Softlayer is forcing tlsv1_2 for all API calls

[smcavallo]

Softlayer is forcing tlsv1_2 for all API calls. tlsv1 calls will stop working on 3/1/2018

https://softlayer.github.io/release_notes/2018/20180301/

Signed-off-by: S. Cavallo smcavallo@hotmail.com

Description

[Please describe what this change achieves]

Issues Resolved

[List any existing issues this PR resolves, or any Discourse or
StackOverflow discussions that are relevant]

Check List

• [ X] New functionality includes tests
• [X ] All tests pass
• [X ] RELEASE_NOTES.md, has been updated if required (not required for bugfixes, required for API changes)
• [X ] All commits have been signed-off for the Developer Certificate of Origin. See https://github.com/chef/chef/blob/master/CONTRIBUTING.md#developer-certification-of-origin-dco

[tas50]

@smcavallo Has this been tested out on a Softlayer node?

[dal13002]

I have tested it, and this works! @tas50 I changed /opt/chef/embedded/lib/ruby/gems/2.1.0/gems/ohai-8.7.0/lib/ohai/mixin/softlayer_metadata.rb file to the file in this PR, and it works as expected.

[dal13002]

There are no errors directly after running ohai

Also, the node attributes get populated correctly. Everything works with this PR

[dal13002]

This is how it looks without the PR merged. Error message right after ohai

[smcavallo]

@tas50 yes it has been tested. We realized this afternoon that 100% of our servers in softlayer were failing converges. The exception was
ERROR: Unable to fetch softlayer metadata from https://api.service.softlayer.com/rest/v3.1/SoftLayer_Resource_Metadata/getFullyQualifiedDomainName.txt: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: wrong version number
We have defensive code which fails if node['cloud']['platform'] is nil, which is set by ohai.
What would otherwise happen is the converge would continue but none of the ohai attributes will be set in node['cloud'] .
We found the softlayer posting about TLS which is linked in the PR. We manually updated each server with this change and it fixed our converges and we are running fine now.
It has been tested.

What would be better is if the ohai plugin failed if the api call failed instead of handling the exception.
The plugin currently handles some exceptions which should actually be raised instead.

[dal13002]

Hi guys, any update on when this PR will be merged? Sorry to keep posting but this is very important that this works to me.

[tas50]

Thanks for putting this together @smcavallo. It's merged into master (chef14) now and I've backported it to the 13-stable branch as well.

[smcavallo]

@tas50 Thank you!!!!!!!!!!!!!!!!!!

[aavetis]

any intention to include this fix for Chef 12?

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.