Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

updated internal readme #2143

Merged
merged 1 commit into from
May 1, 2024
Merged

updated internal readme #2143

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 35 additions & 3 deletions README-internal.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,18 @@
This document is for internal users wanting to use this library to interact with the internal API. It will not work for `api.softlayer.com`.

## SSL: CERTIFICATE_VERIFY_FAILED fix
You need to specify the server certificate to verify the connection to the internal API since its a self signed certificate. Python's request module doesn't use the system SSL cert for some reason, so even if you can use `curl` without SSL errors becuase you installed the certificate on your system, you still need to tell python about it. Further reading:
- https://hackernoon.com/solving-the-dreadful-certificate-issues-in-python-requests-module
- https://levelup.gitconnected.com/using-custom-ca-in-python-here-is-the-how-to-for-k8s-implementations-c450451b6019

On Mac, after installing the softlayer.local certificate, the following worked for me:

```bash
security export -t certs -f pemseq -k /System/Library/Keychains/SystemRootCertificates.keychain -o bundleCA.pem
sudo cp bundleCA.pem /etc/ssl/certs/bundleCA.pem
```
Then in the `~/.softlayer` config, set `verify = /etc/ssl/certs/bundleCA.pem` and that should work.


## Certificate Example

Expand All @@ -11,14 +24,14 @@ endpoint_url = https://<internal api endpoint>/v3/internal/rest/
timeout = 0
theme = dark
auth_cert = /etc/ssl/certs/my_utility_cert-dev.pem
server_cert = /etc/ssl/certs/allCAbundle.pem
verify = /etc/ssl/certs/allCAbundle.pem
```

`auth_cert`: is your utility user certificate
`server_cert`: is the CA certificate bundle to validate the internal API ssl chain. Otherwise you get self-signed ssl errors without this.


```
```python
import SoftLayer
import logging
import click
Expand All @@ -37,4 +50,23 @@ if __name__ == "__main__":
testAuthentication()
```

## Employee Example
## Employee Example

To login with your employee username, have your config look something like this

*NOTE*: Currently logging in with the rest endpoint doesn't quite work, so use xmlrpc until I fix [this issue](https://github.ibm.com/SoftLayer/internal-softlayer-cli/issues/10)

```
[softlayer]
username = <softlayer domain username>
endpoint_url = https://<internal api endpoint>/v3/internal/xmlrpc/
verify = /etc/ssl/certs/allCAbundle.pem
```

You can login and use the `slcli` with. Use the `-i` flag to make internal API calls, otherwise it will make SLDN api calls.

```bash
slcli -i emplogin
```

If you want to use any of the built in commands, you may need to use the `-a <accountId>` flag.
Loading