search

openbaton / openstack4j-plugin

Apache License 2.0
3 stars 12 forks source link

Unable to configure PROXY & SSL certificates in Openbaton #46

Open ashishrathee17 opened 6 years ago

ashishrathee17 commented 6 years ago

Open Baton internally uses Openstack4j library to communicate with Openstack.

In my scenario i am having a Openstack working on HTTPS, which is behind a proxy server. To reach it we need to configure both PROXY & SSL certificates but there is no support for it Openbaton.

I am getting below error while creating POP in Logs:

org.openbaton.exceptions.VimException: Refreshing VIM caused following error: org.openbaton.exceptions.VimException: Not listed Images successfully of VimInstance vim-instance-name. Caused by: org.openbaton.exceptions.VimDriverException: Connection timed out (Connection timed out)
        at org.openbaton.nfvo.core.api.VimManagement.refresh(VimManagement.java:213)
        at org.openbaton.nfvo.core.api.VimManagement.add(VimManagement.java:97)
        at org.openbaton.nfvo.api.admin.RestVimInstances.create(RestVimInstances.java:87)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)

Also As per below file, Openbaton not setting any proxy or ssl certs. Refer 

`Config cfg = Config.DEFAULT;
    cfg =
        cfg.withConnectionTimeout(
            Integer.parseInt(properties.getProperty("connection-timeout", "10000")));

os = OSFactory.builderV2()
                .endpoint(vimInstance.getAuthUrl())
                .credentials(vimInstance.getUsername(), vimInstance.getPassword())
                .tenantName(vimInstance.getTenant())
                .withConfig(cfg)
                .authenticate();
`

Instead of it i directly tried using OpenStack4j library for creating VM, it worked only after setting Certs & proxy:

            /**
             * PROXY & CERT config
             */
            InputStream is = new FileInputStream(AppConstant.OPENSTACK_CERTIFICATE);
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            X509Certificate caCert = (X509Certificate) cf.generateCertificate(is);
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
            ks.load(null);
            ks.setCertificateEntry("caCert", caCert);
            tmf.init(ks);
            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, tmf.getTrustManagers(), null);

            Config config = Config.newConfig();
            config = Config.newConfig().withProxy(ProxyHost.of(AppConstant.PROXY_HOST, AppConstant.PROXY_PORT));
            config.withSSLContext(sslContext);

            /**
             * ENABLE OPENSTACK4j logging
             */
            OSFactory.enableHttpLoggingFilter(true);

            /**
             * Create object of OSClient
             */

            os = OSFactory.builderV2().useNonStrictSSLClient(AppConstant.OPENSTACK4JDEBUG).endpoint(AppConstant.OPENSTACK_ENDPOINT)
                    .credentials(AppConstant.OPENSTACK_USER, AppConstant.OPENSTACK_PASSWORD).tenantId(AppConstant.OPENSTACK_TENANT_ID).withConfig(config)
                    .authenticate();

Can you please suggest resolution of this issue which i am facing?

lorenzotomasini commented 6 years ago

Hi @ashishrathee17 ,

apparently you already found a possible solution. Please provide a PR with a configurable solution and we will be very happy to integrate it in upstream.