Hi,
I have a strange problem, I have 3 RHEL 5.4 servers that are clones of each other, I have install the SDK on all 3 of them, version:
I have installed VMware-vSphere-SDK-for-Perl-4.0.0-161974
and on 2 servers whith connect.pl it works great:
/usr/lib/vmware-vcli/apps/general/connect.pl --server 1.1.1.1 --username XXX --password XX
Connection Successful
Server Time : 2009-11-04T11:53:30.449415Z
On the third server it doesn't work:
/usr/lib/vmware-vcli/apps/general/connect.pl --server 1.1.1.1 --username XXX --password XX
Error: Server version unavailable at 'https://1.1.1.1/sdk/vimService.wsdl'
I am connecting to a VC with esx 3.5, on the third server I can access the url 'https://1.1.1.1/sdk/vimService.wsdl' with no problems
Any idea what can be the problem ?
Thnx
Does the following work:
/usr/lib/vmware-vcli/apps/general/connect.pl --url https://1.1.1.1/sdk --username XXX --password XX
=========================================================================
William Lam
VMware vExpert 2009
VMware ESX/ESXi scripts and resources at:
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
Nope, The same result:
/usr/lib/vmware-vcli/apps/general/connect.pl --url --username xxxx --password xxxx
Error: Server version unavailable at 'https://10.7.112.166/sdk/vimService.wsdl'
"on the third server I can access the url 'https://1.1.1.1/sdk/vimService.wsdl' with no problems" by this I mean I can wget the file and download it perfectly from the third server:
Connecting to 1.7.11.16:443... connected.
Self-signed certificate encountered.
HTTP request sent, awaiting response... 200 OK
Length: 561 text/xml
Saving to: `vimService.wsdl'
100%[=================================================================================>] 561 --.-K/s in 0s
2009-11-05 08:32:00 (109 MB/s) - `vimService.wsdl' saved 561/561
do you use a proxy?
if so, deactivate the proxy (look in the enviroment) an then try again
Thnx for the help. I haven't got any proxy config on my env:
# grep proxy .* | grep -v .zhistory (11-10 17:35)
l01 ~]# /usr/lib/vmware-vcli/apps/general/connect.pl --url https://10.7.1.1/sdk --username dpar-00 --password cu3rv0-.
Error: Server version unavailable at 'https://10.7.1.1/sdk/vimService.wsdl'
Where else can the proxy be defined ?
%ENV from perl:
DISPLAY : localhost:11.0
EDITOR : vim
G_BROKEN_FILENAMES : 1
HISTFILE : /root/.zhistory
HISTSIZE : 1500
HOME : /root
HOSTNAME : 11111
INPUTRC : /etc/inputrc
KDEDIR : /usr
KDE_IS_PRELINKED : 1
KDE_NO_IPV6 : 1
LANG : en_US.UTF-8
LESSOPEN : |/usr/bin/lesspipe.sh %s
LOGNAME : root
LS_COLORS : no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:.cmd=00;32:.exe=00;32:.com=00;32:.btm=00;32:.bat=00;32:.sh=00;32:.csh=00;32:.tar=00;31:.tgz=00;31:.arj=00;31:.taz=00;31:.lzh=00;31:.zip=00;31:.z=00;31:.Z=00;31:.gz=00;31:.bz2=00;31:.bz=00;31:.tz=00;31:.rpm=00;31:.cpio=00;31:.jpg=00;35:.gif=00;35:.bmp=00;35:.xbm=00;35:.xpm=00;35:.png=00;35:.tif=00;35:
MAIL : /var/spool/mail/root
MUTT_EDITOR : vim
OLDPWD : /root
PAGER : more
PATH : /opt/perf/bin:/opt/OV/bin:/usr/local/bin:/usr/local/sbin/:/bin:/sbin:/usr/bin:/usr/sbin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/usr/java/jdk1.5.0_09/bin
PR_BLUE : %{%}
PR_CYAN : %{%}
PR_GREEN : %{%}
PR_LIGHT_BLUE : %{%}
PR_LIGHT_CYAN : %{%}
PR_LIGHT_GREEN : %{%}
PR_LIGHT_MAGENTA : %{%}
PR_LIGHT_RED : %{%}
PR_LIGHT_WHITE : %{%}
PR_LIGHT_YELLOW : %{%}
PR_MAGENTA : %{%}
PR_NO_COLOR : %{%}
PR_RED : %{%}
PR_WHITE : %{%}
PR_YELLOW : %{%}
PWD : /root
RPS1 : (%D{%m-%d %H:%M}) %0(?,%{%}:%),%{%}:(%s)%b
SAVEHIST : 1500
SHELL : /bin/bash
SHLVL : 2
SSH_ASKPASS : /usr/libexec/openssh/gnome-ssh-askpass
SSH_CLIENT : 10.7.2.36 4171 22
SSH_CONNECTION : 10.7.2.36 4171 10.7.115.160 22
SSH_TTY : /dev/pts/1
TERM : xterm
USER : root
_ : /root/./lol.pl
color : WHITE
count : 7
mapfile : zsh/mapfile
I am not firm with Redhead. On Suse you can edit /etc/sysconfig/proxy or you can do over yast.
Perhaps you have set proxy setting for yum but normaly the connect.pl script get the proxy setting form user env.
try to start connect.pl with --verbose for more debug infos
No luck,
/etc/sysconfig]# find . | xargs grep -i proxy (11-13 09:41)
./rhn/up2date.rpmnew:enableProxy[comment]=Use a HTTP Proxy
./rhn/up2date.rpmnew:enableProxy=0
./rhn/up2date.rpmnew:httpProxy[comment]=HTTP proxy in host:port format, e.g. squid.redhat.com:3128
./rhn/up2date.rpmnew:httpProxy=
./rhn/rhncfg-client.conf:# enableProxy = 1
./rhn/rhncfg-client.conf:# enableProxyAuth = 1
./rhn/rhncfg-client.conf:# httpProxy = some.proxy.example.com:3030
./rhn/rhncfg-client.conf:# proxyUser = proxy_user_name
./rhn/rhncfg-client.conf:# proxyPassword = proxy_password
./rhn/osad.conf:# enableProxy = 1
./rhn/osad.conf:# enableProxyAuth = 1
./rhn/osad.conf:# httpProxy = some.proxy.example.com:3030
./rhn/osad.conf:# proxyUser = proxy_user_name
./rhn/osad.conf:# proxyPassword = proxy_password
./rhn/osad.conf:# to try Satellite's jabberd if RHN Proxy's is not available.
./rhn/up2date:enableProxyAuth[comment]=To use an authenticated proxy or not
./rhn/up2date:enableProxyAuth=0
./rhn/up2date:enableProxy[comment]=Use a HTTP Proxy
./rhn/up2date:enableProxy=0
./rhn/up2date:proxyPassword[comment]=The password to use for an authenticated proxy
./rhn/up2date:proxyPassword=
./rhn/up2date:proxyUser[comment]=The username for an authenticated proxy
./rhn/up2date:proxyUser=
./rhn/up2date:httpProxy[comment]=HTTP proxy in host:port format, e.g. squid.redhat.com:3128
./rhn/up2date:httpProxy=
./ha/conf/httpd.conf:LoadModule proxy_module modules/mod_proxy.so
The --verbose doesn't give a lot more:
/usr/lib/vmware-vcli/apps/general/connect.pl --verbose --url https://1.1.1.166/sdk
Error: Server version unavailable at 'https://10.7.112.166/sdk/vimService.wsdl'
Thnx for the help.
Anything else?
ok, you can try the following.
uninstall vsphere sdk 4 for Perl and install the VI Perl 1.6, thats the version before sdk 4. there is a better failure output.
I installed the vi perl sdk :
VMware-VIPerl-1.6.0-104313.i386.tar.gz
/usr/lib/vmware-viperl/apps/general/connect.pl --url --username d --password cu
Error: Server version unavailable at 'https://1.7.1.1/sdk/vimService.wsdl' :1: parser error : Start tag expected, '<' not found
LWP will support https URLs if the Crypt::SSLeay module is installed.
^
at /usr/lib/perl5/site_perl/5.8.8/VMware/VICommon.pm line 323
I have the SSLeay installed:
rpm -qa | grep -i SSLeay
perl-Crypt-SSLeay-0.51-11.el5
perl-Net-SSLeay-1.30-4.fc6
As detailed here:
http://search.cpan.org/~sullr/Net-SSLGlue-0.2/lib/Net/SSLGlue/LWP.pm and here:
http://www.dagolden.com/index.php/1395/with-lwp-6-you-probably-need-mozillaca/
The LWP libraries started doing certificate verification by default with version 6.
This causes the current vcli to fail to connect to a vSphere without a trusted and verifiable certificate.
I fixed this error by doing the following:
yum install perl-IO-Socket-SSL
vi /usr/lib/perl5/site_perl/5.8.8/LWP/Protocol/https.pm
Look for the following line near the top:
Change it to:
$ssl_opts{SSL_verify_mode} ||= 0;
This is on CentOS 5.5, you might have different paths on different platforms.
This fixed the error for me, I guess we need to wait for an updated vcli that disables certificate verification as part of the LWP calls.
The correct way to disable SSL verification using LWP, is to add this at the top of your perl script:
$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;
Franky
Hello.
I have the same problem. I have set the Variable to the VICommon.pm. But this don't help.
Could somebody help me? I have no idea any more.
Kind Regards,
Rolf
Did you add the line I mentioned at the top of your *own* perl script? I don't know if adding it to VICommon.pm helps.
Hello liedekef.
Thank you for your fast posting. I have insert the $ENV in every script I have (check_esx3, vmware-cmd) and nothing helped.
Everytime I try to connect an ESX Server, I get the message "Server version unavailable at 'https://192.168.20.4:443/sdk/vimService.wsdl' at /usr/lib/perl5/5.10.0/VMware/VICommon.pm line 545".
Kind Regards,
Rolf
Does your perl use LWP for ssl? If you you need to insert another environment variable.
I think so. At the end I want to check over nagios with check_esx3 script.
Which variables should I also insert?
Thank you.
Kind regards,
Rolf
Insane.
On one nagios server it works. But I don't know why. 😕 .
Rolf
Take a look at this forum post: http://communities.vmware.com/message/1347703#1347703
A poster there was able to resolve a similar issue with -
$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;
I believe the initial thinking is the newer versions of LWP may be doing a more secure check of the host certificate. I'll be honest, I've not been able to reproduce the issue. My environment (run against ESXi hosts both stand-alone and in a vCenter cluster). The one thing I haven't tried is going against a classic ESX host. Let me know if you have classic ESX servers in your environment that the nagios script is running against.
Perl Version 5.12.3
LWP Version: 5.837
Crypt::SSLeay Version: 0.58
The one thing that seems common between all the users reporting this issue is the check_esx nagios script.
Just out of curiousity sake, what's the perl, nagios script, lwp and ssleay versions on your two servers?
perl -vperl -MLWP -e 'print "LWP Version: $LWP::VERSION\n"'perl -MCrypt::SSLeay -e 'print "Crypt::SSLeay Version: $Crypt::SSLeay::VERSION\n"'
I was able to fix my issue by adding the line suggested at the top of VICommon.pl.
user@host:~/Desktop> diff /usr/lib/perl5/5.10.0/VMware/VICommon.pm~ /usr/lib/perl5/5.10.0/VMware/VICommon.pm
19a20,21
> ##Fix for invalid certs on hosts.
> $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;
Also, to verify the issue I had added this to see what was actually being returned by the script just above the if statement that fails. Line 542 before added the two lines to fix the issue.
die $response->content;