific server profile, there is some issue with SSL cert. You >>>>> can turn off ssl cert checking in cloudmonkey using: >>>>> >>>>> set verifysslcert false >>>>> >>>>> This setting is per server profile. >>>>> >>>>> This is also documented on the wiki here, for your reference: >>>>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+cloudmonkey+CLI >>>>> >>>>> Hope this helps. >>>>> >>>>>> On 03-Dec-2014, at 7:00 pm, Yuri Kogun <[email protected]> wrote: >>>>>> >>>>>> I know this supposed to be fixed in 5.3.0 but it does not work for me. >>>>>> Can somebody point what I am doing wrong. >>>>>> I have fresh cloudstack 4.2.1-6 setup configured to listen on https port >>>>>> 6443. When trying to connect to the server using cloudmonkey I am >>>>>> getting the following error >>>>>> >>>>>> ☁ Apache CloudStack 🐵 cloudmonkey 5.3.0. Type help or ? to list commands. >>>>>> >>>>>> Using management server profile: local >>>>>> >>>>>> (local) 🐵> set url https://192.168.56.11:6443/client/api >>>>>> (local) 🐵> list zones >>>>>> Connection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL >>>>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >>>>>> Error Authentication failed >>>>>> (local) 🐵> set verifysslcert False >>>>>> (local) 🐵> list zones >>>>>> Connection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL >>>>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >>>>>> Error Authentication failed >>>>>> (local) 🐵> cloudmonkey >>>>>> >>>>>> >>>>>> Best regards >>>>>> Yuri >>>>> >>>>> Regards, >>>>> Rohit Yadav >>>>> Software Architect, ShapeBlue >>>>> M. +91 88 262 30892 | [email protected] >>>>> Blog: bhaisaab.org | Twitter: @_bhaisaab >>>>> >>>>> >>>>> >>>>> Find out more about ShapeBlue and our range of CloudStack related services >>>>> >>>>> IaaS Cloud Design & >>>>> Build<http://shapeblue.com/iaas-cloud-design-and-build//> >>>>> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> >>>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> >>>>> CloudStack Software >>>>> Engineering<http://shapeblue.com/cloudstack-software-engineering/> >>>>> CloudStack Infrastructure >>>>> Support<http://shapeblue.com/cloudstack-infrastructure-support/> >>>>> CloudStack Bootcamp Training >>>>> Courses<http://shapeblue.com/cloudstack-training/> >>>>> >>>>> This email and any attachments to it may be confidential and are intended >>>>> solely for the use of the individual to whom it is addressed. Any views >>>>> or opinions expressed are solely those of the author and do not >>>>> necessarily represent those of Shape Blue Ltd or related companies. If >>>>> you are not the intended recipient of this email, you must neither take >>>>> any action based upon its contents, nor copy or show it to anyone. Please >>>>> contact the sender if you believe you have received this email in error. >>>>> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue >>>>> Services India LLP is a company incorporated in India and is operated >>>>> under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is >>>>> a company incorporated in Brasil and is operated under license from Shape >>>>> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of >>>>> South Africa and is traded under license from Shape Blue Ltd. ShapeBlue >>>>> is a registered trademark. >>>> >>>> >>> >>> -- >>> Regards, >>> Rohit Yadav >>> Software Architect, ShapeBlue >>> M. +91 8826230892 | [email protected] >>> Blog: bhaisaab.org | Twitter: @_bhaisaab >>> Find out more about ShapeBlue and our range of CloudStack related services >>> >>> IaaS Cloud Design & >>> Build<http://shapeblue.com/iaas-cloud-design-and-build//> >>> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> >>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> >>> CloudStack Software >>> Engineering<http://shapeblue.com/cloudstack-software-engineering/> >>> CloudStack Infrastructure >>> Support<http://shapeblue.com/cloudstack-infrastructure-support/> >>> CloudStack Bootcamp Training >>> Courses<http://shapeblue.com/cloudstack-training/> >>> >>> This email and any attachments to it may be confidential and are intended >>> solely for the use of the individual to whom it is addressed. Any views or >>> opinions expressed are solely those of the author and do not necessarily >>> represent those of Shape Blue Ltd or related companies. If you are not the >>> intended recipient of this email, you must neither take any action based >>> upon its contents, nor copy or show it to anyone. Please contact the sender >>> if you believe you have received this email in error. Shape Blue Ltd is a >>> company incorporated in England & Wales. ShapeBlue Services India LLP is a >>> company incorporated in India and is operated under license from Shape Blue >>> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil >>> and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is >>> a company registered by The Republic of South Africa and is traded under >>> license from Shape Blue Ltd. ShapeBlue is a registered trademark. >> >> > > -- > Regards, > Rohit Yadav > Software Architect, ShapeBlue > M. +91 8826230892 | [email protected] > Blog: bhaisaab.org | Twitter: @_bhaisaab > Find out more about ShapeBlue and our range of CloudStack related services > > IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> > CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> > CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> > CloudStack Software > Engineering<http://shapeblue.com/cloudstack-software-engineering/> > CloudStack Infrastructure > Support<http://shapeblue.com/cloudstack-infrastructure-support/> > CloudStack Bootcamp Training > Courses<http://shapeblue.com/cloudstack-training/> > > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. Any views or > opinions expressed are solely those of the author and do not necessarily > represent those of Shape Blue Ltd or related companies. If you are not the > intended recipient of this email, you must neither take any action based upon > its contents, nor copy or show it to anyone. Please contact the sender if you > believe you have received this email in error. Shape Blue Ltd is a company > incorporated in England & Wales. ShapeBlue Services India LLP is a company > incorporated in India and is operated under license from Shape Blue Ltd. > Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is > operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company > registered by The Republic of South Africa and is traded under license from > Shape Blue Ltd. ShapeBlue is a registered trademark.
