Thank you, Rohit. The latest commit works for me.
Best regards
Yuri
----------------------------------------
> Date: Wed, 3 Dec 2014 23:12:33 +0530
> From: rohit.ya...@shapeblue.com
> To: yko...@outlook.com; users@cloudstack.apache.org
> Subject: Re: Cloudmonkey 5.3.0 - problems connecting with self signed
> certificate.
>
> Hi Yuri,
>
> Thanks for sharing the analysis, I've fixed the issue on master branch
> (91afdd318f4ecba13963742f4c0bf28748093ff9). This was a corner case that
> I forgot to consider.
>
> Thanks for your contribution, I'll kickstart CloudMonkey 5.3.1 bugfix
> release soon but meanwhile you may download and install cloudmonkey from
> the git repo's master branch.
>
> On Wednesday 03 December 2014 10:09 PM, Yuri Kogun wrote:
>> Hi Rohit
>> I have tried to get the page directly from python console with and without
>> verify and it worked with verify=False. So there is no problems with openssl
>> or requests library on the VM
>>
>> Please see the output below.
>>
>>
>> Python 2.6.6 (r266:84292, Nov 22 2013, 12:16:22)
>> [GCC 4.4.7 20120313 (Red Hat 4.4.7-4)] on linux2
>> Type "help", "copyright", "credits" or "license" for more information.
>>>>>
>>>>> import requests
>>>>> r = requests.get('https://localhost:6443/client')
>> .....
>> raise SSLError(e, request=request)
>> requests.exceptions.SSLError: [Errno 1] _ssl.c:492: error:14090086:SSL
>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>>
>>>>> r = requests.get('https://localhost:6443/client',verify=False)
>> /usr/lib/python2.6/site-packages/requests/packages/urllib3/connectionpool.py:734:
>> InsecureRequestWarning: Unverified HTTPS request is being made. Adding
>> certificate verification is strongly advised. See:
>> https://urllib3.readthedocs.org/en/latest/security.html
>> InsecureRequestWarning)
>>
>>
>> I checked the source code on cloudmonkey and it looks like the problem is in
>> the login routine line 72 in the requests.py module in Cloudmonkey. The
>> Session.post call does not have verify parameter passed to it. I guess it
>> will only affect users trying to login with username/password authentication.
>>
>>
>> def login(url, username, password, domain="/"):
>> """
>> Login and obtain a session to be used for subsequent API calls
>> Wrong username/password leads to HTTP error code 531
>> """
>> args = {}
>>
>> args["command"] = 'login'
>> args["username"] = username
>> args["password"] = password
>> args["domain"] = domain
>> args["response"] = "json"
>>
>> sessionkey = ''
>> session = requests.Session()
>>
>> try:
>> resp = session.post(url, params=args)
>>
>>
>>
>> Best regards
>> Yuri
>>
>>
>>
>> ----------------------------------------
>>> Date: Wed, 3 Dec 2014 20:52:42 +0530
>>> From: rohit.ya...@shapeblue.com
>>> To: users@cloudstack.apache.org
>>> Subject: Re: Cloudmonkey 5.3.0 - problems connecting with self signed
>>> certificate.
>>>
>>> Hi Yuri,
>>>
>>> Sorry I think I missed that earlier, cloudmonkey uses requests library
>>> to make HTTP/S requests; we pass the verifysslcert option to it. If
>>> you've set it to false, then when making requests using "requests"
>>> library/module we pass it false. You may check the python code and debug
>>> why that is happening. It's a dirty fix, ideally you should make sure
>>> you've valid SSL certificate.
>>>
>>> Check this out for reference:
>>> http://stackoverflow.com/questions/10667960/python-requests-throwing-up-sslerror
>>>
>>> Lastly, can you try to upgrade requests and openssl? And share any
>>> further details which may help fix this issue. Thanks.
>>>
>>> On Wednesday 03 December 2014 07:17 PM, Yuri Kogun wrote:
>>>> Thanks for reply, Rohit
>>>> This is exactly what I am doing, maybe it is not clear from the previous
>>>> email. Below is the output from the log
>>>>
>>>> (local) 🐵> set verifysslcert false(local) 🐵> list zonesConnection refused
>>>> by server: [Errno 1] _ssl.c:492: error:14090086:SSL
>>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failedError
>>>> Authentication failed(local) 🐵>
>>>>
>>>> Below is the output from the log file:
>>>> 2014-12-03 13:44:53,023 - cloudmonkey.py:398 - [DEBUG] Invalid command
>>>> result: None2014-12-03 13:46:05,404 - cloudmonkey.py:98 - [DEBUG] Loaded
>>>> config fields:['profile=local', 'asyncblock=true', 'paramcompletion=true',
>>>> 'history_file=/root/.cloudmonkey/history',
>>>> 'cache_file=/root/.cloudmonkey/cache', 'log_file=/root/.cloudmonkey/log',
>>>> 'color=true', 'prompt=(local) \xf0\x9f\x90\xb5> ', 'display=default',
>>>> 'username=admin', 'domain=/', 'apikey=',
>>>> 'url=https://192.168.56.11:6443/client/api', 'expires=600', 'secretkey=',
>>>> 'timeout=3600', 'password=password', 'verifysslcert=false']2014-12-03
>>>> 13:46:09,051 - requester.py:46 - [DEBUG] ======== START Request
>>>> ========2014-12-03 13:46:09,053 - requester.py:46 - [DEBUG] Requesting
>>>> command=listZones, args={}2014-12-03 13:46:09,079 - connectionpool.py:700
>>>> - [INFO] Starting new HTTPS connection (1): 192.168.56.112014-12-03
>>>> 13:46:09,103 - requester.py:46 - [DEBUG] ======== END Request ========
>>>> 2014-12-03 13:46:09,108 - cloudmonkey.py:398 - [DEBUG] Invalid command
>>>> result: None
>>>>
>>>> Best regards Yuri
>>>>> From: rohit.ya...@shapeblue.com
>>>>> To: yko...@outlook.com
>>>>> CC: users@cloudstack.apache.org
>>>>> Subject: Re: Cloudmonkey 5.3.0 - problems connecting with self signed
>>>>> certificate.
>>>>> Date: Wed, 3 Dec 2014 13:37:11 +0000
>>>>>
>>>>> Hi Yuri,
>>>>>
>>>>> For the specific server profile, there is some issue with SSL cert. You
>>>>> can turn off ssl cert checking in cloudmonkey using:
>>>>>
>>>>> set verifysslcert false
>>>>>
>>>>> This setting is per server profile.
>>>>>
>>>>> This is also documented on the wiki here, for your reference:
>>>>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+cloudmonkey+CLI
>>>>>
>>>>> Hope this helps.
>>>>>
>>>>>> On 03-Dec-2014, at 7:00 pm, Yuri Kogun <yko...@outlook.com> wrote:
>>>>>>
>>>>>> I know this supposed to be fixed in 5.3.0 but it does not work for me.
>>>>>> Can somebody point what I am doing wrong.
>>>>>> I have fresh cloudstack 4.2.1-6 setup configured to listen on https port
>>>>>> 6443. When trying to connect to the server using cloudmonkey I am
>>>>>> getting the following error
>>>>>>
>>>>>> ☁ Apache CloudStack 🐵 cloudmonkey 5.3.0. Type help or ? to list commands.
>>>>>>
>>>>>> Using management server profile: local
>>>>>>
>>>>>> (local) 🐵> set url https://192.168.56.11:6443/client/api
>>>>>> (local) 🐵> list zones
>>>>>> Connection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL
>>>>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>>>>>> Error Authentication failed
>>>>>> (local) 🐵> set verifysslcert False
>>>>>> (local) 🐵> list zones
>>>>>> Connection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL
>>>>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>>>>>> Error Authentication failed
>>>>>> (local) 🐵> cloudmonkey
>>>>>>
>>>>>>
>>>>>> Best regards
>>>>>> Yuri
>>>>>
>>>>> Regards,
>>>>> Rohit Yadav
>>>>> Software Architect, ShapeBlue
>>>>> M. +91 88 262 30892 | rohit.ya...@shapeblue.com
>>>>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>>>>
>>>>>
>>>>>
>>>>> Find out more about ShapeBlue and our range of CloudStack related services
>>>>>
>>>>> IaaS Cloud Design &
>>>>> Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>>>>> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
>>>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>>>>> CloudStack Software
>>>>> Engineering<http://shapeblue.com/cloudstack-software-engineering/>
>>>>> CloudStack Infrastructure
>>>>> Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>>>>> CloudStack Bootcamp Training
>>>>> Courses<http://shapeblue.com/cloudstack-training/>
>>>>>
>>>>> This email and any attachments to it may be confidential and are intended
>>>>> solely for the use of the individual to whom it is addressed. Any views
>>>>> or opinions expressed are solely those of the author and do not
>>>>> necessarily represent those of Shape Blue Ltd or related companies. If
>>>>> you are not the intended recipient of this email, you must neither take
>>>>> any action based upon its contents, nor copy or show it to anyone. Please
>>>>> contact the sender if you believe you have received this email in error.
>>>>> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue
>>>>> Services India LLP is a company incorporated in India and is operated
>>>>> under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is
>>>>> a company incorporated in Brasil and is operated under license from Shape
>>>>> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of
>>>>> South Africa and is traded under license from Shape Blue Ltd. ShapeBlue
>>>>> is a registered trademark.
>>>>
>>>>
>>>
>>> --
>>> Regards,
>>> Rohit Yadav
>>> Software Architect, ShapeBlue
>>> M. +91 8826230892 | rohit.ya...@shapeblue.com
>>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>> Find out more about ShapeBlue and our range of CloudStack related services
>>>
>>> IaaS Cloud Design &
>>> Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>>> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>>> CloudStack Software
>>> Engineering<http://shapeblue.com/cloudstack-software-engineering/>
>>> CloudStack Infrastructure
>>> Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>>> CloudStack Bootcamp Training
>>> Courses<http://shapeblue.com/cloudstack-training/>
>>>
>>> This email and any attachments to it may be confidential and are intended
>>> solely for the use of the individual to whom it is addressed. Any views or
>>> opinions expressed are solely those of the author and do not necessarily
>>> represent those of Shape Blue Ltd or related companies. If you are not the
>>> intended recipient of this email, you must neither take any action based
>>> upon its contents, nor copy or show it to anyone. Please contact the sender
>>> if you believe you have received this email in error. Shape Blue Ltd is a
>>> company incorporated in England & Wales. ShapeBlue Services India LLP is a
>>> company incorporated in India and is operated under license from Shape Blue
>>> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil
>>> and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is
>>> a company registered by The Republic of South Africa and is traded under
>>> license from Shape Blue Ltd. ShapeBlue is a registered trademark.
>>
>>
>
> --
> Regards,
> Rohit Yadav
> Software Architect, ShapeBlue
> M. +91 8826230892 | rohit.ya...@shapeblue.com
> Blog: bhaisaab.org | Twitter: @_bhaisaab
> Find out more about ShapeBlue and our range of CloudStack related services
>
> IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//>
> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
> CloudStack Software
> Engineering<http://shapeblue.com/cloudstack-software-engineering/>
> CloudStack Infrastructure
> Support<http://shapeblue.com/cloudstack-infrastructure-support/>
> CloudStack Bootcamp Training
> Courses<http://shapeblue.com/cloudstack-training/>
>
> This email and any attachments to it may be confidential and are intended
> solely for the use of the individual to whom it is addressed. Any views or
> opinions expressed are solely those of the author and do not necessarily
> represent those of Shape Blue Ltd or related companies. If you are not the
> intended recipient of this email, you must neither take any action based upon
> its contents, nor copy or show it to anyone. Please contact the sender if you
> believe you have received this email in error. Shape Blue Ltd is a company
> incorporated in England & Wales. ShapeBlue Services India LLP is a company
> incorporated in India and is operated under license from Shape Blue Ltd.
> Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is
> operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company
> registered by The Republic of South Africa and is traded under license from
> Shape Blue Ltd. ShapeBlue is a registered trademark.
