Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vmware_guest failing after moving to ubuntu/noble and python/3,12 #2142

Closed
jayvee1211 opened this issue Aug 30, 2024 · 6 comments
Closed

vmware_guest failing after moving to ubuntu/noble and python/3,12 #2142

jayvee1211 opened this issue Aug 30, 2024 · 6 comments

Comments

@jayvee1211
Copy link

SUMMARY

After updating our bamboo agent docker container to ubuntu noble which also moved python from 3.11 to 3.12, community.vmware.vmware_guest fails the the error:

module 'ssl' has no attribute 'wrap_socket'
ISSUE TYPE
  • Bug Report
COMPONENT NAME

community.vmware.vmware_guest

ANSIBLE VERSION
ansible core 2.16.3
python 3.12.3
COLLECTION VERSION
4.5.0
CONFIGURATION
CONFIG_FILE() = None
OS / ENVIRONMENT

docker container atlassian/bamboo-agent-base:9.6.5 (ubuntu noble)

STEPS TO REPRODUCE

Running code that has been working for a long time, but stopped working after updating to ubuntu noble/python3.12

- name: Deploy Linux VM
  community.vmware.vmware_guest:
    hostname: "{{ vsphere_host }}"
    username: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    validate_certs: False
    datacenter: "{{ datacenter }}"
    datastore: "{{ datastore }}"
    resource_pool: "{{ resource_pool }}"
    state: poweredon
    folder: "/{{ datacenter }}/vm/{{ folder }}"
    template: "/{{ datacenter }}/vm/{{ template_folder }}/{{ template }}"
    name: "{{ hostname }}"
    wait_for_ip_address: True
    hardware:
      memory_mb: "{{ memory }}"
      hotadd_memory: True
      num_cpus: "{{ cpus }}"
      hotadd_cpu: True
    disk: "{{ disks }}"
    # cluster: "{{ cluster }}"
    networks: "{{ networks }}"
    customization:
      domain: "{{ domain }}"
      hostname: "{{ hostname }}"
      dns_servers: "{{ dns_servers }}"
EXPECTED RESULTS

Create a VM in vCenter

ACTUAL RESULTS
FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"/var/atlassian/application-data/bamboo-agent/.ansible/tmp/ansible-tmp-1724970487.7420936-77505-248932260314797/AnsiballZ_vmware_guest.py\", line 107, in <module>\n    _ansiballz_main()\n  File \"/var/atlassian/application-data/bamboo-agent/.ansible/tmp/ansible-tmp-1724970487.7420936-77505-248932260314797/AnsiballZ_vmware_guest.py\", line 99, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/var/atlassian/application-data/bamboo-agent/.ansible/tmp/ansible-tmp-1724970487.7420936-77505-248932260314797/AnsiballZ_vmware_guest.py\", line 47, in invoke_module\n    runpy.run_module(mod_name='ansible_collections.community.vmware.plugins.modules.vmware_guest', init_globals=dict(_module_fqn='ansible_collections.community.vmware.plugins.modules.vmware_guest', _modlib_path=modlib_path),\n  File \"<frozen runpy>\", line 226, in run_module\n  File \"<frozen runpy>\", line 98, in _run_module_code\n  File \"<frozen runpy>\", line 88, in _run_code\n  File \"/tmp/ansible_community.vmware.vmware_guest_payload_5e83eizg/ansible_community.vmware.vmware_guest_payload.zip/ansible_collections/community/vmware/plugins/modules/vmware_guest.py\", line 1103, in <module>\n  File \"/usr/lib/python3/dist-packages/pyVmomi/__init__.py\", line 204, in <module>\n    from pyVmomi.SoapAdapter import SoapStubAdapter, StubAdapterBase, SoapCmdStubAdapter, \\\n  File \"/usr/lib/python3/dist-packages/pyVmomi/SoapAdapter.py\", line 993, in <module>\n    _SocketWrapper = ssl.wrap_socket\n                     ^^^^^^^^^^^^^^^\nAttributeError: module 'ssl' has no attribute 'wrap_socket'\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
@jayvee1211
Copy link
Author

jayvee1211 commented Aug 30, 2024
edited
Loading

This was deprecated in python 3.7. see https://docs.python.org/3/whatsnew/3.12.html

Remove the ssl.wrap_socket() function, deprecated in Python 3.7: instead, create a ssl.SSLContext object and call its ssl.SSLContext.wrap_socket method. Any package that still uses ssl.wrap_socket() is broken and insecure. The function neither sends a SNI TLS extension nor validates the server hostname. Code is subject to CWE-295 (Improper Certificate Validation). (Contributed by Victor Stinner in gh-94199.)

@mariolenz
Copy link
Collaborator

mariolenz commented Aug 30, 2024
edited
Loading

Looks like we've fixed this partially in #1967, but only if you don't use a proxy.

@ihumster Since this PR has been from you, do you think you'll could work on this? I guess you know more about this than I do.

@ihumster
Copy link
Collaborator

ihumster commented Sep 1, 2024

@mariolenz I could look but need more details. I fixed the common functions in module_utils/vmware.py to get rid of wrap_socket. And in the vmware_guest module, at first glance, I don’t see any wrap_socket calls or even ssl imports at all.

And if you look closely at the trace, you can see that the error occurs when calling pyvmomi. It looks like the topicstarter needs to update pyvmomi and try to reproduce the problem again.

Look on this strings:

File \"/tmp/ansible_community.vmware.vmware_guest_payload_5e83eizg/ansible_community.vmware.vmware_guest_payload.zip/ansible_collections/community/vmware/plugins/modules/vmware_guest.py\", line 1103, in <module>
File \"/usr/lib/python3/dist-packages/pyVmomi/__init__.py\", line 204, in <module>
from pyVmomi.SoapAdapter import SoapStubAdapter, StubAdapterBase, SoapCmdStubAdapter, \\
File \"/usr/lib/python3/dist-packages/pyVmomi/SoapAdapter.py\", line 993, in <module>
_SocketWrapper = ssl.wrap_socket
                     ^^^^^^^^^^^^^^^
AttributeError: module 'ssl' has no attribute 'wrap_socket'
", "module_stdout": "", "msg": "MODULE FAILURE
See stdout/stderr for the exact error", "rc": 1}

@ihumster
Copy link
Collaborator

ihumster commented Sep 1, 2024

@jayvee1211 👆🏻

@mariolenz
Copy link
Collaborator

Look on this strings:

File \"/tmp/ansible_community.vmware.vmware_guest_payload_5e83eizg/ansible_community.vmware.vmware_guest_payload.zip/ansible_collections/community/vmware/plugins/modules/vmware_guest.py\", line 1103, in <module>
File \"/usr/lib/python3/dist-packages/pyVmomi/__init__.py\", line 204, in <module>
from pyVmomi.SoapAdapter import SoapStubAdapter, StubAdapterBase, SoapCmdStubAdapter, \\
File \"/usr/lib/python3/dist-packages/pyVmomi/SoapAdapter.py\", line 993, in <module>
_SocketWrapper = ssl.wrap_socket
                     ^^^^^^^^^^^^^^^
AttributeError: module 'ssl' has no attribute 'wrap_socket'
", "module_stdout": "", "msg": "MODULE FAILURE
See stdout/stderr for the exact error", "rc": 1}

Good point! Sorry I didn't realize this at first, but you're right: Looks like a problem in pyvmomi and not in our code.

It looks like there as been an issue (vmware/pyvmomi#1057) about this which has been fixed only recently.

@jayvee1211 Could you please test again with the latest pyvmomi version? I'm not 100% sure if it's fixed there, but it looks like it.

@jayvee1211
Copy link
Author

Thank you for your comments.
The atlassian bamboo base docker image uses externally managed python (i.e you get what you get from the ubuntu repos). It looks like they have an older version in their repo. https://www.ubuntuupdates.org/package/core/noble/universe/base/python-pyvmomi
Rather than trying to fix this image, I will look at creating my own bamboo agent container and install using pip.
Thanks all for your help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ihumster @mariolenz @jayvee1211