Perl HTTPS support

If you get errors like
  • Missing LWP::Protocol::https
  • Connection reset by peer
  • SSL negotiation failed
  • Server version unavailable at 'https...
  • SOAP request error - possibly a protocol issue ...
then follow this docu, your platform where is running your LPAR2RRD server

AIX

Use this if you have older prms in place (Perl 5.8.8., RRDTool 1.4.8)
  • These 2 packages are mandatory!
    # rpm -qa | egrep -i "Crypt-SSLeay|Net_SSLeay"
      perl-Crypt-SSLeay-0.57-2
      perl-Net_SSLeay.pm-1.55-3
    
  • Set PERL and PERL5LIB variables in /home/lpar2rrd/lpar2rrd/etc/lpar2rrd.cfg
    • Perl 5.8.8 from older archive
      Use this PERL
      PERL=/opt/freeware/bin/perl
      
      Make sure that /usr/opt/perl5/lib/site_perl/5.8.8/aix-thread-multi and /opt/freeware/lib/perl5/vendor_perl/5.8.8/ppc-thread-multi are included in PERL5LIB path like below (same possition, in front of /usr/opt/perl5/lib/site_perl/5.10.1/aix-thread-multi)
      PERL5LIB=/home/lpar2rrd/lpar2rrd/bin:/home/lpar2rrd/lpar2rrd/vmware-lib:/opt/freeware/lib/perl5/vendor_perl/5.8.8/ppc-thread-multi:/usr/opt/perl5/lib/site_perl/5.8.8/aix-thread-multi:/usr/opt/perl5/lib/site_perl/5.8.8:/usr/opt/perl5/lib/site_perl/5.10.1/aix-thread-multi:/opt/freeware/lib/perl/5.8.8:/home/lpar2rrd/lpar2rrd/lib
      
    • Perl 5.20+ (using yum installation):
      PERL=/usr/bin/perl
      PERL5LIB=/home/lpar2rrd/lpar2rrd/bin:/home/lpar2rrd/lpar2rrd/vmware-lib:/home/lpar2rrd/lpar2rrd/lib:/opt/freeware/lib/perl5/5.30/vendor_perl:/opt/freeware/lib64/perl5/5.30/vendor_perl
      
  • In case of VMware usage, there must be /home/lpar2rrd/lpar2rrd/vmware-lib in PERL5LIB on the second possition right behind /home/lpar2rrd/lpar2rrd/bin

  • Verify it, it must show 6.x version.
    # su - lpar2rrd 
    . /home/lpar2rrd/lpar2rrd/etc/lpar2rrd.cfg
    $PERL -MLWP -e 'use LWP::Protocol::https; print "LWP Version: $LWP::VERSION\n"'
      LWP Version: 6.06
    
  • Assure there it does not print any http/https module missing
    cd /home/lpar2rrd/lpar2rrd
    . etc/lpar2rrd.cfg
    $PERL bin/perl_modules_check.pl
    

Linux

  • Install
    # yum install perl-LWP-Protocol-https 
    
  • Check on RHEL7 and older:
    # rpm -qa | egrep "perl-LWP-Protocol-https|perl-Mozilla-CA|perl-Crypt-SSLeay"
      perl-Mozilla-CA-20130114-5.el7.noarch
      perl-LWP-Protocol-https-6.04-4.el7.noarch
      perl-Crypt-SSLeay-0.64-5.el7.x86_64
    
    RHEL8:
    # rpm -qa | egrep "perl-LWP-Protocol-https|perl-Mozilla-CA|perl-Net-SSLeay"
      perl-Mozilla-CA-20160104-7.module_el8.3.0+416+dee7bcef.noarch
      perl-Net-SSLeay-1.85-6.el8.x86_64
      perl-LWP-Protocol-https-6.07-4.module_el8.3.0+416+dee7bcef.noarch
    
  • RHEL6/CentOS6:
    The perl-LWP-Protocol-https package is only provided in RHEL 7, but the same name module /usr/share/perl5/vendor_perl/LWP/Protocol/https.pm is provided by perl-libwww-perl package which is available in RHEL 6
    # yum install perl-libwww-perl
    
  • In case of VMware usage, there must be /home/lpar2rrd/lpar2rrd/vmware-lib in PERL5LIB on the second possition right behind /home/lpar2rrd/lpar2rrd/bin
    . /home/lpar2rrd/lpar2rrd/etc/lpar2rrd.cfg
    echo $PERL5LIB
      PERL5LIB=/home/lpar2rrd/lpar2rrd/bin:/home/lpar2rrd/lpar2rrd/vmware-lib:/usr/share/perl5/vendor_perl:/usr/lib64/perl5/vendor_perl:/usr/share/perl5:/home/lpar2rrd/lpar2rrd/lib
    
  • Verify it, it must show 6.x version.
    # su - lpar2rrd
    . /home/lpar2rrd/lpar2rrd/etc/lpar2rrd.cfg
    $PERL -MLWP -e 'use LWP::Protocol::https; print "LWP Version: $LWP::VERSION\n"'
      LWP Version: 6.06
    
    VMware: if you have installed older VMware Perl SDK 6.5 or 6.0, then LWP version cmd above shows "LWP Version: 5.837" or even 5.805.
    It is also fine.

  • Assure there it does not print any http/https module missing
    cd /home/lpar2rrd/lpar2rrd
    . etc/lpar2rrd.cfg
    $PERL bin/perl_modules_check.pl
    

Linux Debian (Ubuntu, Mint), Docker

  • Install
    Note that liblwp-protocol-https-perl must be exactly at version 6.04-2!
    Other available versions like actually default stable 6.06-2, or 6.02-1 and 6.07-2 have a bug which prevents working it with the latest HMC (9+) and vCenter (6.7+) versions.
    Only Debian based Linux distributions are affected.
    # apt-get install liblwp-protocol-https-perl=6.04-2 libcrypt-ssleay-perl libio-socket-ssl-perl libmozilla-ldap-perl
    
    If you do not have access to the internet then get it from liblwp-protocol-https-perl 6.04-2

  • Check:
    # dpkg --list liblwp-protocol-https-perl libcrypt-ssleay-perl libio-socket-ssl-perl libmozilla-ldap-perl
      ||/ Name                       Version        Architecture Description
      +++-==========================-==============-======-================================================================
      ii  liblwp-protocol-https-perl 6.04-2         all    HTTPS driver for LWP::UserAgent
      ii  libcrypt-ssleay-perl       0.58-1build1   amd64  OpenSSL support for LWP
      ii  libio-socket-ssl-perl      1.965-1ubuntu1 all    Perl module implementing object oriented interface to SSL sockets
      ii  libmozilla-ldap-perl       1.5.3-1build1  amd64  LDAP Perl module for the OpenLDAP C SDK
    
  • Prevent updating it in operating system
    # apt-mark hold liblwp-protocol-https-perl
      liblwp-protocol-https-perl set on hold.
    
  • Verify it, it must show 6.04-2 version.
    # su - lpar2rrd 
    . /home/lpar2rrd/lpar2rrd/etc/lpar2rrd.cfg
    $PERL -MLWP -e 'use LWP::Protocol::https; print "LWP Version: $LWP::VERSION\n"'
      LWP Version: 6.04-2
    
    VMware: if you have installed older VMware Perl SDK 6.5 or 6.0, then LWP version cmd above shows "LWP Version: 5.837" or even 5.805.
    It is also fine.

  • Assure there it does not print any http/https module missing
    cd /home/lpar2rrd/lpar2rrd
    . etc/lpar2rrd.cfg
    $PERL bin/perl_modules_check.pl
    

Activate SSL support on Solaris

Install these perl modules:
umask 022
cpan Crypt::SSLeay
cpan Net::HTTPS
cpan Net::SSL
cpan IO::Socket::SSL
It was tested with Perl 5.24.0, use this in etc/lpar2rrd.cfg
PERL=/usr/local/bin/perl
PERL5LIB=/export/home/lpar2rrd/lpar2rrd/bin:/usr/local/lib/perl5/site_perl/5.24.0:/usr/local/lib/perl/5.24.0:/export/home/lpar2rrd/lpar2rrd/lib:/usr/local/lib/perl5/site_perl/5.24.0/sun4-solaris:/usr/local/lib/perl5/site_perl/5.24.0/sun4-solaris/auto:/usr/perl5/vendor_perl/5.12/sun4-solaris-64int

SuSE Linux

VMware vCenter v6.7+


  • When you use VMware and LWP still shows 5.x then you must upgrade VMware Perl SDK to 6.7.
    Download VMware Perl SDK 6.7.
    Place it into /tmp
    Then under lpar2rrd user
    cd /home/lpar2rrd/lpar2rrd
    rm -r vmware-lib
    ./bin/vmware_install.sh /tmp
    ...
    
    perl /home/lpar2rrd/lpar2rrd/vmware-lib/apps/connect.pl --version
      vSphere SDK for Perl version: 6.7.0
    
    . etc/lpar2rrd.cfg
    $PERL -MLWP -e 'use LWP::Protocol::https; print "LWP Version: $LWP::VERSION\n"'
      LWP Version: 6.06
    
  • AIX issue
    When you still get this error during connection testing:
    cd /home/lpar2rrd/lpar2rrd
    . etc/lpar2rrd.cfg
    $PERL vmware-lib/apps/connect.pl --server <vCenter host> --username "lpar2rrd@your_domain" --password "XXXXX"
      Server version unavailable at 'https://<vCenter host>:443/sdk/vimService.wsdl' at /home/lpar2rrd/lpar2rrd/vmware-lib/apps/../VMware/VICommon.pm line 704.
    
    Remove OpenSSL package installed as RRDTool dependency, it is not needed,
    System OpenSSL still persits there (lslpp -L | grep -i openssl)

    Place proper version in below cmd, run it under root:
    rpm -qa | grep -i openssl
      openssl-1.0.1l-1
    rpm -e openssl-1.0.1l-1 --nodeps
    
  • Then it will work, try this (place right vCenter name, user name and password)
    cd /home/lpar2rrd/lpar2rrd
    . etc/lpar2rrd.cfg
    $PERL vmware-lib/apps/connect.pl --server <vCenter host> --username "lpar2rrd@your_domain" --password "XXXXX"
      Connection Successful
      Server Time : 2016-02-25T16:28:44.086369Z