search

HewlettPackard / POSH-HPEOneView

PowerShell language bindings library for HPE OneView.
http://hewlettpackard.github.io/POSH-HPEOneView/
125 stars 52 forks source link

Connect-OVMgmt 8.50 failure #670

Closed dmoroney closed 5 months ago

dmoroney commented 6 months ago

Expected Behavior

the code in Steps to Reproduce successfully connects using HPEOneView.830 and HPEOneView.840

Actual Behavior

$Connection = Connect-OVMgmt @parameters
     |                ~~~~~~~~~~~~~~~~~~~~~~~~~~
     | [Send-OVRequest]: The specified API version is not valid. Check the value of the X-API-Version header, then resend the request.

Steps to Reproduce

#!/usr/bin/env pwsh

#Requires -Version 7.3
#Requires -Modules @{ ModuleName="TUN.CredentialManager"; ModuleVersion="3.0" }
#Requires -Modules @{ ModuleName="HPEOneView.850"; ModuleVersion="8.50" }

$cred = Get-StoredCredential -Target SynergyOneView
try   { $null = $cred.GetNetworkCredential() }
catch {
    Write-Error "WCM ERROR: invalid or missing WCM credentials"
    exit
}

$parameters = @{
    Hostname = 'RedactedFqdn';
    Credential = $cred;
    LoginAcknowledge = $true;
}

[HPEOneView.PKI.SslValidation]::IgnoreCertErrors = $false
[HPEOneView.Config]::EnableVerbose = $true
[HPEOneView.Config]::EnableDebug = $true

Write-Host "connecting..." -NoNewline
$Connection = Connect-OVMgmt @parameters
Write-Host "success"

Write-Host "disconnecting..." -NoNewline
Disconnect-OVMgmt -Hostname $Connection
Write-Host "success"

exit

Generated Output

VERBOSE: [HPEOneView.Utilities.Net.RestClient] URI: https://RedactedFqdn/rest/version
VERBOSE: [HPEOneView.Utilities.Net.RestClient] Method: GET
VERBOSE: [HPEOneView.Utilities.Net.RestClient] XApiVersion: 5600
VERBOSE: [[HPEOneView.PKI.SslValidator]::SslValidation()] Enforcing TLS1.2 only for [System.Net.ServicePointManager.SecurityProtocol].
VERBOSE: [[HPEOneView.Utilities.Net]::RestClient()] Default 20 seconds timeout for WebRequest.
VERBOSE: [[HPEOneView.Utilities.Net]::RestClient()] Checking for system proxy and if URI is in BypassProxyOnLocal list.
VERBOSE: [[HPEOneView.Utilities.Net]::RestClient()] Proxy will be used
VERBOSE: [[HPEOneView.PKI.SslValidator]::CertificateValidationCallBack()] Starting callback verification.
VERBOSE: [[HPEOneView.PKI.SslValidator]::CertificateValidationCallBack()] Certificate:  [Subject]
  CN=RedactedFqdn, O=Hewlett Packard Enterprise, L=Palo Alto, S=California, C=US

[Issuer]
  CN=RedactedFqdn, O=Hewlett Packard Enterprise, L=Palo Alto, S=California, C=US

[Serial Number]
  0D30

[Not Before]
  2021-09-07 11:18:03 AM

[Not After]
  2031-09-08 11:18:03 AM

[Thumbprint]
  D309B7883E0D5BDD1BD337B6FAE0CE078729521C

VERBOSE: [[HPEOneView.PKI.SslValidator]::CertificateValidationCallBack()] Host: 'RedactedFqdn'
VERBOSE: [[HPEOneView.PKI.SslValidator]::IsTrustedHost()] Looking for 'RedactedFqdn' within TrustedHosts dictionary.
VERBOSE: [[HPEOneView.PKI.SslValidator]::IsTrustedHost()] In TrustedHosts dictionary: 'False'
VERBOSE: [[HPEOneView.PKI.SslValidator]::CertificateValidationCallBack()] Cert has chain errors.
VERBOSE: [[HPEOneView.PKI.SslValidator]::CertificateValidationCallBack()] Processing 'UntrustedRoot' chain status.
DEBUG: [[HPEOneView.PKI.SslValidator]::ParseSubjectAlternativeName()] Init parse SAN from certificate.
DEBUG: [[HPEOneView.PKI.SslValidator]::ParseSubjectAlternativeName()] Certificate contains Subject Alternative Names. Parsing.       
DEBUG: [[HPEOneView.PKI.SslValidator]::ParseSubjectAlternativeName()] Adding 'RedactedFqdn' to collection.
DEBUG: [[HPEOneView.PKI.SslValidator]::ParseSubjectAlternativeName()] Adding 'RedactedHostName' to collection.
DEBUG: [[HPEOneView.PKI.SslValidator]::ParseSubjectAlternativeName()] Adding 'RedactedIPv4Address' to collection.
DEBUG: [[HPEOneView.PKI.SslValidator]::ParseSubjectAlternativeName()] Adding 'RedactedIPv6Address' to collection.
VERBOSE: [[HPEOneView.PKI.SslValidator]::CertificateValidationCallBack()] SAN contains host: True
VERBOSE: [[HPEOneView.PKI.SslValidator]::CertificateValidationCallBack()] Cert is self-signed, and untrusted.
VERBOSE: [[HPEOneView.PKI.SslValidator]::CertificateValidationCallBack()] Trusting Cert with no further chain errors.
VERBOSE: [[HPEOneView.Library.ConnectedSessionsList]::RemoveConnection()] Removing host RedactedFqdn from collection.
VERBOSE: [[HPEOneView.Library.ConnectedSessionsList]::RemoveConnection()] Calling to remove host RedactedFqdn from TrustedHost collection.
VERBOSE: [[HPEOneView.PKI.SslValidator]::RemoveTrustedHost()] Host RedactedFqdn does not exist in TrustedHosts collection.
Connect-OVMgmt: .\test-connection.ps1:24:15
Line |
  24 |  $Connection = Connect-OVMgmt @parameters
     |                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | [Send-OVRequest]: The specified API version is not valid. Check the value of the X-API-Version header, then resend the request.

Version Information

$PSLibraryVersion

LibraryVersion Path
-------------- ----
8.50.3667.2043 C:\Users\redacted\Documents\PowerShell\Modules\HPEOneView.850\8.50.3667.2043

$PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.4.1
PSEdition                      Core
GitCommitId                    7.4.1
OS                             Microsoft Windows 10.0.19045    
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0
VincentBerger commented 6 months ago

You cannot use a OneView PowerShell library version that is higher than the version number of the OneView appliance you want to connect to. Since you say it works with library versions 8.30 and 8.40, you're likely trying to connect to a OneView appliance version 8.40, so you cannot use a OneView library version > 8.40

dmoroney commented 6 months ago

Confirmed. Revised the code to catch the API mis-match condition.

#!/usr/bin/env pwsh

#Requires -Version 7.3
#Requires -Modules @{ ModuleName="TUN.CredentialManager"; ModuleVersion="3.0" }
# remove the 'Nulled' string below to make this Requires take effect
#NulledRequires -Modules @{ ModuleName="HPEOneView.840"; ModuleVersion="8.40" }

$cred = Get-StoredCredential -Target SynergyOneView
try   {
    $null = $cred.GetNetworkCredential()
}
catch {
    Write-Error "WCM ERROR: invalid or missing WCM credentials"
    exit
}

$parameters = @{
    Hostname = 'RedactedFqdn'
    Credential = $cred
    LoginAcknowledge = $true
}

[HPEOneView.Config]::EnableVerbose = $false
[HPEOneView.Config]::EnableDebug = $false

Write-Host "Current installed OneView Library"
$LibraryVersion = Get-OVVersion
Write-Host "LibraryVersion: $($LibraryVersion.LibraryVersion)`n"

$ExtraInformation = "if this is a X-API-Version error, then it is likely the Library and Appliance Versions are mis-matched. The #Requires statement here can be used to avoid this problem."

Write-Host "connecting to $($parameters.Hostname)..." -NoNewline
try   {
    $Connection = Connect-OVMgmt @parameters 6> $null
}
catch {
    Write-Host "`n"$_.Exception.Message -f red
    Write-Host "$ExtraInformation`n" -f Yellow
    exit
}
Write-Host "success"

# information that requires a prior working connection...
Write-Host "getting the OneView Appliance version..." -NoNewline
$ApplianceVersion = Get-OVVersion -ApplianceVer
Write-Host "success.`n$($ApplianceVersion.$($parameters.Hostname)) X-API-Version: $($ApplianceVersion.$($parameters.Hostname).XApiVersion)"

Write-Host "disconnecting..." -NoNewline
Disconnect-OVMgmt -Hostname $Connection
Write-Host "success`n"
exit