You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cloudstack.apache.org by Yuri Kogun <yk...@outlook.com> on 2014/12/03 14:30:15 UTC

Cloudmonkey 5.3.0 - problems connecting with self signed certificate.

I know this supposed to be fixed in 5.3.0 but it does not work for me. Can somebody point what I am doing wrong. I have fresh cloudstack 4.2.1-6 setup configured to listen on https port 6443.  When trying to connect to the server using cloudmonkey I am getting the following error 
☁ Apache CloudStack 🐵 cloudmonkey 5.3.0. Type help or ? to list commands.
Using management server profile: local
(local) 🐵 > set url https://192.168.56.11:6443/client/api(local) 🐵 > list zonesConnection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failedError Authentication failed(local) 🐵 > set verifysslcert False(local) 🐵 > list zonesConnection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failedError Authentication failed(local) 🐵 >  cloudmonkey

Best regards Yuri

RE: Cloudmonkey 5.3.0 - problems connecting with self signed certificate.

Posted by Yuri Kogun <yk...@outlook.com>.

Thank you, Rohit.  The latest commit works for me. 

Best regards 
Yuri 

----------------------------------------
> Date: Wed, 3 Dec 2014 23:12:33 +0530
> From: rohit.yadav@shapeblue.com
> To: ykogun@outlook.com; users@cloudstack.apache.org
> Subject: Re: Cloudmonkey 5.3.0 - problems connecting with self signed certificate.
>
> Hi Yuri,
>
> Thanks for sharing the analysis, I've fixed the issue on master branch
> (91afdd318f4ecba13963742f4c0bf28748093ff9). This was a corner case that
> I forgot to consider.
>
> Thanks for your contribution, I'll kickstart CloudMonkey 5.3.1 bugfix
> release soon but meanwhile you may download and install cloudmonkey from
> the git repo's master branch.
>
> On Wednesday 03 December 2014 10:09 PM, Yuri Kogun wrote:
>> Hi Rohit
>> I have tried to get the page directly from python console with and without verify and it worked with verify=False. So there is no problems with openssl or requests library on the VM
>>
>> Please see the output below.
>>
>>
>> Python 2.6.6 (r266:84292, Nov 22 2013, 12:16:22)
>> [GCC 4.4.7 20120313 (Red Hat 4.4.7-4)] on linux2
>> Type "help", "copyright", "credits" or "license" for more information.
>>>>>
>>>>> import requests
>>>>> r = requests.get('https://localhost:6443/client')
>> .....
>> raise SSLError(e, request=request)
>> requests.exceptions.SSLError: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>>
>>>>> r = requests.get('https://localhost:6443/client',verify=False)
>> /usr/lib/python2.6/site-packages/requests/packages/urllib3/connectionpool.py:734: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
>> InsecureRequestWarning)
>>
>>
>> I checked the source code on cloudmonkey and it looks like the problem is in the login routine line 72 in the requests.py module in Cloudmonkey. The Session.post call does not have verify parameter passed to it. I guess it will only affect users trying to login with username/password authentication.
>>
>>
>> def login(url, username, password, domain="/"):
>> """
>> Login and obtain a session to be used for subsequent API calls
>> Wrong username/password leads to HTTP error code 531
>> """
>> args = {}
>>
>> args["command"] = 'login'
>> args["username"] = username
>> args["password"] = password
>> args["domain"] = domain
>> args["response"] = "json"
>>
>> sessionkey = ''
>> session = requests.Session()
>>
>> try:
>> resp = session.post(url, params=args)
>>
>>
>>
>> Best regards
>> Yuri
>>
>>
>>
>> ----------------------------------------
>>> Date: Wed, 3 Dec 2014 20:52:42 +0530
>>> From: rohit.yadav@shapeblue.com
>>> To: users@cloudstack.apache.org
>>> Subject: Re: Cloudmonkey 5.3.0 - problems connecting with self signed certificate.
>>>
>>> Hi Yuri,
>>>
>>> Sorry I think I missed that earlier, cloudmonkey uses requests library
>>> to make HTTP/S requests; we pass the verifysslcert option to it. If
>>> you've set it to false, then when making requests using "requests"
>>> library/module we pass it false. You may check the python code and debug
>>> why that is happening. It's a dirty fix, ideally you should make sure
>>> you've valid SSL certificate.
>>>
>>> Check this out for reference:
>>> http://stackoverflow.com/questions/10667960/python-requests-throwing-up-sslerror
>>>
>>> Lastly, can you try to upgrade requests and openssl? And share any
>>> further details which may help fix this issue. Thanks.
>>>
>>> On Wednesday 03 December 2014 07:17 PM, Yuri Kogun wrote:
>>>> Thanks for reply, Rohit
>>>> This is exactly what I am doing, maybe it is not clear from the previous email. Below is the output from the log
>>>>
>>>> (local) 🐵> set verifysslcert false(local) 🐵> list zonesConnection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failedError Authentication failed(local) 🐵>
>>>>
>>>> Below is the output from the log file:
>>>> 2014-12-03 13:44:53,023 - cloudmonkey.py:398 - [DEBUG] Invalid command result: None2014-12-03 13:46:05,404 - cloudmonkey.py:98 - [DEBUG] Loaded config fields:['profile=local', 'asyncblock=true', 'paramcompletion=true', 'history_file=/root/.cloudmonkey/history', 'cache_file=/root/.cloudmonkey/cache', 'log_file=/root/.cloudmonkey/log', 'color=true', 'prompt=(local) \xf0\x9f\x90\xb5> ', 'display=default', 'username=admin', 'domain=/', 'apikey=', 'url=https://192.168.56.11:6443/client/api', 'expires=600', 'secretkey=', 'timeout=3600', 'password=password', 'verifysslcert=false']2014-12-03 13:46:09,051 - requester.py:46 - [DEBUG] ======== START Request ========2014-12-03 13:46:09,053 - requester.py:46 - [DEBUG] Requesting command=listZones, args={}2014-12-03 13:46:09,079 - connectionpool.py:700 - [INFO] Starting new HTTPS connection (1): 192.168.56.112014-12-03 13:46:09,103 - requester.py:46 - [DEBUG] ======== END Request ========
>>>> 2014-12-03 13:46:09,108 - cloudmonkey.py:398 - [DEBUG] Invalid command result: None
>>>>
>>>> Best regards Yuri
>>>>> From: rohit.yadav@shapeblue.com
>>>>> To: ykogun@outlook.com
>>>>> CC: users@cloudstack.apache.org
>>>>> Subject: Re: Cloudmonkey 5.3.0 - problems connecting with self signed certificate.
>>>>> Date: Wed, 3 Dec 2014 13:37:11 +0000
>>>>>
>>>>> Hi Yuri,
>>>>>
>>>>> For the specific server profile, there is some issue with SSL cert. You can turn off ssl cert checking in cloudmonkey using:
>>>>>
>>>>> set verifysslcert false
>>>>>
>>>>> This setting is per server profile.
>>>>>
>>>>> This is also documented on the wiki here, for your reference:
>>>>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+cloudmonkey+CLI
>>>>>
>>>>> Hope this helps.
>>>>>
>>>>>> On 03-Dec-2014, at 7:00 pm, Yuri Kogun <yk...@outlook.com> wrote:
>>>>>>
>>>>>> I know this supposed to be fixed in 5.3.0 but it does not work for me. Can somebody point what I am doing wrong.
>>>>>> I have fresh cloudstack 4.2.1-6 setup configured to listen on https port 6443. When trying to connect to the server using cloudmonkey I am getting the following error
>>>>>>
>>>>>> ☁ Apache CloudStack 🐵 cloudmonkey 5.3.0. Type help or ? to list commands.
>>>>>>
>>>>>> Using management server profile: local
>>>>>>
>>>>>> (local) 🐵> set url https://192.168.56.11:6443/client/api
>>>>>> (local) 🐵> list zones
>>>>>> Connection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>>>>>> Error Authentication failed
>>>>>> (local) 🐵> set verifysslcert False
>>>>>> (local) 🐵> list zones
>>>>>> Connection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>>>>>> Error Authentication failed
>>>>>> (local) 🐵> cloudmonkey
>>>>>>
>>>>>>
>>>>>> Best regards
>>>>>> Yuri
>>>>>
>>>>> Regards,
>>>>> Rohit Yadav
>>>>> Software Architect, ShapeBlue
>>>>> M. +91 88 262 30892 | rohit.yadav@shapeblue.com
>>>>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>>>>
>>>>>
>>>>>
>>>>> Find out more about ShapeBlue and our range of CloudStack related services
>>>>>
>>>>> IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>>>>> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
>>>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>>>>> CloudStack Software Engineering<http://shapeblue.com/cloudstack-software-engineering/>
>>>>> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>>>>> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/>
>>>>>
>>>>> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
>>>>
>>>>
>>>
>>> --
>>> Regards,
>>> Rohit Yadav
>>> Software Architect, ShapeBlue
>>> M. +91 8826230892 | rohit.yadav@shapeblue.com
>>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>> Find out more about ShapeBlue and our range of CloudStack related services
>>>
>>> IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>>> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>>> CloudStack Software Engineering<http://shapeblue.com/cloudstack-software-engineering/>
>>> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>>> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/>
>>>
>>> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
>>
>>
>
> --
> Regards,
> Rohit Yadav
> Software Architect, ShapeBlue
> M. +91 8826230892 | rohit.yadav@shapeblue.com
> Blog: bhaisaab.org | Twitter: @_bhaisaab
> Find out more about ShapeBlue and our range of CloudStack related services
>
> IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//>
> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
> CloudStack Software Engineering<http://shapeblue.com/cloudstack-software-engineering/>
> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/>
> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/>
>
> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.

Re: Cloudmonkey 5.3.0 - problems connecting with self signed certificate.

Posted by Rohit Yadav <ro...@shapeblue.com>.

Hi Yuri,

Thanks for sharing the analysis, I've fixed the issue on master branch
(91afdd318f4ecba13963742f4c0bf28748093ff9). This was a corner case that
I forgot to consider.

Thanks for your contribution, I'll kickstart CloudMonkey 5.3.1 bugfix
release soon but meanwhile you may download and install cloudmonkey from
the git repo's master branch.

On Wednesday 03 December 2014 10:09 PM, Yuri Kogun wrote:
> Hi Rohit
> I have tried to get the page directly from python console  with and without verify and it worked with verify=False. So there is no problems with openssl or requests library on the VM
>
> Please see the output below.
>
>
> Python 2.6.6 (r266:84292, Nov 22 2013, 12:16:22)
> [GCC 4.4.7 20120313 (Red Hat 4.4.7-4)] on linux2
> Type "help", "copyright", "credits" or "license" for more information.
>>>>
>>>> import requests
>>>> r = requests.get('https://localhost:6443/client')
> .....
> raise SSLError(e, request=request)
> requests.exceptions.SSLError: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>
>>>> r = requests.get('https://localhost:6443/client',verify=False)
> /usr/lib/python2.6/site-packages/requests/packages/urllib3/connectionpool.py:734: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
>    InsecureRequestWarning)
>
>
> I checked the source code on cloudmonkey and it looks like the problem is in the login routine line 72  in the requests.py module in Cloudmonkey. The Session.post call does not have verify parameter passed to it. I guess it will only affect users trying to login with username/password authentication.
>
>
> def login(url, username, password, domain="/"):
>      """
>      Login and obtain a session to be used for subsequent API calls
>      Wrong username/password leads to HTTP error code 531
>      """
>      args = {}
>
>      args["command"] = 'login'
>      args["username"] = username
>      args["password"] = password
>      args["domain"] = domain
>      args["response"] = "json"
>
>      sessionkey = ''
>      session = requests.Session()
>
>      try:
>          resp = session.post(url, params=args)
>
>
>
> Best regards
> Yuri
>
>
>
> ----------------------------------------
>> Date: Wed, 3 Dec 2014 20:52:42 +0530
>> From: rohit.yadav@shapeblue.com
>> To: users@cloudstack.apache.org
>> Subject: Re: Cloudmonkey 5.3.0 - problems connecting with self signed certificate.
>>
>> Hi Yuri,
>>
>> Sorry I think I missed that earlier, cloudmonkey uses requests library
>> to make HTTP/S requests; we pass the verifysslcert option to it. If
>> you've set it to false, then when making requests using "requests"
>> library/module we pass it false. You may check the python code and debug
>> why that is happening. It's a dirty fix, ideally you should make sure
>> you've valid SSL certificate.
>>
>> Check this out for reference:
>> http://stackoverflow.com/questions/10667960/python-requests-throwing-up-sslerror
>>
>> Lastly, can you try to upgrade requests and openssl? And share any
>> further details which may help fix this issue. Thanks.
>>
>> On Wednesday 03 December 2014 07:17 PM, Yuri Kogun wrote:
>>> Thanks for reply, Rohit
>>> This is exactly what I am doing, maybe it is not clear from the previous email. Below is the output from the log
>>>
>>> (local) 🐵> set verifysslcert false(local) 🐵> list zonesConnection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failedError Authentication failed(local) 🐵>
>>>
>>> Below is the output from the log file:
>>> 2014-12-03 13:44:53,023 - cloudmonkey.py:398 - [DEBUG] Invalid command result: None2014-12-03 13:46:05,404 - cloudmonkey.py:98 - [DEBUG] Loaded config fields:['profile=local', 'asyncblock=true', 'paramcompletion=true', 'history_file=/root/.cloudmonkey/history', 'cache_file=/root/.cloudmonkey/cache', 'log_file=/root/.cloudmonkey/log', 'color=true', 'prompt=(local) \xf0\x9f\x90\xb5> ', 'display=default', 'username=admin', 'domain=/', 'apikey=', 'url=https://192.168.56.11:6443/client/api', 'expires=600', 'secretkey=', 'timeout=3600', 'password=password', 'verifysslcert=false']2014-12-03 13:46:09,051 - requester.py:46 - [DEBUG] ======== START Request ========2014-12-03 13:46:09,053 - requester.py:46 - [DEBUG] Requesting command=listZones, args={}2014-12-03 13:46:09,079 - connectionpool.py:700 - [INFO] Starting new HTTPS connection (1): 192.168.56.112014-12-03 13:46:09,103 - requester.py:46 - [DEBUG] ======== END Request ========
>>> 2014-12-03 13:46:09,108 - cloudmonkey.py:398 - [DEBUG] Invalid command result: None
>>>
>>> Best regards Yuri
>>>> From: rohit.yadav@shapeblue.com
>>>> To: ykogun@outlook.com
>>>> CC: users@cloudstack.apache.org
>>>> Subject: Re: Cloudmonkey 5.3.0 - problems connecting with self signed certificate.
>>>> Date: Wed, 3 Dec 2014 13:37:11 +0000
>>>>
>>>> Hi Yuri,
>>>>
>>>> For the specific server profile, there is some issue with SSL cert. You can turn off ssl cert checking in cloudmonkey using:
>>>>
>>>> set verifysslcert false
>>>>
>>>> This setting is per server profile.
>>>>
>>>> This is also documented on the wiki here, for your reference:
>>>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+cloudmonkey+CLI
>>>>
>>>> Hope this helps.
>>>>
>>>>> On 03-Dec-2014, at 7:00 pm, Yuri Kogun <yk...@outlook.com> wrote:
>>>>>
>>>>> I know this supposed to be fixed in 5.3.0 but it does not work for me. Can somebody point what I am doing wrong.
>>>>> I have fresh cloudstack 4.2.1-6 setup configured to listen on https port 6443. When trying to connect to the server using cloudmonkey I am getting the following error
>>>>>
>>>>> ☁ Apache CloudStack 🐵 cloudmonkey 5.3.0. Type help or ? to list commands.
>>>>>
>>>>> Using management server profile: local
>>>>>
>>>>> (local) 🐵> set url https://192.168.56.11:6443/client/api
>>>>> (local) 🐵> list zones
>>>>> Connection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>>>>> Error Authentication failed
>>>>> (local) 🐵> set verifysslcert False
>>>>> (local) 🐵> list zones
>>>>> Connection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>>>>> Error Authentication failed
>>>>> (local) 🐵> cloudmonkey
>>>>>
>>>>>
>>>>> Best regards
>>>>> Yuri
>>>>
>>>> Regards,
>>>> Rohit Yadav
>>>> Software Architect, ShapeBlue
>>>> M. +91 88 262 30892 | rohit.yadav@shapeblue.com
>>>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>>>
>>>>
>>>>
>>>> Find out more about ShapeBlue and our range of CloudStack related services
>>>>
>>>> IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>>>> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
>>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>>>> CloudStack Software Engineering<http://shapeblue.com/cloudstack-software-engineering/>
>>>> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>>>> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/>
>>>>
>>>> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
>>>
>>>
>>
>> --
>> Regards,
>> Rohit Yadav
>> Software Architect, ShapeBlue
>> M. +91 8826230892 | rohit.yadav@shapeblue.com
>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>> Find out more about ShapeBlue and our range of CloudStack related services
>>
>> IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>> CloudStack Software Engineering<http://shapeblue.com/cloudstack-software-engineering/>
>> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/>
>>
>> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
>
>

--
Regards,
Rohit Yadav
Software Architect, ShapeBlue
M. +91 8826230892 | rohit.yadav@shapeblue.com
Blog: bhaisaab.org | Twitter: @_bhaisaab
Find out more about ShapeBlue and our range of CloudStack related services

IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//>
CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
CloudStack Software Engineering<http://shapeblue.com/cloudstack-software-engineering/>
CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/>
CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/>

This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.

RE: Cloudmonkey 5.3.0 - problems connecting with self signed certificate.

Posted by Yuri Kogun <yk...@outlook.com>.

Hi Rohit 
I have tried to get the page directly from python console  with and without verify and it worked with verify=False. So there is no problems with openssl or requests library on the VM 

Please see the output below. 


Python 2.6.6 (r266:84292, Nov 22 2013, 12:16:22)
[GCC 4.4.7 20120313 (Red Hat 4.4.7-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>>
>>> import requests
>>> r = requests.get('https://localhost:6443/client')
.....
raise SSLError(e, request=request)
requests.exceptions.SSLError: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

>>> r = requests.get('https://localhost:6443/client',verify=False)
/usr/lib/python2.6/site-packages/requests/packages/urllib3/connectionpool.py:734: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
  InsecureRequestWarning)


I checked the source code on cloudmonkey and it looks like the problem is in the login routine line 72  in the requests.py module in Cloudmonkey. The Session.post call does not have verify parameter passed to it. I guess it will only affect users trying to login with username/password authentication. 


def login(url, username, password, domain="/"):
    """
    Login and obtain a session to be used for subsequent API calls
    Wrong username/password leads to HTTP error code 531
    """
    args = {}

    args["command"] = 'login'
    args["username"] = username
    args["password"] = password
    args["domain"] = domain
    args["response"] = "json"

    sessionkey = ''
    session = requests.Session()

    try:
        resp = session.post(url, params=args)



Best regards 
Yuri 



----------------------------------------
> Date: Wed, 3 Dec 2014 20:52:42 +0530
> From: rohit.yadav@shapeblue.com
> To: users@cloudstack.apache.org
> Subject: Re: Cloudmonkey 5.3.0 - problems connecting with self signed certificate.
>
> Hi Yuri,
>
> Sorry I think I missed that earlier, cloudmonkey uses requests library
> to make HTTP/S requests; we pass the verifysslcert option to it. If
> you've set it to false, then when making requests using "requests"
> library/module we pass it false. You may check the python code and debug
> why that is happening. It's a dirty fix, ideally you should make sure
> you've valid SSL certificate.
>
> Check this out for reference:
> http://stackoverflow.com/questions/10667960/python-requests-throwing-up-sslerror
>
> Lastly, can you try to upgrade requests and openssl? And share any
> further details which may help fix this issue. Thanks.
>
> On Wednesday 03 December 2014 07:17 PM, Yuri Kogun wrote:
>> Thanks for reply, Rohit
>> This is exactly what I am doing, maybe it is not clear from the previous email. Below is the output from the log
>>
>> (local) 🐵> set verifysslcert false(local) 🐵> list zonesConnection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failedError Authentication failed(local) 🐵>
>>
>> Below is the output from the log file:
>> 2014-12-03 13:44:53,023 - cloudmonkey.py:398 - [DEBUG] Invalid command result: None2014-12-03 13:46:05,404 - cloudmonkey.py:98 - [DEBUG] Loaded config fields:['profile=local', 'asyncblock=true', 'paramcompletion=true', 'history_file=/root/.cloudmonkey/history', 'cache_file=/root/.cloudmonkey/cache', 'log_file=/root/.cloudmonkey/log', 'color=true', 'prompt=(local) \xf0\x9f\x90\xb5> ', 'display=default', 'username=admin', 'domain=/', 'apikey=', 'url=https://192.168.56.11:6443/client/api', 'expires=600', 'secretkey=', 'timeout=3600', 'password=password', 'verifysslcert=false']2014-12-03 13:46:09,051 - requester.py:46 - [DEBUG] ======== START Request ========2014-12-03 13:46:09,053 - requester.py:46 - [DEBUG] Requesting command=listZones, args={}2014-12-03 13:46:09,079 - connectionpool.py:700 - [INFO] Starting new HTTPS connection (1): 192.168.56.112014-12-03 13:46:09,103 - requester.py:46 - [DEBUG] ======== END Request ========
>> 2014-12-03 13:46:09,108 - cloudmonkey.py:398 - [DEBUG] Invalid command result: None
>>
>> Best regards Yuri
>>> From: rohit.yadav@shapeblue.com
>>> To: ykogun@outlook.com
>>> CC: users@cloudstack.apache.org
>>> Subject: Re: Cloudmonkey 5.3.0 - problems connecting with self signed certificate.
>>> Date: Wed, 3 Dec 2014 13:37:11 +0000
>>>
>>> Hi Yuri,
>>>
>>> For the specific server profile, there is some issue with SSL cert. You can turn off ssl cert checking in cloudmonkey using:
>>>
>>> set verifysslcert false
>>>
>>> This setting is per server profile.
>>>
>>> This is also documented on the wiki here, for your reference:
>>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+cloudmonkey+CLI
>>>
>>> Hope this helps.
>>>
>>>> On 03-Dec-2014, at 7:00 pm, Yuri Kogun <yk...@outlook.com> wrote:
>>>>
>>>> I know this supposed to be fixed in 5.3.0 but it does not work for me. Can somebody point what I am doing wrong.
>>>> I have fresh cloudstack 4.2.1-6 setup configured to listen on https port 6443. When trying to connect to the server using cloudmonkey I am getting the following error
>>>>
>>>> ☁ Apache CloudStack 🐵 cloudmonkey 5.3.0. Type help or ? to list commands.
>>>>
>>>> Using management server profile: local
>>>>
>>>> (local) 🐵> set url https://192.168.56.11:6443/client/api
>>>> (local) 🐵> list zones
>>>> Connection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>>>> Error Authentication failed
>>>> (local) 🐵> set verifysslcert False
>>>> (local) 🐵> list zones
>>>> Connection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>>>> Error Authentication failed
>>>> (local) 🐵> cloudmonkey
>>>>
>>>>
>>>> Best regards
>>>> Yuri
>>>
>>> Regards,
>>> Rohit Yadav
>>> Software Architect, ShapeBlue
>>> M. +91 88 262 30892 | rohit.yadav@shapeblue.com
>>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>>
>>>
>>>
>>> Find out more about ShapeBlue and our range of CloudStack related services
>>>
>>> IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>>> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>>> CloudStack Software Engineering<http://shapeblue.com/cloudstack-software-engineering/>
>>> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>>> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/>
>>>
>>> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
>>
>>
>
> --
> Regards,
> Rohit Yadav
> Software Architect, ShapeBlue
> M. +91 8826230892 | rohit.yadav@shapeblue.com
> Blog: bhaisaab.org | Twitter: @_bhaisaab
> Find out more about ShapeBlue and our range of CloudStack related services
>
> IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//>
> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
> CloudStack Software Engineering<http://shapeblue.com/cloudstack-software-engineering/>
> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/>
> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/>
>
> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.

Re: Cloudmonkey 5.3.0 - problems connecting with self signed certificate.

Posted by Rohit Yadav <ro...@shapeblue.com>.

Hi Yuri,

Sorry I think I missed that earlier, cloudmonkey uses requests library
to make HTTP/S requests; we pass the verifysslcert option to it. If
you've set it to false, then when making requests using "requests"
library/module we pass it false. You may check the python code and debug
why that is happening. It's a dirty fix, ideally you should make sure
you've valid SSL certificate.

Check this out for reference:
http://stackoverflow.com/questions/10667960/python-requests-throwing-up-sslerror

Lastly, can you try to upgrade requests and openssl? And share any
further details which may help fix this issue. Thanks.

On Wednesday 03 December 2014 07:17 PM, Yuri Kogun wrote:
> Thanks for reply,  Rohit
> This is exactly what I am doing, maybe it is not clear from the previous email. Below is the output from the log
>
> (local) 🐵 > set verifysslcert false(local) 🐵 > list zonesConnection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failedError Authentication failed(local) 🐵 >
>
> Below is the output from the log file:
> 2014-12-03 13:44:53,023 - cloudmonkey.py:398 - [DEBUG] Invalid command result: None2014-12-03 13:46:05,404 - cloudmonkey.py:98 - [DEBUG] Loaded config fields:['profile=local', 'asyncblock=true', 'paramcompletion=true', 'history_file=/root/.cloudmonkey/history', 'cache_file=/root/.cloudmonkey/cache', 'log_file=/root/.cloudmonkey/log', 'color=true', 'prompt=(local) \xf0\x9f\x90\xb5 > ', 'display=default', 'username=admin', 'domain=/', 'apikey=', 'url=https://192.168.56.11:6443/client/api', 'expires=600', 'secretkey=', 'timeout=3600', 'password=password', 'verifysslcert=false']2014-12-03 13:46:09,051 - requester.py:46 - [DEBUG] ======== START Request ========2014-12-03 13:46:09,053 - requester.py:46 - [DEBUG] Requesting command=listZones, args={}2014-12-03 13:46:09,079 - connectionpool.py:700 - [INFO] Starting new HTTPS connection (1): 192.168.56.112014-12-03 13:46:09,103 - requester.py:46 - [DEBUG] ======== END Request ========
> 2014-12-03 13:46:09,108 - cloudmonkey.py:398 - [DEBUG] Invalid command result: None
>
> Best regards Yuri
>> From: rohit.yadav@shapeblue.com
>> To: ykogun@outlook.com
>> CC: users@cloudstack.apache.org
>> Subject: Re: Cloudmonkey 5.3.0 - problems connecting with  self signed certificate.
>> Date: Wed, 3 Dec 2014 13:37:11 +0000
>>
>> Hi Yuri,
>>
>> For the specific server profile, there is some issue with SSL cert. You can turn off ssl cert checking in cloudmonkey using:
>>
>> set verifysslcert false
>>
>> This setting is per server profile.
>>
>> This is also documented on the wiki here, for your reference:
>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+cloudmonkey+CLI
>>
>> Hope this helps.
>>
>>> On 03-Dec-2014, at 7:00 pm, Yuri Kogun <yk...@outlook.com> wrote:
>>>
>>> I know this supposed to be fixed in 5.3.0 but it does not work for me. Can somebody point what I am doing wrong.
>>> I have fresh cloudstack 4.2.1-6 setup configured to listen on https port 6443.  When trying to connect to the server using cloudmonkey I am getting the following error
>>>
>>> ☁ Apache CloudStack 🐵 cloudmonkey 5.3.0. Type help or ? to list commands.
>>>
>>> Using management server profile: local
>>>
>>> (local) 🐵 > set url https://192.168.56.11:6443/client/api
>>> (local) 🐵 > list zones
>>> Connection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>>> Error Authentication failed
>>> (local) 🐵 > set verifysslcert False
>>> (local) 🐵 > list zones
>>> Connection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>>> Error Authentication failed
>>> (local) 🐵 >  cloudmonkey
>>>
>>>
>>> Best regards
>>> Yuri
>>
>> Regards,
>> Rohit Yadav
>> Software Architect, ShapeBlue
>> M. +91 88 262 30892 | rohit.yadav@shapeblue.com
>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>
>>
>>
>> Find out more about ShapeBlue and our range of CloudStack related services
>>
>> IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>> CloudStack Software Engineering<http://shapeblue.com/cloudstack-software-engineering/>
>> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/>
>>
>> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
>
>

--
Regards,
Rohit Yadav
Software Architect, ShapeBlue
M. +91 8826230892 | rohit.yadav@shapeblue.com
Blog: bhaisaab.org | Twitter: @_bhaisaab
Find out more about ShapeBlue and our range of CloudStack related services

IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//>
CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
CloudStack Software Engineering<http://shapeblue.com/cloudstack-software-engineering/>
CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/>
CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/>

This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.

RE: Cloudmonkey 5.3.0 - problems connecting with self signed certificate.

Posted by Yuri Kogun <yk...@outlook.com>.

Thanks for reply,  Rohit 
This is exactly what I am doing, maybe it is not clear from the previous email. Below is the output from the log 

(local) 🐵 > set verifysslcert false(local) 🐵 > list zonesConnection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failedError Authentication failed(local) 🐵 >

Below is the output from the log file:
2014-12-03 13:44:53,023 - cloudmonkey.py:398 - [DEBUG] Invalid command result: None2014-12-03 13:46:05,404 - cloudmonkey.py:98 - [DEBUG] Loaded config fields:['profile=local', 'asyncblock=true', 'paramcompletion=true', 'history_file=/root/.cloudmonkey/history', 'cache_file=/root/.cloudmonkey/cache', 'log_file=/root/.cloudmonkey/log', 'color=true', 'prompt=(local) \xf0\x9f\x90\xb5 > ', 'display=default', 'username=admin', 'domain=/', 'apikey=', 'url=https://192.168.56.11:6443/client/api', 'expires=600', 'secretkey=', 'timeout=3600', 'password=password', 'verifysslcert=false']2014-12-03 13:46:09,051 - requester.py:46 - [DEBUG] ======== START Request ========2014-12-03 13:46:09,053 - requester.py:46 - [DEBUG] Requesting command=listZones, args={}2014-12-03 13:46:09,079 - connectionpool.py:700 - [INFO] Starting new HTTPS connection (1): 192.168.56.112014-12-03 13:46:09,103 - requester.py:46 - [DEBUG] ======== END Request ========
2014-12-03 13:46:09,108 - cloudmonkey.py:398 - [DEBUG] Invalid command result: None

Best regards Yuri
> From: rohit.yadav@shapeblue.com
> To: ykogun@outlook.com
> CC: users@cloudstack.apache.org
> Subject: Re: Cloudmonkey 5.3.0 - problems connecting with  self signed certificate.
> Date: Wed, 3 Dec 2014 13:37:11 +0000
> 
> Hi Yuri,
> 
> For the specific server profile, there is some issue with SSL cert. You can turn off ssl cert checking in cloudmonkey using:
> 
> set verifysslcert false
> 
> This setting is per server profile.
> 
> This is also documented on the wiki here, for your reference:
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+cloudmonkey+CLI
> 
> Hope this helps.
> 
> > On 03-Dec-2014, at 7:00 pm, Yuri Kogun <yk...@outlook.com> wrote:
> >
> > I know this supposed to be fixed in 5.3.0 but it does not work for me. Can somebody point what I am doing wrong.
> > I have fresh cloudstack 4.2.1-6 setup configured to listen on https port 6443.  When trying to connect to the server using cloudmonkey I am getting the following error
> >
> > ☁ Apache CloudStack 🐵 cloudmonkey 5.3.0. Type help or ? to list commands.
> >
> > Using management server profile: local
> >
> > (local) 🐵 > set url https://192.168.56.11:6443/client/api
> > (local) 🐵 > list zones
> > Connection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> > Error Authentication failed
> > (local) 🐵 > set verifysslcert False
> > (local) 🐵 > list zones
> > Connection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> > Error Authentication failed
> > (local) 🐵 >  cloudmonkey
> >
> >
> > Best regards
> > Yuri
> 
> Regards,
> Rohit Yadav
> Software Architect, ShapeBlue
> M. +91 88 262 30892 | rohit.yadav@shapeblue.com
> Blog: bhaisaab.org | Twitter: @_bhaisaab
> 
> 
> 
> Find out more about ShapeBlue and our range of CloudStack related services
> 
> IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//>
> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
> CloudStack Software Engineering<http://shapeblue.com/cloudstack-software-engineering/>
> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/>
> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/>
> 
> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.

Re: Cloudmonkey 5.3.0 - problems connecting with self signed certificate.

Posted by Rohit Yadav <ro...@shapeblue.com>.

Hi Yuri,

For the specific server profile, there is some issue with SSL cert. You can turn off ssl cert checking in cloudmonkey using:

set verifysslcert false

This setting is per server profile.

This is also documented on the wiki here, for your reference:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+cloudmonkey+CLI

Hope this helps.

> On 03-Dec-2014, at 7:00 pm, Yuri Kogun <yk...@outlook.com> wrote:
>
> I know this supposed to be fixed in 5.3.0 but it does not work for me. Can somebody point what I am doing wrong.
> I have fresh cloudstack 4.2.1-6 setup configured to listen on https port 6443.  When trying to connect to the server using cloudmonkey I am getting the following error
>
> ☁ Apache CloudStack 🐵 cloudmonkey 5.3.0. Type help or ? to list commands.
>
> Using management server profile: local
>
> (local) 🐵 > set url https://192.168.56.11:6443/client/api
> (local) 🐵 > list zones
> Connection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> Error Authentication failed
> (local) 🐵 > set verifysslcert False
> (local) 🐵 > list zones
> Connection refused by server: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> Error Authentication failed
> (local) 🐵 >  cloudmonkey
>
>
> Best regards
> Yuri

Regards,
Rohit Yadav
Software Architect, ShapeBlue
M. +91 88 262 30892 | rohit.yadav@shapeblue.com
Blog: bhaisaab.org | Twitter: @_bhaisaab

Find out more about ShapeBlue and our range of CloudStack related services

IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//>
CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
CloudStack Software Engineering<http://shapeblue.com/cloudstack-software-engineering/>
CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/>
CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/>

This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.