Perl HTTPS support

If you get errors like
  • Missing LWP::Protocol::https
  • Connection reset by peer
  • SSL negotiation failed
  • Server version unavailable at 'https...
  • SOAP request error - possibly a protocol issue ...
then follow this docu, your platform where is running your LPAR2RRD server

AIX

Use this if you have older prms in place (Perl 5.8.8., RRDTool 1.4.8)
  • These 2 packages are mandatory! 
    # rpm -qa | egrep -i "Crypt-SSLeay|Net_SSLeay"
  perl-Crypt-SSLeay-0.57-2
  perl-Net_SSLeay.pm-1.55-3
  • Set PERL and PERL5LIB variables in /home/lpar2rrd/lpar2rrd/etc/lpar2rrd.cfg
    • Perl 5.8.8 from older archive
      Use this PERL 
      PERL=/opt/freeware/bin/perl
      Make sure that /usr/opt/perl5/lib/site_perl/5.8.8/aix-thread-multi and /opt/freeware/lib/perl5/vendor_perl/5.8.8/ppc-thread-multi are included in PERL5LIB path like below (same possition, in front of /usr/opt/perl5/lib/site_perl/5.10.1/aix-thread-multi)
      PERL5LIB=/home/lpar2rrd/lpar2rrd/bin:/home/lpar2rrd/lpar2rrd/vmware-lib:/opt/freeware/lib/perl5/vendor_perl/5.8.8/ppc-thread-multi:/usr/opt/perl5/lib/site_perl/5.8.8/aix-thread-multi:/usr/opt/perl5/lib/site_perl/5.8.8:/usr/opt/perl5/lib/site_perl/5.10.1/aix-thread-multi:/opt/freeware/lib/perl/5.8.8:/home/lpar2rrd/lpar2rrd/lib
    • Perl 5.20+ (using yum installation):
      PERL=/usr/bin/perl
PERL5LIB=/home/lpar2rrd/lpar2rrd/bin:/home/lpar2rrd/lpar2rrd/vmware-lib:/home/lpar2rrd/lpar2rrd/lib:/opt/freeware/lib/perl5/5.30/vendor_perl:/opt/freeware/lib64/perl5/5.30/vendor_perl
  • In case of VMware usage, there must be /home/lpar2rrd/lpar2rrd/vmware-lib in PERL5LIB on the second possition right behind /home/lpar2rrd/lpar2rrd/bin

  • Verify it, it must show 6.x version. 
    # su - lpar2rrd 
. /home/lpar2rrd/lpar2rrd/etc/lpar2rrd.cfg
$PERL -MLWP -e 'use LWP::Protocol::https; print "LWP Version: $LWP::VERSION\n"'
  LWP Version: 6.06
  • Assure there it does not print any http/https module missing 
    cd /home/lpar2rrd/lpar2rrd
. etc/lpar2rrd.cfg
$PERL bin/perl_modules_check.pl

Linux

  • Install
    # yum install perl-LWP-Protocol-https
  • Check on RHEL7 and older: 
    # rpm -qa | egrep "perl-LWP-Protocol-https|perl-Mozilla-CA|perl-Crypt-SSLeay"
  perl-Mozilla-CA-20130114-5.el7.noarch
  perl-LWP-Protocol-https-6.04-4.el7.noarch
  perl-Crypt-SSLeay-0.64-5.el7.x86_64
    RHEL8: 
    # rpm -qa | egrep "perl-LWP-Protocol-https|perl-Mozilla-CA|perl-Net-SSLeay"
  perl-Mozilla-CA-20160104-7.module_el8.3.0+416+dee7bcef.noarch
  perl-Net-SSLeay-1.85-6.el8.x86_64
  perl-LWP-Protocol-https-6.07-4.module_el8.3.0+416+dee7bcef.noarch
  • RHEL6/CentOS6:
    The perl-LWP-Protocol-https package is only provided in RHEL 7, but the same name module /usr/share/perl5/vendor_perl/LWP/Protocol/https.pm is provided by perl-libwww-perl package which is available in RHEL 6 
    # yum install perl-libwww-perl
  • In case of VMware usage, there must be /home/lpar2rrd/lpar2rrd/vmware-lib in PERL5LIB on the second possition right behind /home/lpar2rrd/lpar2rrd/bin 
    . /home/lpar2rrd/lpar2rrd/etc/lpar2rrd.cfg
echo $PERL5LIB
  PERL5LIB=/home/lpar2rrd/lpar2rrd/bin:/home/lpar2rrd/lpar2rrd/vmware-lib:/usr/share/perl5/vendor_perl:/usr/lib64/perl5/vendor_perl:/usr/share/perl5:/home/lpar2rrd/lpar2rrd/lib
  • Verify it, it must show 6.x version. 
    # su - lpar2rrd
. /home/lpar2rrd/lpar2rrd/etc/lpar2rrd.cfg
$PERL -MLWP -e 'use LWP::Protocol::https; print "LWP Version: $LWP::VERSION\n"'
  LWP Version: 6.06
    VMware: if you have installed older VMware Perl SDK 6.5 or 6.0, then LWP version cmd above shows "LWP Version: 5.837" or even 5.805.
    It is also fine.

  • Assure there it does not print any http/https module missing 
    cd /home/lpar2rrd/lpar2rrd
. etc/lpar2rrd.cfg
$PERL bin/perl_modules_check.pl

Linux Debian (Ubuntu, Mint), Docker

  • Install
    Note that liblwp-protocol-https-perl must be exactly at version 6.04-2!
    Other available versions like actually default stable 6.06-2, or 6.02-1 and 6.07-2 have a bug which prevents working it with the latest HMC (9+) and vCenter (6.7+) versions.
    Only Debian based Linux distributions are affected.
    # apt-get install liblwp-protocol-https-perl=6.04-2 libcrypt-ssleay-perl libio-socket-ssl-perl libmozilla-ldap-perl
    If you do not have access to the internet then get it from liblwp-protocol-https-perl 6.04-2

  • Check: 
    # dpkg --list liblwp-protocol-https-perl libcrypt-ssleay-perl libio-socket-ssl-perl libmozilla-ldap-perl
  ||/ Name                       Version        Architecture Description
  +++-==========================-==============-======-================================================================
  ii  liblwp-protocol-https-perl 6.04-2         all    HTTPS driver for LWP::UserAgent
  ii  libcrypt-ssleay-perl       0.58-1build1   amd64  OpenSSL support for LWP
  ii  libio-socket-ssl-perl      1.965-1ubuntu1 all    Perl module implementing object oriented interface to SSL sockets
  ii  libmozilla-ldap-perl       1.5.3-1build1  amd64  LDAP Perl module for the OpenLDAP C SDK
  • Prevent updating it in operating system 
    # apt-mark hold liblwp-protocol-https-perl
  liblwp-protocol-https-perl set on hold.
  • Verify it, it must show 6.04-2 version. 
    # su - lpar2rrd 
. /home/lpar2rrd/lpar2rrd/etc/lpar2rrd.cfg
$PERL -MLWP -e 'use LWP::Protocol::https; print "LWP Version: $LWP::VERSION\n"'
  LWP Version: 6.04-2
    VMware: if you have installed older VMware Perl SDK 6.5 or 6.0, then LWP version cmd above shows "LWP Version: 5.837" or even 5.805.
    It is also fine.

  • Assure there it does not print any http/https module missing 
    cd /home/lpar2rrd/lpar2rrd
. etc/lpar2rrd.cfg
$PERL bin/perl_modules_check.pl

Activate SSL support on Solaris

Install these perl modules: 
umask 022
cpan Crypt::SSLeay
cpan Net::HTTPS
cpan Net::SSL
cpan IO::Socket::SSL
It was tested with Perl 5.24.0, use this in etc/lpar2rrd.cfg 
PERL=/usr/local/bin/perl
PERL5LIB=/export/home/lpar2rrd/lpar2rrd/bin:/usr/local/lib/perl5/site_perl/5.24.0:/usr/local/lib/perl/5.24.0:/export/home/lpar2rrd/lpar2rrd/lib:/usr/local/lib/perl5/site_perl/5.24.0/sun4-solaris:/usr/local/lib/perl5/site_perl/5.24.0/sun4-solaris/auto:/usr/perl5/vendor_perl/5.12/sun4-solaris-64int

SuSE Linux

VMware vCenter v6.7+


  • When you use VMware and LWP still shows 5.x then you must upgrade VMware Perl SDK to 6.7.
    Download VMware Perl SDK 6.7.
    Place it into /tmp
    Then under lpar2rrd user
    cd /home/lpar2rrd/lpar2rrd
rm -r vmware-lib
./bin/vmware_install.sh /tmp
...

perl /home/lpar2rrd/lpar2rrd/vmware-lib/apps/connect.pl --version
  vSphere SDK for Perl version: 6.7.0

. etc/lpar2rrd.cfg
$PERL -MLWP -e 'use LWP::Protocol::https; print "LWP Version: $LWP::VERSION\n"'
  LWP Version: 6.06
  • AIX issue
    When you still get this error during connection testing: 
    cd /home/lpar2rrd/lpar2rrd
. etc/lpar2rrd.cfg
$PERL vmware-lib/apps/connect.pl --server <vCenter host> --username "lpar2rrd@your_domain" --password "XXXXX"
  Server version unavailable at 'https://<vCenter host>:443/sdk/vimService.wsdl' at /home/lpar2rrd/lpar2rrd/vmware-lib/apps/../VMware/VICommon.pm line 704.
    Remove OpenSSL package installed as RRDTool dependency, it is not needed,
    System OpenSSL still persits there (lslpp -L | grep -i openssl)

    Place proper version in below cmd, run it under root: 
    rpm -qa | grep -i openssl
  openssl-1.0.1l-1
rpm -e openssl-1.0.1l-1 --nodeps
  • Then it will work, try this (place right vCenter name, user name and password) 
    cd /home/lpar2rrd/lpar2rrd
. etc/lpar2rrd.cfg
$PERL vmware-lib/apps/connect.pl --server <vCenter host> --username "lpar2rrd@your_domain" --password "XXXXX"
  Connection Successful
  Server Time : 2016-02-25T16:28:44.086369Z