Bring the SSL support (take 2)

[wkoszek]

The expectation is to use http:// URL for connecting. I want to use HTTPS for this. Below change adds the support for this.

== Unfortunately my XenServer is coming with a self-signed certificate, which breaks XMLRPC::Client, so I can't really test that. With this, XMLRPC fails deep down in it's call graph. I'm testing with this line:

@factory.instance_variable_get(:@http).instance_variable_set(:@verify_mode, OpenSSL::SSL::VERIFY_NONE)

put in the initialize in lib/fog/xen_server/connection.rb, so that cert isn't checked.

If we could commit the change from below, and (maybe?) add a conditional work-around for the self-signed problem, that would be great.

[coveralls]

Coverage increased (+0.007%) to 94.085% when pulling 8dad45ddf358ccac5ced0bf728a29c932edfa3b6 on wkoszek:master into e1c23293d4f7959453cafb79ef631ec6d63abde7 on fog:master.

[plribeiro3000]

@wkoszek I'm ok merging this in if it does not break the current behaviour. In case we do reach the ssl goal, we can do a release candidate and let it sit in there for a while before release a major version including this change. =)

[mmoll]

@NeilHanlon maybe you want to test this? :)

[NeilHanlon]

@mmoll yeah I more or less have the same thing monkey patched at work. I will verify this tomorrow in the office.

(Now only if github could send me reminders....)

[wkoszek]

How did you guys use/test it before? Over HTTP?

I'm going to make the fixes, and re-test. The port thing is a bug.

I think the patching is super ugly, but I don't see any other way to fix that, unless we fix 'ruby/xmlrpc' to pass the "don't validate the cert" flag.

So for now I think I'll just enable that is use_ssl is set to 1

[wkoszek]

@plribeiro3000 Fixed the port assignment bug, thanks. The logic of the code is follows:

use_ssl == true: enable SSL, normal SSL certificate validation use_ssl == false: no SSL use_ssl == -1: enable SSL, patched workaround for ignoring exception for self-signed cert.

I've tested with this repo: https://github.com/bvox/fog-xenserver-examples with list_vm_ips.rb modified:

require 'fog'
require 'pp'

conn = Fog::Compute.new({
  :provider => 'XenServer',
  :xenserver_url => 'my.host',
  :xenserver_use_ssl => -1,
  :xenserver_port => 443,
  :xenserver_username => 'root',
  :xenserver_password => 'mypass',
  :xenserver_defaults => {
    :template => "squeeze-test"
  }
})

conn.servers.each do |vm|
  pp vm.name
  if vm.tools_installed?
    vm.guest_metrics.networks.each do |k,v|
      puts v
    end
  end
end

@NeilHanlon Any chance you could give that a shot?

[coveralls]

Coverage increased (+0.007%) to 94.085% when pulling 765ed87d06a83fddc60af2a9bc29e1a139503339 on wkoszek:master into e1c23293d4f7959453cafb79ef631ec6d63abde7 on fog:master.

[coveralls]

Coverage increased (+0.007%) to 94.085% when pulling 765ed87d06a83fddc60af2a9bc29e1a139503339 on wkoszek:master into e1c23293d4f7959453cafb79ef631ec6d63abde7 on fog:master.

[NeilHanlon]

fwiw, I do the following. But I'm happy for any solution that fixes and will be happy to test

require 'xmlrpc/client'

class XMLRPC::Client
  # WEAK: Enrich the Client with a method for disabling SSL VERIFICATION
  # See /usr/lib/ruby/1.9.1/xmlrpc/client.rb:324
  # Bad hack but it works
  def disable_ssl_verification
    @http.verify_mode = OpenSSL::SSL::VERIFY_NONE
    warn "Proxyman SSL Verification disabled"
  end
end

module Fog
  module XenServer
    class Connection
      attr_reader :credentials

      def initialize(host, timeout)
        #have to pass all these to allow SSL
        @factory = XMLRPC::Client.new(host, "/", 443, nil, nil, nil, nil, true)
        @factory.set_parser(NokogiriStreamParser.new)
        @factory.disable_ssl_verification
        @factory.timeout = timeout
      end

in lib/fog/xen_server/connection.rb

[plribeiro3000]

@wkoszek @NeilHanlon Do we have a link of this issue in XMLRPC?

Just so we can link this to the other and then bring more people with deep knowledge about XMLRPC to this conversation?

[wkoszek]

@plribeiro3000 The ruby/xmlrpc repo https://github.com/ruby/xmlrpc doesn't have GitHub Issues enabled. I've asked guys from IRC on #ruby to see if I should report it at ruby/ruby, but nobody knew.

I've pinged an author of ruby/xmlrpc via e-mail.

@hsbt Ping :-)

[plribeiro3000]

@wkoszek Nice. =)

I just want to make sure this is indeed a bug and not a design decision. Once we know this it will be easier to figure out the best course to solve this. =)

[wkoszek]

Ok. Sounds good.

[wkoszek]

@plribeiro3000 I've pushed a fix suggested by @hstb

[coveralls]

Coverage increased (+0.007%) to 94.085% when pulling 9cc90f398f607fd39f9498a0eb9698765b1a14d1 on wkoszek:master into e1c23293d4f7959453cafb79ef631ec6d63abde7 on fog:master.

[wkoszek]

@plribeiro3000 I've pushed the change, bundle install and rake test and it seems to work:

Finished in 1.505997 seconds.
423 tests, 423 passed, 0 failures, 0 errors, 0 skips, 428 assertions

and my stuff seems to work as well--I'm able to list VMs on my Xenserver machine.

[coveralls]

Coverage increased (+0.01%) to 94.089% when pulling 03cf184dfe7a5c4106acc330838bf0cec38a4237 on wkoszek:master into e1c23293d4f7959453cafb79ef631ec6d63abde7 on fog:master.

[wkoszek]

@plribeiro3000 ping :)

[plribeiro3000]

Hey @wkoszek . Sorry for the delay. =)

Taking a look now!

[plribeiro3000]

Thats way better. Thanks for your efforts and patience on this. 👍

[plribeiro3000]

@wkoszek Would you add an example on the README please?

[wkoszek]

@plribeiro3000 @NeilHanlon @mmoll Do you guys have any snippets that you actively use for this, where e.g.: from the command line you go from 0 to Ubuntu 14.04 or FreeBSD 10+ VM running on XenServer?

I'd love to grab those and (a) steal them from you (b) bring examples to README.md

[mmoll]

@wkoszek I don't use xen personally, but I hope that @NeilHanlon can use the current code in master to patch theforeman/foreman-xen and maybe that can lead to an example for the README.

[bdonnahue]

Is anyone working on this? theforeman/foreman-xen seems unusable

[plribeiro3000]

@bdonnahue This was merged and release already.

If you feel like something is not working as expected or broken, plz open a new issue with a backtrace of your error so someone can check it out. Thanks!