search

vmware / powerclicore

PowerCLI Core Dockerfile
Apache License 2.0
97 stars 48 forks source link

Cannot connect to vcloud director from docker container #46

Open inetman28 opened 4 years ago

inetman28 commented 4 years ago

Hi,

Description: I have a problem with connect to vCloudDirector from docker image vmware/powerclicore:latest. The problem is strange and reproduce from ci-runner for example, but from my docker engine run on laptop the pc problem not reproduce. Also the problem not reproduce from windows pc without docker.

Reproduce: $ docker run --rm -ti vmware/powerclicore pwsh

PS /root> $username = "Administrator"
PS /root> $password = "some_password"

PS /root> Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false
PS /root> Import-Module VMware.VimAutomation.Cloud
PS /root> Connect-CIServer <fqdn_of_vcd> -User $username -Password $password

Problem:

I get error below:

Connect-CIServer : 05/01/2020 10:35:06  Connect-CIServer        No Cloud server was found on https://<fqdn_of_vcd>:443/api/.    
At line:1 char:1
+ Connect-CIServer <fqdn_of_vcd> -User $username -Password $passwo ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [Connect-CIServer], CIException
+ FullyQualifiedErrorId : Cloud_ConnectivityServiceImpl_ConnectCloudServer_ConnectError,VMware.VimAutomation.Cloud.Commands.Cmdlets.ConnectCIServer

PS /root>

In the same time if try connect to vcloud director from docker engine run on my laptop then all work fine. I have not any network problems, for example firewalls and so on... I disabled all fw rules. Also I tried to connect from the third docker engine on same layer2 network segment (where vcd is connect too) and I have same problem. Below output from container to proof that tcp/443 is open:

PS /root> curl -v https://<some_fqdn_of_vcd> -k
* Rebuilt URL to: https://<some_fqdn_of_vcd>/
*   Trying 10.11.100.130...
* TCP_NODELAY set
* Connected to <some_fqdn_of_vcd> (10.11.100.130) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
[cut.....]
*  start date: Apr 21 10:00:10 2020 GMT
*  expire date: Apr 21 10:00:10 2022 GMT
*  issuer: C=RU; O=CloudDC; CN=CDC Sub CA 01
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET / HTTP/1.1
> Host: <some_fqdn_of_vcd>
> User-Agent: curl/7.61.1
> Accept: */*
> 
< HTTP/1.1 302 Found
< Date: Fri, 01 May 2020 12:03:23 GMT
< X-VMWARE-VCLOUD-REQUEST-ID: 8ab39687-52fd-4598-a7dd-b873faa637c5
< Content-Type: text/html;charset=utf-8
< Location: /login
< Content-Length: 2
< 

* Connection #0 to host <some_fqdn_of_vcd> left intact
PS /root>
inetman28 commented 4 years ago

One more log:

PS /root> $error[0] | fl * -Force

writeErrorStream      : True
PSMessageDetails      : 
Exception             : VMware.VimAutomation.Cloud.Types.V1.CIException: 05/01/2020 09:02:04    Connect-CIServer        No Cloud server was found on https://<some_fqdn_of_vcd>:443/api/.    ---> 
                        VMware.VimAutomation.Cloud.Views.Exceptions.CloudException: No Cloud server was found on https://<some_fqdn_of_vcd>:443/api/. ---> System.Net.Http.HttpRequestException: 
                        An error occurred while sending the request. ---> System.IO.IOException: The 
                        server returned an invalid or unrecognized response.
                           at System.Net.Http.HttpConnection.FillAsync()
                           at System.Net.Http.HttpConnection.ReadNextResponseHeaderLineAsync(Boolean foldedHeadersAllowed)
                           at System.Threading.Tasks.ValueTask`1.get_Result()
                           at System.Net.Http.HttpConnection.SendAsyncCore(HttpRequestMessage request, CancellationToken cancellationToken)
                           --- End of inner exception stack trace ---
                           at System.Net.Http.HttpConnection.SendAsyncCore(HttpRequestMessage request, CancellationToken cancellationToken)
                           at System.Net.Http.HttpConnectionPool.SendWithNtConnectionAuthAsync(HttpConnection connection, HttpRequestMessage request, Boolean d
                        oRequestAuth, CancellationToken cancellationToken)
                           at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancel
                        lationToken)
                           at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
                           at VMware.VimAutomation.Cloud.Views.Http.RedirectAuthenticationHandler.SendAsync(HttpRequestMessage request, CancellationToken cance
                        llationToken)
                           at VMware.VimAutomation.Common.Util10.DiagnosticProxyHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationTok
                        en)
                           at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Bool
                        ean disposeCts)
                           at VMware.VimAutomation.Cloud.Views.Http.RestClient.Execute(HttpRequestMessage request)
                           at VMware.VimAutomation.Cloud.Views.Http.RestClient.Execute(Uri uri, HttpMethod method, Object value, IDictionary`2 requestHeaders)
                           at VMware.VimAutomation.Cloud.Views.Http.RestClient.Execute[T](Uri uri, HttpMethod method, IDictionary`2 requestHeaders, Object valu
                        e)
                           at VMware.VimAutomation.Cloud.Views.Http.RestClient.Get[T](Uri uri)
                           at VMware.VimAutomation.Cloud.Views.Http.RestClient.Get[T](String url)
                           at VMware.VimAutomation.Cloud.Views.Connectivity.VersionHelper.GetSupportedVersionsFromServer()
                           at VMware.VimAutomation.Cloud.Views.Connectivity.VersionHelper..ctor(CloudClient client)
                           at VMware.VimAutomation.Cloud.Views.Connectivity.VersionHelper.Negotiate(CloudClient cloudClient)
                           at VMware.VimAutomation.Cloud.Views.CloudClient.EstablishVersionAndLoginUri()
                           at VMware.VimAutomation.Cloud.Views.CloudClient.Connect(String serverUrl, String organization, String username, String password, Fun
                        c`2 clientFactory)
                           --- End of inner exception stack trace ---
                           at VMware.VimAutomation.Cloud.Views.CloudClient.Connect(String serverUrl, String organization, String username, String password, Fun
                        c`2 clientFactory)
                           at VMware.VimAutomation.Cloud.Impl.V1.Service.ConnectivityServiceImpl.ConnectCloudServer(String serverName, String protocol, Int32 p
                        ort, String organization, String username, String password, IServerCertificateValidationHandler certificateValidator)
                           --- End of inner exception stack trace ---
                           at VMware.VimAutomation.Cloud.Impl.V1.Service.ConnectivityServiceImpl.ConnectCloudServer(String serverName, String protocol, Int32 p
                        ort, String organization, String username, String password, IServerCertificateValidationHandler certificateValidator)
                           at VMware.VimAutomation.Cloud.Impl.V1.Service.ClientManagerImpl.ConnectCloudServer(String serverUrl, String protocol, Int32 port, St
                        ring organization, String username, String password, IServerCertificateValidationHandler certificateValidator)
                           at VMware.VimAutomation.Cloud.Commands.Cmdlets.ConnectCIServer.ProcessRecordErrorHandled()
TargetObject          : 
CategoryInfo          : NotSpecified: (:) [Connect-CIServer], CIException
FullyQualifiedErrorId : Cloud_ConnectivityServiceImpl_ConnectCloudServer_ConnectError,VMware.VimAutomation.Cloud.Commands.Cmdlets.ConnectCIServer
ErrorDetails          : 
InvocationInfo        : System.Management.Automation.InvocationInfo
ScriptStackTrace      : at <ScriptBlock>, <No file>: line 1
PipelineIterationInfo : {0, 1}

PS /root>
inetman28 commented 4 years ago

It is not work... This is a bag of powershell... Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false

After add root ca to container evething work fine.