New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error on MacOS when attempting to use New-NSXLogicalSwitch #493

Closed
Zsoldier opened this Issue Mar 8, 2018 · 13 comments

Comments

Projects
None yet
4 participants
@Zsoldier

Zsoldier commented Mar 8, 2018

Host Config:
Name : ConsoleHost
Version : 6.0.1
InstanceId : abad303e-f899-4287-96cc-8d15f65c40c4
UI : System.Management.Automation.Internal.Host.InternalHostUserInterface
CurrentCulture : en-US
CurrentUICulture : en-US
PrivateData : Microsoft.PowerShell.ConsoleHost+ConsoleColorProxy
DebuggerEnabled : True
IsRunspacePushed : False
Runspace : System.Management.Automation.Runspaces.LocalRunspace
Version Name


3.0.1091 PowerNSX
3.0.1088 PowerNSX
10.0.0.7895300 VMware.PowerCLI

invoke-nsxwebrequest : Invoke-NsxWebRequest : An unknown exception occured calling invoke-internalwebrequest. System.AggregateException: One or more errors occurred. (The handler does not support custom handling of certificates with this combination of libcurl (7.54.0) and its SSL backend ("LibreSSL/2.0.20").) ---> System.PlatformNotSupportedException: The handler does not support custom handling of certificates with this combination of libcurl (7.54.0) and its SSL backend ("LibreSSL/2.0.20").
at System.Net.Http.CurlHandler.SslProvider.SetSslOptions(EasyRequest easy, ClientCertificateOption clientCertOption)
at System.Net.Http.CurlHandler.EasyRequest.InitializeCurl()
at System.Net.Http.CurlHandler.MultiAgent.ActivateNewRequest(EasyRequest easy)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable1.ConfiguredTaskAwaiter.GetResult() at System.Net.Http.HttpClient.<FinishSendAsyncBuffered>d__58.MoveNext() --- End of inner exception stack trace --- at System.Management.Automation.MshCommandRuntime.ThrowTerminatingError(ErrorRecord errorRecord) ---> (Inner Exception #0) System.PlatformNotSupportedException: The handler does not support custom handling of certificates with this combination of libcurl (7.54.0) and its SSL backend ("LibreSSL/2.0.20"). at System.Net.Http.CurlHandler.SslProvider.SetSslOptions(EasyRequest easy, ClientCertificateOption clientCertOption) at System.Net.Http.CurlHandler.EasyRequest.InitializeCurl() at System.Net.Http.CurlHandler.MultiAgent.ActivateNewRequest(EasyRequest easy) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.ConfiguredTaskAwaitable1.ConfiguredTaskAwaiter.GetResult()
at System.Net.Http.HttpClient.d__58.MoveNext()<---

StackTrace:
at Invoke-InternalWebRequest, /usr/local/share/powershell/Modules/PowerNSX/3.0.1088/PowerNSX.psm1: line 3765
at Invoke-NsxWebRequest, /usr/local/share/powershell/Modules/PowerNSX/3.0.1088/PowerNSX.psm1: line 4218
at New-NsxLogicalSwitch, /usr/local/share/powershell/Modules/PowerNSX/3.0.1088/PowerNSX.psm1: line 9968
at , : line 1
At /usr/local/share/powershell/Modules/PowerNSX/3.0.1088/PowerNSX.psm1:9968 char:21

  • ... $response = invoke-nsxwebrequest -method "post" -uri $URI -body $body ...
  •             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
  • CategoryInfo : InvalidResult: (Invoke-NsxWebRequest:String) [Invoke-NsxWebRequest], InternalNsxApiException
  • FullyQualifiedErrorId : NsxAPIFailureResult,Invoke-NsxWebRequest

The property 'content' cannot be found on this object. Verify that the property exists.
At /usr/local/share/powershell/Modules/PowerNSX/3.0.1088/PowerNSX.psm1:9971 char:9

  •     Get-NsxLogicalSwitch -virtualWireId $response.content -connec ...
    
  •     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
  • CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
  • FullyQualifiedErrorId : PropertyNotFoundStrict
@alagoutte

This comment has been minimized.

Contributor

alagoutte commented Mar 9, 2018

Hi Zsoldier

it look like very similar to #488 (and dotnet/corefx#27000)

@Zsoldier

This comment has been minimized.

Zsoldier commented Mar 9, 2018

@alagoutte yep, that's the exact issue. So appears to be a base .net core issue. Lovely. Still reading through to see if workarounds listed work.

@Zsoldier

This comment has been minimized.

Zsoldier commented Mar 9, 2018

Looks like I can get around this issue by modifying the client handler. Just unsure if it's a permanent solution or if it might break other things.
$InternalHttpClientHandler = @"
using System.Net.Http;
public class InternalHttpClientHandler : HttpClientHandler {
public InternalHttpClientHandler(bool SkipCertificateCheck) {
if (SkipCertificateCheck) {
ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
}
}
}
"@

@alagoutte

This comment has been minimized.

Contributor

alagoutte commented Mar 10, 2018

Can your push a PR with the fix ?

@dcoghlan

This comment has been minimized.

Contributor

dcoghlan commented Mar 12, 2018

Thanks for the investigation @Zsoldier. This is also the same potential fix that we are looking into, but like you mentioned, we need to make sure that we aren't going to effect anything else before we implement any changes as it touches quite a core component of PowerNSX.

@Zsoldier

This comment has been minimized.

Zsoldier commented Mar 13, 2018

@alagoutte I was going to, but being a git noob, I am unsure how to do 'another' pull request when my current pull request has still not been merged. Sounds like @dcoghlan has got it though.

So far the 'fix' has been pretty smooth sailing for me on powershell core on Mac. I'll need to try it on a Windows and Linux system though.

@nmbradford

This comment has been minimized.

Contributor

nmbradford commented Mar 14, 2018

Hi guys - thanks for the investigation @Zsoldier and @dcoghlan.

So, the easy workaround is simply to modify $InternalHttpClientHandler as directed above and those with the issue should have a working module again.

To fix this properly is a little harder for us at the moment- while the simple fix is to write detection code for the platform and handle accordingly - the proper way is a lot of refactoring to remove the many workarounds we put in to support PowerShell Core in the alpha releases that are no longer required and to deprecate support for alpha PoSH Core completely. I'd prefer the second approach, but it will take longer and requires updates to our CI. Regardless of the approach, we cant execute tests, as our CI is not available at the moment as the underlying platform is also being refreshed (and this is where we are currently spending our spare time!)

Long story short - this will probably be a few weeks at least before a fix is available. Depending on impact, we might be able to do something earlier, but there are other things we need to be working on at the moment.

If this issue impacts you and you arent able to apply the workaround above manually, please +1 this comment so we can gauge impact.

@nmbradford

This comment has been minimized.

Contributor

nmbradford commented Mar 14, 2018

BTW - @Zsoldier has a blog article describing the fix nice and succinctly if you need instructions. http://tech.zsoldier.com/2018/03/vmware-powernsx-on-mac-invoke.html. Thanks @Zsoldier !

@Zsoldier

This comment has been minimized.

Zsoldier commented Mar 14, 2018

٩( ᐛ )و

@alagoutte

This comment has been minimized.

Contributor

alagoutte commented Mar 14, 2018

+1 with second approach ;-)

@nmbradford

This comment has been minimized.

Contributor

nmbradford commented Mar 14, 2018

try clicking the 'thumbs up emoji' on my post - so I don't have to count the hundreds of 'oh yes, me too please' comments ;)

@Zsoldier

This comment has been minimized.

Zsoldier commented Aug 20, 2018

@nmbradford looks like this fix was implemented? If so, can probably close out this bug.

@nmbradford

This comment has been minimized.

Contributor

nmbradford commented Aug 21, 2018

indeed!

@nmbradford nmbradford closed this Aug 21, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment