Closed rallytime closed 8 years ago
rallytime
commented
8 years ago @nmadhok You might be interested in this one. I can take a look in a couple of days, but thought you'd like to be aware of it. I don't think pyVmomi 6.0 was out until only recently.
nmadhok
commented
8 years ago @rallytime I'll take a look at it.
skandyla
commented
8 years ago Hi, also have this issue.
salt-cloud -f list_nodes my-vmware -l debug
2016-01-08 15:49:41,627 [salt.cloud ][DEBUG ][4258] Trying to execute 'vmware.list_nodes' with the following kwargs: {}
2016-01-08 15:49:41,840 [salt.utils.vmware][DEBUG ][4258] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:765) # pip list | grep pyvmomi
pyvmomi (6.0.0)Versions report:
# salt-cloud --versions
Salt Version:
Salt: 2015.8.3
Dependency Versions:
Apache Libcloud: 0.18.0
Jinja2: 2.7.3
M2Crypto: Not Installed
Mako: Not Installed
PyYAML: 3.11
PyZMQ: 14.7.0
Python: 2.7.5 (default, Nov 20 2015, 02:00:19)
RAET: Not Installed
Tornado: 4.2.1
ZMQ: 4.0.5
cffi: Not Installed
cherrypy: Not Installed
dateutil: 2.4.2
gitdb: Not Installed
gitpython: Not Installed
ioflo: Not Installed
libnacl: Not Installed
msgpack-pure: Not Installed
msgpack-python: 0.4.6
mysql-python: Not Installed
pycparser: Not Installed
pycrypto: 2.6.1
pygit2: Not Installed
python-gnupg: Not Installed
smmap: Not Installed
timelib: Not Installed
System Versions:
dist: centos 7.2.1511 Core
machine: x86_64
release: 3.10.0-327.3.1.el7.x86_64
system: CentOS Linux 7.2.1511 CoreTemporary solution:
pip uninstall pyvmomi
pip install -Iv pyvmomi==5.5@skandyla I'm working on fixing this. pyVmomi 5.5 is old. Please uninstall it and reinstall pyVmomi 5.5.0-2014.1.1.
pip uninstall pyvmomi
pip install pyvmomi==5.5.0-2014.1.1@skandyla Would it be possible for you to install pyvmomi 6.0.0 and test it with the PR referenced above? I have tested it to work but just want to make sure it works for others.
nmadhok
commented
8 years ago @rallytime After merging https://github.com/saltstack/salt/pull/30231, you won't see the SSL issue. The SSL issue will only appear when pyVmomi >= 6.0.0 is installed on systems using Python < 2.7. I will submit another PR to mention this in the docs that pyVmomi >= 6.0.0 is only supported on systems using Python >= 2.7 and for systems using Python < 2.7, they should use pyVmomi 5.5.0-2014.1.1 by doing pip install pyvmomi==5.5.0-2014.1.1
skandyla
commented
8 years ago @nmadhok I've tested your PR - seems all working good (under Centos7).
I've setuped virtualenv, and installed pyvmomi (6.0.0) also
#pip list|grep pyvmomi
pyvmomi (6.0.0)
git fetch upstream refs/pull/30231/head:bp-30231
git checkout bp-30231
salt-cloud -f list_nodes vmware1 Thanks!
nmadhok
commented
8 years ago @skandyla Not a problem. Glad it's working for you now. Should be merged into develop and 2015.8 branch very soon.
rallytime
commented
8 years ago @nmadhok Awesome! Thanks for submitting that, and thanks @skandyla for testing. I'll test that out today.
rallytime
commented
8 years ago @nmadhok Hrm...After applying these changes to the 2015.8 and upgrading my version of pyVmomi to 6.0, the proxy minion stops with these errors:
[INFO ] Starting new HTTPS connection (1): 10.4.28.150
[WARNING ] /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:315: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning.
SNIMissingWarning
[WARNING ] /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
[DEBUG ] [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[WARNING ] Stopping the Salt Proxy Minion
[ERROR ] Cannot complete login due to an incorrect user name or password.
[INFO ] The proxy minion is shut downI am running this on an Ubuntu 14 machine.
# salt --versions
Salt Version:
Salt: 2015.8.3-172-g8d37bab
Dependency Versions:
Jinja2: 2.7.2
M2Crypto: Not Installed
Mako: 0.9.1
PyYAML: 3.10
PyZMQ: 14.4.0
Python: 2.7.6 (default, Jun 22 2015, 17:58:13)
RAET: Not Installed
Tornado: 4.2.1
ZMQ: 4.0.4
cffi: Not Installed
cherrypy: Not Installed
dateutil: 1.5
gitdb: 0.5.4
gitpython: 0.3.2 RC1
ioflo: Not Installed
libnacl: Not Installed
msgpack-pure: Not Installed
msgpack-python: 0.3.0
mysql-python: 1.2.3
pycparser: Not Installed
pycrypto: 2.6.1
pygit2: Not Installed
python-gnupg: Not Installed
smmap: 0.8.2
timelib: Not Installed
System Versions:
dist: Ubuntu 14.04 trusty
machine: x86_64
release: 3.13.0-66-generic
system: Ubuntu 14.04 trusty@rallytime Would it be possible for you to test this on a CentOS/RHEL 6/7 server? I will in the meantime spin up an Ubuntu server and test it.
rallytime
commented
8 years ago @nmadhok Hrm. I wasn't able to get this working on a CentOS7 server with your patch applied, either. I am seeing the same warnings.
nmadhok
commented
8 years ago @skandyla Was able to get it working on CentOS 7.
rallytime
commented
8 years ago @nmadhok Yes, I see that. These are both Vagrant boxes because of other reasons. I am wondering if that might have something to do with it. My original stacktrace didn't mention anything about the SNIMissingWarning, but now both stacktraces do.
I'll keep poking around.
skandyla
commented
8 years ago A few comments.
I'm using simply salt-cloud command and PR is working good for that. So, my environment doesn't have proxy minions.
Versions in case they may be useful:
Salt Version:
Salt: 2015.8.3-4702-g256ace0
Dependency Versions:
Jinja2: 2.8
M2Crypto: 0.21.1
Mako: Not Installed
PyYAML: 3.11
PyZMQ: 15.1.0
Python: 2.7.5 (default, Nov 20 2015, 02:00:19)
RAET: Not Installed
Tornado: 4.3
ZMQ: 4.1.2
cffi: Not Installed
cherrypy: Not Installed
dateutil: Not Installed
gitdb: Not Installed
gitpython: Not Installed
ioflo: Not Installed
libnacl: Not Installed
msgpack-pure: Not Installed
msgpack-python: 0.4.6
mysql-python: Not Installed
pycparser: Not Installed
pycrypto: 2.6.1
pygit2: Not Installed
python-gnupg: Not Installed
smmap: Not Installed
timelib: Not Installed
System Versions:
dist: centos 7.2.1511 Core
machine: x86_64
release: 3.10.0-327.3.1.el7.x86_64
system: CentOS Linux 7.2.1511 Core
@rallytime I don't have proxy minion setup either. I'm wondering if that's causing the issue for you?
nitinmadhok@nitinmadhok:~/Repos/salt$ salt --versions-report
Salt Version:
Salt: 2015.8.0-1181-g25d25fe
Dependency Versions:
Jinja2: 2.8
M2Crypto: 0.22
Mako: Not Installed
PyYAML: 3.11
PyZMQ: 15.1.0
Python: 2.7.11 (default, Jan 4 2016, 10:43:13)
RAET: Not Installed
Tornado: 4.3
ZMQ: 4.1.2
cffi: 0.9.2
cherrypy: Not Installed
dateutil: Not Installed
gitdb: Not Installed
gitpython: Not Installed
ioflo: Not Installed
libnacl: Not Installed
msgpack-pure: Not Installed
msgpack-python: 0.4.6
mysql-python: Not Installed
pycparser: 2.10
pycrypto: 2.6.1
pygit2: Not Installed
python-gnupg: Not Installed
smmap: Not Installed
timelib: Not Installed
System Versions:
dist:
machine: x86_64
release: 15.2.0
system: 10.11.2 -- x86_64nitinmadhok@nitinmadhok:~/Repos/salt$ pip show pyvmomi
---
Metadata-Version: 2.0
Name: pyvmomi
Version: 6.0.0
Summary: VMware vSphere Python SDK
Home-page: https://github.com/vmware/pyvmomi
Author: VMware, Inc.
Author-email: jhu@vmware.com
License: License :: OSI Approved :: Apache Software License
Location: /usr/local/lib/python2.7/site-packages
Requires: requests, sixnitinmadhok@nitinmadhok:~/Repos/salt$ sudo salt-cloud -f test_vcenter_connection vcenter01
Password:
[INFO ] salt-cloud starting
vcenter03:
----------
vmware:
connection successfulNo, it's not the proxy minion, because I get the same errors in a python interpreter just calling the salt.utils.vmware.get_service_instance function to connect directly to the ESXi host, which is the same authentication code that the cloud driver uses.
However, I just realized that this ESXi host has esxi5.5 installed on it, not 6.0. That might be where this is falling down.
nmadhok
commented
8 years ago @rallytime Version of pyVmomi should be the same as the version of ESXi hosts/vCenter. If you're connecting to a vCenter, then the version of vCenter is what matters and it should be the same as the version of pyVmomi. If you're connecting directly to the ESXi host, then the version of ESXi host should be same as the version of pyVmomi.
rallytime
commented
8 years ago @nmadhok Yes, I just tried this against another vCenter server that is running 6.0, and I'm still seeing the error. I'm not sure what I am doing incorrectly, but I will keep poking at it, because this is fishy. Thanks for your patience.
skandyla
commented
8 years ago Actually, I have ESXi 5.5.0, and it working with pyvmomi 6.0.0 and PR you have provided. Some basic stuff at least.
# salt-cloud -f get_vcenter_version vmware1
...
[DEBUG ] Trying to execute 'vmware.get_vcenter_version' with the following kwargs: {}
[DEBUG ] LazyLoaded nested.output
vmware1:
----------
vmware:
VMware ESXi 5.5.0 build-1623387
# pip list |grep pyv
pyvmomi (6.0.0)@skandyla it is going to work but a lot of features won't work as expected because of the difference in features between versions.
nmadhok
commented
8 years ago @rallytime @cro @skandyla
From https://urllib3.readthedocs.org/en/latest/security.html#pyopenssl and https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning
pip install requests[security] --upgrade
pip install pyopenssl ndg-httpsclient pyasn1 --upgradeOn Ubuntu, you may run into trouble installing pyopenssl, you'll need these dependencies:
apt-get install libffi-dev libssl-devPlease install/upgrade required dependencies if they're already installed and try this PR again.
Can you also post the output of pip show pyopenssl and pip show pyasn1
cro
commented
8 years ago Well, Salt already deps on PyOpenSSL, so we're OK there. I'll give this a try.
On Mon, Jan 11, 2016 at 5:23 PM, Nitin Madhok notifications@github.com wrote:
@rallytime https://github.com/rallytime @cro https://github.com/cro
From https://urllib3.readthedocs.org/en/latest/security.html#pyopenssl and https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning
pip install pyopenssl ndg-httpsclient pyasn1
On Ubuntu, you may run into trouble installing pyopenssl, you'll need these dependencies:
apt-get install libffi-dev libssl-dev
— Reply to this email directly or view it on GitHub https://github.com/saltstack/salt/issues/29537#issuecomment-170741398.
--cro C. R. Oldham, Platform Engineer, SaltStack cr@saltstack.com / 801-564-4673
cro
commented
8 years ago Sorry, this didn't work. :-(
I checked out your PR and made sure the right items were installed with pip.
root@ub14:~# pip install requests[security] --upgrade
Requirement already up-to-date: requests[security] in /usr/local/lib/python2.7/dist-packages
Requirement already up-to-date: pyOpenSSL>=0.13 in /usr/local/lib/python2.7/dist-packages (from requests[security])
Requirement already up-to-date: ndg-httpsclient in /usr/local/lib/python2.7/dist-packages (from requests[security])
Requirement already up-to-date: pyasn1 in /usr/local/lib/python2.7/dist-packages (from requests[security])
Requirement already up-to-date: six>=1.5.2 in /usr/local/lib/python2.7/dist-packages (from pyOpenSSL>=0.13->requests[security])
Requirement already up-to-date: cryptography>=0.7 in /usr/local/lib/python2.7/dist-packages (from pyOpenSSL>=0.13->requests[security])
Requirement already up-to-date: idna>=2.0 in /usr/local/lib/python2.7/dist-packages (from cryptography>=0.7->pyOpenSSL>=0.13->requests[security])
Collecting setuptools>=1.0 (from cryptography>=0.7->pyOpenSSL>=0.13->requests[security])
Downloading setuptools-19.2-py2.py3-none-any.whl (463kB)
100% |████████████████████████████████| 466kB 1.2MB/s
Requirement already up-to-date: enum34 in /usr/local/lib/python2.7/dist-packages (from cryptography>=0.7->pyOpenSSL>=0.13->requests[security])
Requirement already up-to-date: ipaddress in /usr/local/lib/python2.7/dist-packages (from cryptography>=0.7->pyOpenSSL>=0.13->requests[security])
Requirement already up-to-date: cffi>=1.4.1 in /usr/local/lib/python2.7/dist-packages (from cryptography>=0.7->pyOpenSSL>=0.13->requests[security])
Requirement already up-to-date: pycparser in /usr/local/lib/python2.7/dist-packages (from cffi>=1.4.1->cryptography>=0.7->pyOpenSSL>=0.13->requests[security])
Installing collected packages: setuptools
Found existing installation: setuptools 3.3
Uninstalling setuptools-3.3:
Successfully uninstalled setuptools-3.3
Successfully installed setuptools-19.2
root@ub14:~# pip install pyopenssl ndg-httpsclient pyasn1 --upgrade
Requirement already up-to-date: pyopenssl in /usr/local/lib/python2.7/dist-packages
Requirement already up-to-date: ndg-httpsclient in /usr/local/lib/python2.7/dist-packages
Requirement already up-to-date: pyasn1 in /usr/local/lib/python2.7/dist-packages
Requirement already up-to-date: six>=1.5.2 in /usr/local/lib/python2.7/dist-packages (from pyopenssl)
Requirement already up-to-date: cryptography>=0.7 in /usr/local/lib/python2.7/dist-packages (from pyopenssl)
Requirement already up-to-date: idna>=2.0 in /usr/local/lib/python2.7/dist-packages (from cryptography>=0.7->pyopenssl)
Requirement already up-to-date: setuptools>=1.0 in /usr/local/lib/python2.7/dist-packages (from cryptography>=0.7->pyopenssl)
Requirement already up-to-date: enum34 in /usr/local/lib/python2.7/dist-packages (from cryptography>=0.7->pyopenssl)
Requirement already up-to-date: ipaddress in /usr/local/lib/python2.7/dist-packages (from cryptography>=0.7->pyopenssl)
Requirement already up-to-date: cffi>=1.4.1 in /usr/local/lib/python2.7/dist-packages (from cryptography>=0.7->pyopenssl)
Requirement already up-to-date: pycparser in /usr/local/lib/python2.7/dist-packages (from cffi>=1.4.1->cryptography>=0.7->pyopenssl)
root@ub14:~# ls
get_si.py
root@ub14:~# python get_si.py
Could not connect to host 'salt-vsphere.lehi.saltstack.net'. Please check the debug log for more information.where get_si.py just contains two lines:
import salt.utils.vmware
salt.utils.vmware.get_service_instance('salt-vsphere','user','password')@cro Looking at the error you got, I don't see you got any SSL related errors. You're getting a different error I think. You can also use https://docs.saltstack.com/en/latest/ref/clouds/all/salt.cloud.clouds.vmware.html#salt.cloud.clouds.vmware.test_vcenter_connection to test connection to vcenter using salt-cloud in debug mode:
nitinmadhok@nitinmadhok:~/Repos/salt$ sudo salt-cloud -f test_vcenter_connection vcenter01 -l debug
[DEBUG ] Reading configuration from /etc/salt/cloud
[DEBUG ] Reading configuration from /etc/salt/master
[DEBUG ] Missing configuration file: /etc/salt/cloud.providers
[DEBUG ] Including configuration from '/etc/salt/cloud.providers.d/providers.conf'
[DEBUG ] Reading configuration from /etc/salt/cloud.providers.d/providers.conf
[DEBUG ] Missing configuration file: /etc/salt/cloud.profiles
[DEBUG ] Including configuration from '/etc/salt/cloud.profiles.d/profiles.conf'
[DEBUG ] Reading configuration from /etc/salt/cloud.profiles.d/profiles.conf
[DEBUG ] Reading configuration from /etc/salt/cloud
[DEBUG ] Please install 'virt-what' to improve results of the 'virtual' grain.
[DEBUG ] Configuration file path: /etc/salt/cloud
[INFO ] salt-cloud starting
[DEBUG ] Could not LazyLoad parallels.avail_sizes
[DEBUG ] LazyLoaded parallels.avail_locations
[DEBUG ] LazyLoaded proxmox.avail_sizes
[DEBUG ] Could not LazyLoad saltify.destroy
[DEBUG ] Could not LazyLoad saltify.avail_sizes
[DEBUG ] Could not LazyLoad saltify.avail_images
[DEBUG ] Could not LazyLoad saltify.avail_locations
[DEBUG ] LazyLoaded rackspace.reboot
[DEBUG ] LazyLoaded openstack.list_locations
[DEBUG ] LazyLoaded rackspace.list_locations
[DEBUG ] Trying to execute 'vmware.test_vcenter_connection' with the following kwargs: {}
[DEBUG ] LazyLoaded nested.output
vcenter03:
----------
vmware:
connection successful
jbfriedrich
commented
8 years ago Not sure if my problem is related or not, but I still have issues connecting to a vSphere vCSA 6.0u2 with a self-signed certificate. As far as I understand from this thread, my python version should work fine. I even added the self-signed CA to the the operating system's keystore.
Do I have to add the CA somewhere else as well? Maybe in a keystore of a python library? Or to the keystore of salt itself?
root@saltmaster:~# salt-cloud -f test_vcenter_connection vmware -l debug
[DEBUG ] Reading configuration from /etc/salt/cloud
[DEBUG ] Reading configuration from /etc/salt/master
[DEBUG ] Using cached minion ID from /etc/salt/minion_id: saltmaster.<redacted>
[DEBUG ] Key 'file_ignore_glob' with value None has an invalid type of NoneType, a list is required for this value
[DEBUG ] Missing configuration file: /etc/salt/cloud.providers
[DEBUG ] Including configuration from '/etc/salt/cloud.providers.d/digitalocean.conf'
[DEBUG ] Reading configuration from /etc/salt/cloud.providers.d/digitalocean.conf
[DEBUG ] Including configuration from '/etc/salt/cloud.providers.d/vmware.conf'
[DEBUG ] Reading configuration from /etc/salt/cloud.providers.d/vmware.conf
[DEBUG ] Missing configuration file: /etc/salt/cloud.profiles
[DEBUG ] Including configuration from '/etc/salt/cloud.profiles.d/digitalocean.conf'
[DEBUG ] Reading configuration from /etc/salt/cloud.profiles.d/digitalocean.conf
[DEBUG ] Including configuration from '/etc/salt/cloud.profiles.d/vmware.conf'
[DEBUG ] Reading configuration from /etc/salt/cloud.profiles.d/vmware.conf
[DEBUG ] Configuration file path: /etc/salt/cloud
[WARNING ] Insecure logging configuration detected! Sensitive data may be logged.
[INFO ] salt-cloud starting
[DEBUG ] Could not LazyLoad parallels.avail_sizes
[DEBUG ] LazyLoaded parallels.avail_locations
[DEBUG ] LazyLoaded proxmox.avail_sizes
[DEBUG ] Could not LazyLoad saltify.destroy
[DEBUG ] Could not LazyLoad saltify.avail_sizes
[DEBUG ] Could not LazyLoad saltify.avail_images
[DEBUG ] Could not LazyLoad saltify.avail_locations
[DEBUG ] LazyLoaded rackspace.reboot
[DEBUG ] LazyLoaded openstack.list_locations
[DEBUG ] LazyLoaded rackspace.list_locations
[DEBUG ] Trying to execute 'vmware.test_vcenter_connection' with the following kwargs: {}
[DEBUG ] ("bad handshake: Error([('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)",)
Could not connect to host 'vcsa.<redacted>'. Please check the debug log for more information.root@saltmaster:~# python --version
Python 2.7.9root@saltmaster:~# salt --versions-report
Salt Version:
Salt: 2015.8.8.2
Dependency Versions:
Jinja2: 2.7.3
M2Crypto: Not Installed
Mako: Not Installed
PyYAML: 3.11
PyZMQ: 14.4.0
Python: 2.7.9 (default, Mar 1 2015, 12:57:24)
RAET: Not Installed
Tornado: 4.2.1
ZMQ: 4.0.5
cffi: 1.5.2
cherrypy: 3.5.0
dateutil: 2.2
gitdb: 0.5.4
gitpython: 0.3.2 RC1
ioflo: Not Installed
libgit2: Not Installed
libnacl: Not Installed
msgpack-pure: Not Installed
msgpack-python: 0.4.2
mysql-python: 1.2.3
pycparser: 2.14
pycrypto: 2.6.1
pygit2: Not Installed
python-gnupg: Not Installed
smmap: 0.8.2
timelib: Not Installed
System Versions:
dist: debian 8.4
machine: x86_64
release: 3.16.0-4-amd64
system: debian 8.4 root@saltmaster:~# pip list -v
apache-libcloud (0.20.0)
async (0.6.1)
cffi (1.5.2)
chardet (2.3.0)
CherryPy (3.5.0)
croniter (0.3.4)
cryptography (1.3.1)
enum34 (1.1.3)
gitdb (0.5.4)
GitPython (0.3.2rc1)
idna (2.1)
ipaddress (1.0.16)
Jinja2 (2.7.3)
lockfile (0.8)
MarkupSafe (0.23)
msgpack-python (0.4.2)
MySQL-python (1.2.3)
ndg-httpsclient (0.4.0)
netaddr (0.7.12)
pip (8.1.1)
ply (3.4)
pyasn1 (0.1.9)
pycparser (2.14)
pycrypto (2.6.1)
pycurl (7.19.5)
pyOpenSSL (16.0.0)
python-apt (0.9.3.12)
python-dateutil (2.2)
pytz (2012rc0)
pyvmomi (6.0.0)
PyYAML (3.11)
pyzmq (14.4.0)
repoze.lru (0.6)
requests (2.9.1)
Routes (2.0)
salt (2015.8.8.2)
setuptools (20.9.0)
simplejson (3.6.5)
six (1.10.0)
smmap (0.8.2)
tornado (4.2.1)
urllib3 (1.10.4)
WebOb (1.4)@jbfriedrich Can you install previous version of pyVmomi and see if you get the same error? I'll have to test this on Debian 8.4. I will be working on rewriting the SSL certification check code sometime soon.
jbfriedrich
commented
8 years ago @nmadhok I will test with pyvmomi 5.x but my vsphere environment is 6.x so I am not sure if it will work. I have edited the '/salt/utils/vmware.py' file and it works now for me. Would it be worth it for me to create a pull request so you can take a look at my changes? Might not be the prettiest solution but seems to work for me ;)
nmadhok
commented
8 years ago @jbfriedrich I'll take a look at your commit when I get a chance. You can create a Pull request for it but it'll be reviewed before it gets merged in. I don't have time at the moment to work on this since I'm too swamped at work.
jbfriedrich
commented
8 years ago @nmadhok Sure thing, take your time. Of course it needs to be reviewed first :). I will prepare the pull request tonight after work (I am not doing this all too often). Thanks!
jbfriedrich
commented
8 years ago @nmadhok Sorry for my late reply, had some busy days at work. I have tested with pyVmomi 5.5.0-2014.1.1 and my unmodified salt installation worked fine with that version. When switched back to PyVmomi 6.0.0 the SSL error from above came up again.
I then applied my fix (see pull request) to my local salt installation and the connectivity test succeeded. I could use pyVmomi 6.0.0 just fine with my vSphere 6.0U2 cluster. I also tested pyVmomi 5.5.0-2014.1.1 with my modified salt version, which also seems to work correctly.
Andy4081
commented
6 years ago Hi guys, I am very new to Python world. My goal is to collect VMs info (like CPU, RAM usage) from ESXi and was using this link as reference https://virtualwires.wordpress.com/2016/07/25/using-pyvmomi-to-collect-esxi-info
I have both python 2.7 and 3.5 running on Ubuntu box:
root@ubuntu:~$ python3 --version
Python 3.5.2
root@ubuntu:~$ python --version
Python 2.7.12When I run the script using Python 2.7, it gives "SSL: CERTIFICATE_VERIFY_FAILED" error like below:
root@ubuntu:~$ python esx.py -s 'Host_IP' -u 'user' -p 'pwd'
Traceback (most recent call last):
File "esx.py", line 33, in <module>
main()
File "esx.py", line 19, in main
si = SmartConnect(host=opts.shost,user=opts.username,pwd=opts.password )
...
....
conn.request("GET", path)
File "/usr/lib/python2.7/httplib.py", line 1057, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py", line 1097, in _send_request
self.endheaders(body)
File "/usr/lib/python2.7/httplib.py", line 1053, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 897, in _send_output
self.send(msg)
File "/usr/lib/python2.7/httplib.py", line 859, in send
self.connect()
File "/usr/lib/python2.7/httplib.py", line 1278, in connect
server_hostname=server_hostname)
File "/usr/lib/python2.7/ssl.py", line 353, in wrap_socket
_context=self)
File "/usr/lib/python2.7/ssl.py", line 601, in __init__
self.do_handshake()
File "/usr/lib/python2.7/ssl.py", line 830, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
root@ubuntu:~$When I run using Python3 I get syntax error:
root@ubuntu:~$ python3 esx.py -s 'Host_IP' -u 'user' -p 'pwd'
File "esx.py", line 25
print 'The CPU vendor is %s and the model is %s' %(cpuobj.vendor,cpuobj.description)
^
SyntaxError: invalid syntax
root@ubuntu:~$The script is the same as shown in the article - https://virtualwires.wordpress.com/2016/07/25/using-pyvmomi-to-collect-esxi-info
How do I make it work?
pyVmomi 6.0 is now available in PyPi. The check that we're doing in
salt.utils.vmware.get_service_instanceto handle SSL errors works very well for pyVmomi version 5.5.x, but pyVmomi 6.0 does not enter theif blockwhere we're handling SSL errors.We need to amend this function so that SSL errors are handled both for pyVmomi 5.5.x and pyVmomi 6.0.
The error I get on 6.0 is:
Versions report: