You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Prasanna Santhanam <ts...@apache.org> on 2013/10/03 06:22:00 UTC
Re: marvin over https
On Thu, Sep 26, 2013 at 04:21:38PM +0200, Daan Hoogland wrote:
> H,
>
> I have some trouble getting marvin to connect to cloudstack over https.
> I am supposing the following should work
> conn = cloudConnection(mgmtip, apiKey=apikey,
> securityKey=secretkey, logging=log, port=443, scheme="https")
> lz = listZones.listZonesCmd()
> conn.marvin_request(lz)
>
> is this a valid assumption?
>
> I can browse to the https://<mgmtip>/client/ and login to retrieve the
> keys used, but on running the code above i get
>
> requests.exceptions.ConnectionError:
> HTTPSConnectionPool(host='10.200.23.16', port=443): Max retries
> exceeded with url:
> /client/api?apiKey=JGvIQPeIVsbgEhVC3shZ51r9buYwClB4ToJZX9Cxs9e3NZbRoJLNyANnWEKgsmgt1uoF_eLdL31GHMwcss6Zyw&command=listZones&signature=KL93r9GYIr6%2FRcbNHuaOj3jUF6o%3D&response=json
> (Caused by <class 'socket.error'>: [Errno 111] Connection refused)
In the loglevel() method in CloudConnection.py, switch the logging to
logging.DEBUG. That will spew out more verbose logging as to what's
happening here.
I've never tried it on an https enabled cloudstack so there might be a
bug. Does cloudmonkey work for you on this endpoint? If yes, then I
don't see why marvin shouldn't. Both use the same request mechanism.
>
> I am not sure where to look. at marvin, httprequest or the setup of my
> env. Hints?
>
> thanks,
> Daan
--
Prasanna.,
------------------------
Powered by BigRock.com
Re: marvin over https
Posted by Daan Hoogland <da...@gmail.com>.
i made an issue for form
https://issues.apache.org/jira/browse/CLOUDSTACK-4832
implemented the simple solution and
commit 10938612cc9f518e254f8756581548eeb52913b4 contains the hack
thanks,
Daan
On Tue, Oct 8, 2013 at 4:23 PM, Prasanna Santhanam <ts...@apache.org> wrote:
> Ok, this is a bug. requests lib is verifying SSL by default while
> cloudmonkey is probably ignoring SSL. There are two options
>
> 1) Fix marvin to accept SSL while detecting your default certs in
> /etc/ssl/certs? Or use an env variable
> 2) Ignore SSL auth from marvin.
>
> Can you please file a bug report? It should be a simple fix, so you
> can run with it or I'll get to it tomorrow.
>
> Ref:
> http://www.python-requests.org/en/latest/user/advanced/#ssl-cert-verification
>
>
> On Tue, Oct 08, 2013 at 04:14:46PM +0200, Daan Hoogland wrote:
> > H Prasanna,
> >
> > $ ./zoneCommand.py
> > Traceback (most recent call last):
> > File "./zoneCommand.py", line 91, in <module>
> > print "zones: " + repr(blub.listZones(conn))
> > File "./zoneCommand.py", line 42, in listZones
> > resp = conn.marvin_request(lz)
> > File "/usr/lib/python2.7/site-packages/marvin/cloudstackConnection.py",
> > line 218, in marvin_request
> > cmdname, self.auth, payload=payload, method=method)
> > File "/usr/lib/python2.7/site-packages/marvin/cloudstackConnection.py",
> > line 153, in request
> > raise c
> > requests.exceptions.SSLError: [Errno 1] _ssl.c:508: error:14090086:SSL
> > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> >
> > This is using the keys that are also used by cloudmonkey
> >
> > any hint?
> > Daan
> >
> >
> > On Tue, Oct 8, 2013 at 2:31 PM, Daan Hoogland <daan.hoogland@gmail.com
> >wrote:
> >
> > > H Prasanne,
> > >
> > > I didn't get around this bit a few days.
> > >
> > > Cloudmonkey works throught the same connection. I will find some time
> the
> > > coming days to test this with debug enabled marvin.
> > >
> > > regards,
> > > Daan
> > >
> > >
> > > On Thu, Oct 3, 2013 at 6:22 AM, Prasanna Santhanam <ts...@apache.org>
> wrote:
> > >
> > >> On Thu, Sep 26, 2013 at 04:21:38PM +0200, Daan Hoogland wrote:
> > >> > H,
> > >> >
> > >> > I have some trouble getting marvin to connect to cloudstack over
> https.
> > >> > I am supposing the following should work
> > >> > conn = cloudConnection(mgmtip, apiKey=apikey,
> > >> > securityKey=secretkey, logging=log, port=443, scheme="https")
> > >> > lz = listZones.listZonesCmd()
> > >> > conn.marvin_request(lz)
> > >> >
> > >> > is this a valid assumption?
> > >> >
> > >> > I can browse to the https://<mgmtip>/client/ and login to retrieve
> the
> > >> > keys used, but on running the code above i get
> > >> >
> > >> > requests.exceptions.ConnectionError:
> > >> > HTTPSConnectionPool(host='10.200.23.16', port=443): Max retries
> > >> > exceeded with url:
> > >> >
> > >>
> /client/api?apiKey=JGvIQPeIVsbgEhVC3shZ51r9buYwClB4ToJZX9Cxs9e3NZbRoJLNyANnWEKgsmgt1uoF_eLdL31GHMwcss6Zyw&command=listZones&signature=KL93r9GYIr6%2FRcbNHuaOj3jUF6o%3D&response=json
> > >> > (Caused by <class 'socket.error'>: [Errno 111] Connection refused)
> > >>
> > >> In the loglevel() method in CloudConnection.py, switch the logging to
> > >> logging.DEBUG. That will spew out more verbose logging as to what's
> > >> happening here.
> > >>
> > >> I've never tried it on an https enabled cloudstack so there might be a
> > >> bug. Does cloudmonkey work for you on this endpoint? If yes, then I
> > >> don't see why marvin shouldn't. Both use the same request mechanism.
> > >>
> > >> >
> > >> > I am not sure where to look. at marvin, httprequest or the setup of
> my
> > >> > env. Hints?
> > >> >
> > >> > thanks,
> > >> > Daan
> > >>
> > >> --
> > >> Prasanna.,
> > >>
> > >> ------------------------
> > >> Powered by BigRock.com
> > >>
> > >>
> > >
>
> --
> Prasanna.,
>
> ------------------------
> Powered by BigRock.com
>
>
Re: marvin over https
Posted by Prasanna Santhanam <ts...@apache.org>.
Ok, this is a bug. requests lib is verifying SSL by default while
cloudmonkey is probably ignoring SSL. There are two options
1) Fix marvin to accept SSL while detecting your default certs in
/etc/ssl/certs? Or use an env variable
2) Ignore SSL auth from marvin.
Can you please file a bug report? It should be a simple fix, so you
can run with it or I'll get to it tomorrow.
Ref: http://www.python-requests.org/en/latest/user/advanced/#ssl-cert-verification
On Tue, Oct 08, 2013 at 04:14:46PM +0200, Daan Hoogland wrote:
> H Prasanna,
>
> $ ./zoneCommand.py
> Traceback (most recent call last):
> File "./zoneCommand.py", line 91, in <module>
> print "zones: " + repr(blub.listZones(conn))
> File "./zoneCommand.py", line 42, in listZones
> resp = conn.marvin_request(lz)
> File "/usr/lib/python2.7/site-packages/marvin/cloudstackConnection.py",
> line 218, in marvin_request
> cmdname, self.auth, payload=payload, method=method)
> File "/usr/lib/python2.7/site-packages/marvin/cloudstackConnection.py",
> line 153, in request
> raise c
> requests.exceptions.SSLError: [Errno 1] _ssl.c:508: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>
> This is using the keys that are also used by cloudmonkey
>
> any hint?
> Daan
>
>
> On Tue, Oct 8, 2013 at 2:31 PM, Daan Hoogland <da...@gmail.com>wrote:
>
> > H Prasanne,
> >
> > I didn't get around this bit a few days.
> >
> > Cloudmonkey works throught the same connection. I will find some time the
> > coming days to test this with debug enabled marvin.
> >
> > regards,
> > Daan
> >
> >
> > On Thu, Oct 3, 2013 at 6:22 AM, Prasanna Santhanam <ts...@apache.org> wrote:
> >
> >> On Thu, Sep 26, 2013 at 04:21:38PM +0200, Daan Hoogland wrote:
> >> > H,
> >> >
> >> > I have some trouble getting marvin to connect to cloudstack over https.
> >> > I am supposing the following should work
> >> > conn = cloudConnection(mgmtip, apiKey=apikey,
> >> > securityKey=secretkey, logging=log, port=443, scheme="https")
> >> > lz = listZones.listZonesCmd()
> >> > conn.marvin_request(lz)
> >> >
> >> > is this a valid assumption?
> >> >
> >> > I can browse to the https://<mgmtip>/client/ and login to retrieve the
> >> > keys used, but on running the code above i get
> >> >
> >> > requests.exceptions.ConnectionError:
> >> > HTTPSConnectionPool(host='10.200.23.16', port=443): Max retries
> >> > exceeded with url:
> >> >
> >> /client/api?apiKey=JGvIQPeIVsbgEhVC3shZ51r9buYwClB4ToJZX9Cxs9e3NZbRoJLNyANnWEKgsmgt1uoF_eLdL31GHMwcss6Zyw&command=listZones&signature=KL93r9GYIr6%2FRcbNHuaOj3jUF6o%3D&response=json
> >> > (Caused by <class 'socket.error'>: [Errno 111] Connection refused)
> >>
> >> In the loglevel() method in CloudConnection.py, switch the logging to
> >> logging.DEBUG. That will spew out more verbose logging as to what's
> >> happening here.
> >>
> >> I've never tried it on an https enabled cloudstack so there might be a
> >> bug. Does cloudmonkey work for you on this endpoint? If yes, then I
> >> don't see why marvin shouldn't. Both use the same request mechanism.
> >>
> >> >
> >> > I am not sure where to look. at marvin, httprequest or the setup of my
> >> > env. Hints?
> >> >
> >> > thanks,
> >> > Daan
> >>
> >> --
> >> Prasanna.,
> >>
> >> ------------------------
> >> Powered by BigRock.com
> >>
> >>
> >
--
Prasanna.,
------------------------
Powered by BigRock.com
Re: marvin over https
Posted by Daan Hoogland <da...@gmail.com>.
H Prasanna,
$ ./zoneCommand.py
Traceback (most recent call last):
File "./zoneCommand.py", line 91, in <module>
print "zones: " + repr(blub.listZones(conn))
File "./zoneCommand.py", line 42, in listZones
resp = conn.marvin_request(lz)
File "/usr/lib/python2.7/site-packages/marvin/cloudstackConnection.py",
line 218, in marvin_request
cmdname, self.auth, payload=payload, method=method)
File "/usr/lib/python2.7/site-packages/marvin/cloudstackConnection.py",
line 153, in request
raise c
requests.exceptions.SSLError: [Errno 1] _ssl.c:508: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
This is using the keys that are also used by cloudmonkey
any hint?
Daan
On Tue, Oct 8, 2013 at 2:31 PM, Daan Hoogland <da...@gmail.com>wrote:
> H Prasanne,
>
> I didn't get around this bit a few days.
>
> Cloudmonkey works throught the same connection. I will find some time the
> coming days to test this with debug enabled marvin.
>
> regards,
> Daan
>
>
> On Thu, Oct 3, 2013 at 6:22 AM, Prasanna Santhanam <ts...@apache.org> wrote:
>
>> On Thu, Sep 26, 2013 at 04:21:38PM +0200, Daan Hoogland wrote:
>> > H,
>> >
>> > I have some trouble getting marvin to connect to cloudstack over https.
>> > I am supposing the following should work
>> > conn = cloudConnection(mgmtip, apiKey=apikey,
>> > securityKey=secretkey, logging=log, port=443, scheme="https")
>> > lz = listZones.listZonesCmd()
>> > conn.marvin_request(lz)
>> >
>> > is this a valid assumption?
>> >
>> > I can browse to the https://<mgmtip>/client/ and login to retrieve the
>> > keys used, but on running the code above i get
>> >
>> > requests.exceptions.ConnectionError:
>> > HTTPSConnectionPool(host='10.200.23.16', port=443): Max retries
>> > exceeded with url:
>> >
>> /client/api?apiKey=JGvIQPeIVsbgEhVC3shZ51r9buYwClB4ToJZX9Cxs9e3NZbRoJLNyANnWEKgsmgt1uoF_eLdL31GHMwcss6Zyw&command=listZones&signature=KL93r9GYIr6%2FRcbNHuaOj3jUF6o%3D&response=json
>> > (Caused by <class 'socket.error'>: [Errno 111] Connection refused)
>>
>> In the loglevel() method in CloudConnection.py, switch the logging to
>> logging.DEBUG. That will spew out more verbose logging as to what's
>> happening here.
>>
>> I've never tried it on an https enabled cloudstack so there might be a
>> bug. Does cloudmonkey work for you on this endpoint? If yes, then I
>> don't see why marvin shouldn't. Both use the same request mechanism.
>>
>> >
>> > I am not sure where to look. at marvin, httprequest or the setup of my
>> > env. Hints?
>> >
>> > thanks,
>> > Daan
>>
>> --
>> Prasanna.,
>>
>> ------------------------
>> Powered by BigRock.com
>>
>>
>
Re: marvin over https
Posted by Daan Hoogland <da...@gmail.com>.
H Prasanne,
I didn't get around this bit a few days.
Cloudmonkey works throught the same connection. I will find some time the
coming days to test this with debug enabled marvin.
regards,
Daan
On Thu, Oct 3, 2013 at 6:22 AM, Prasanna Santhanam <ts...@apache.org> wrote:
> On Thu, Sep 26, 2013 at 04:21:38PM +0200, Daan Hoogland wrote:
> > H,
> >
> > I have some trouble getting marvin to connect to cloudstack over https.
> > I am supposing the following should work
> > conn = cloudConnection(mgmtip, apiKey=apikey,
> > securityKey=secretkey, logging=log, port=443, scheme="https")
> > lz = listZones.listZonesCmd()
> > conn.marvin_request(lz)
> >
> > is this a valid assumption?
> >
> > I can browse to the https://<mgmtip>/client/ and login to retrieve the
> > keys used, but on running the code above i get
> >
> > requests.exceptions.ConnectionError:
> > HTTPSConnectionPool(host='10.200.23.16', port=443): Max retries
> > exceeded with url:
> >
> /client/api?apiKey=JGvIQPeIVsbgEhVC3shZ51r9buYwClB4ToJZX9Cxs9e3NZbRoJLNyANnWEKgsmgt1uoF_eLdL31GHMwcss6Zyw&command=listZones&signature=KL93r9GYIr6%2FRcbNHuaOj3jUF6o%3D&response=json
> > (Caused by <class 'socket.error'>: [Errno 111] Connection refused)
>
> In the loglevel() method in CloudConnection.py, switch the logging to
> logging.DEBUG. That will spew out more verbose logging as to what's
> happening here.
>
> I've never tried it on an https enabled cloudstack so there might be a
> bug. Does cloudmonkey work for you on this endpoint? If yes, then I
> don't see why marvin shouldn't. Both use the same request mechanism.
>
> >
> > I am not sure where to look. at marvin, httprequest or the setup of my
> > env. Hints?
> >
> > thanks,
> > Daan
>
> --
> Prasanna.,
>
> ------------------------
> Powered by BigRock.com
>
>