Closed wkoszek closed 7 years ago
@wkoszek I'm ok merging this in if it does not break the current behaviour. In case we do reach the ssl goal, we can do a release candidate and let it sit in there for a while before release a major version including this change. =)
@NeilHanlon maybe you want to test this? :)
@mmoll yeah I more or less have the same thing monkey patched at work. I will verify this tomorrow in the office.
(Now only if github could send me reminders....)
How did you guys use/test it before? Over HTTP?
I'm going to make the fixes, and re-test. The port
thing is a bug.
I think the patching is super ugly, but I don't see any other way to fix that, unless we fix 'ruby/xmlrpc' to pass the "don't validate the cert" flag.
So for now I think I'll just enable that is use_ssl
is set to 1
@plribeiro3000 Fixed the port
assignment bug, thanks. The logic of the code is follows:
use_ssl
== true
: enable SSL, normal SSL certificate validation
use_ssl
== false
: no SSL
use_ssl
== -1: enable SSL, patched workaround for ignoring exception for self-signed cert.
I've tested with this repo: https://github.com/bvox/fog-xenserver-examples with list_vm_ips.rb
modified:
require 'fog'
require 'pp'
conn = Fog::Compute.new({
:provider => 'XenServer',
:xenserver_url => 'my.host',
:xenserver_use_ssl => -1,
:xenserver_port => 443,
:xenserver_username => 'root',
:xenserver_password => 'mypass',
:xenserver_defaults => {
:template => "squeeze-test"
}
})
conn.servers.each do |vm|
pp vm.name
if vm.tools_installed?
vm.guest_metrics.networks.each do |k,v|
puts v
end
end
end
@NeilHanlon Any chance you could give that a shot?
fwiw, I do the following. But I'm happy for any solution that fixes and will be happy to test
require 'xmlrpc/client'
class XMLRPC::Client
# WEAK: Enrich the Client with a method for disabling SSL VERIFICATION
# See /usr/lib/ruby/1.9.1/xmlrpc/client.rb:324
# Bad hack but it works
def disable_ssl_verification
@http.verify_mode = OpenSSL::SSL::VERIFY_NONE
warn "Proxyman SSL Verification disabled"
end
end
module Fog
module XenServer
class Connection
attr_reader :credentials
def initialize(host, timeout)
#have to pass all these to allow SSL
@factory = XMLRPC::Client.new(host, "/", 443, nil, nil, nil, nil, true)
@factory.set_parser(NokogiriStreamParser.new)
@factory.disable_ssl_verification
@factory.timeout = timeout
end
in lib/fog/xen_server/connection.rb
@wkoszek @NeilHanlon Do we have a link of this issue in XMLRPC
?
Just so we can link this to the other and then bring more people with deep knowledge about XMLRPC
to this conversation?
@plribeiro3000 The ruby/xmlrpc
repo https://github.com/ruby/xmlrpc doesn't have GitHub Issues enabled. I've asked guys from IRC on #ruby to see if I should report it at ruby/ruby
, but nobody knew.
I've pinged an author of ruby/xmlrpc
via e-mail.
@hsbt Ping :-)
@wkoszek Nice. =)
I just want to make sure this is indeed a bug and not a design decision. Once we know this it will be easier to figure out the best course to solve this. =)
Ok. Sounds good.
@plribeiro3000 I've pushed a fix suggested by @hstb
@plribeiro3000 I've pushed the change, bundle install
and rake test
and it seems to work:
Finished in 1.505997 seconds.
423 tests, 423 passed, 0 failures, 0 errors, 0 skips, 428 assertions
and my stuff seems to work as well--I'm able to list VMs on my Xenserver machine.
@plribeiro3000 ping :)
Hey @wkoszek . Sorry for the delay. =)
Taking a look now!
Thats way better. Thanks for your efforts and patience on this. 👍
@wkoszek Would you add an example on the README please?
@plribeiro3000 @NeilHanlon @mmoll Do you guys have any snippets that you actively use for this, where e.g.: from the command line you go from 0 to Ubuntu 14.04 or FreeBSD 10+ VM running on XenServer?
I'd love to grab those and (a) steal them from you (b) bring examples to README.md
@wkoszek I don't use xen personally, but I hope that @NeilHanlon can use the current code in master to patch theforeman/foreman-xen and maybe that can lead to an example for the README.
Is anyone working on this? theforeman/foreman-xen seems unusable
@bdonnahue This was merged and release already.
If you feel like something is not working as expected or broken, plz open a new issue with a backtrace of your error so someone can check it out. Thanks!
The expectation is to use http:// URL for connecting. I want to use HTTPS for this. Below change adds the support for this.
== Unfortunately my XenServer is coming with a self-signed certificate, which breaks XMLRPC::Client, so I can't really test that. With this, XMLRPC fails deep down in it's call graph. I'm testing with this line:
put in the
initialize
inlib/fog/xen_server/connection.rb
, so that cert isn't checked.If we could commit the change from below, and (maybe?) add a conditional work-around for the self-signed problem, that would be great.