Issue #1930 Replaced for code based on ssl.get_server_certificate().

[ihumster]

SUMMARY

Replaced for code based on ssl.get_server_certificate().

Fixes #1930

ISSUE TYPE

• Bugfix Pull Request

[softwarefactory-project-zuul]

Build failed.
https://ansible.softwarefactory-project.io/zuul/buildset/bdfe4e86bfe34ca8a7a8ebd3fa4df02d

✔️ ansible-tox-linters SUCCESS in 9m 43s
✔️ build-ansible-collection SUCCESS in 10m 09s
⚠️ ansible-test-cloud-integration-vcenter7_only-stable216 CANCELED
⚠️ ansible-test-cloud-integration-vcenter7_2esxi-stable216 CANCELED
❌ ansible-test-cloud-integration-vcenter7_1esxi-stable216_1_of_2 FAILURE in 15m 13s
⚠️ ansible-test-cloud-integration-vcenter7_1esxi-stable216_2_of_2 CANCELED
✔️ ansible-galaxy-importer SUCCESS in 4m 03s

[ihumster]

recheck

[mariolenz]

I don't think that rechecking will help. The CI fails in vmware_content_library_info with:

fatal: [testhost]: FAILED! => {
    "changed": false,
    "module_stderr": "/home/zuul/venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1099: InsecureRequestWarning: Unverified HTTPS request is being made to host 'vcenter.test'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings\n  warnings.warn(\n/home/zuul/venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1099: InsecureRequestWarning: Unverified HTTPS request is being made to host 'vcenter.test'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings\n  warnings.warn(\n/home/zuul/venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1099: InsecureRequestWarning: Unverified HTTPS request is being made to host 'vcenter.test'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings\n  warnings.warn(\n/home/zuul/venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1099: InsecureRequestWarning: Unverified HTTPS request is being made to host 'vcenter.test'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings\n  warnings.warn(\nTraceback (most recent call last):\n  File \"<stdin>\", line 121, in <module>\n  File \"<stdin>\", line 113, in _ansiballz_main\n  File \"<stdin>\", line 61, in invoke_module\n  File \"<frozen runpy>\", line 226, in run_module\n  File \"<frozen runpy>\", line 98, in _run_module_code\n  File \"<frozen runpy>\", line 88, in _run_code\n  File \"/tmp/ansible_vmware_content_library_manager_payload_okhq4ssw/ansible_vmware_content_library_manager_payload.zip/ansible_collections/community/vmware/plugins/modules/vmware_content_library_manager.py\", line 438, in <module>\n  File \"/tmp/ansible_vmware_content_library_manager_payload_okhq4ssw/ansible_vmware_content_library_manager_payload.zip/ansible_collections/community/vmware/plugins/modules/vmware_content_library_manager.py\", line 434, in main\n  File \"/tmp/ansible_vmware_content_library_manager_payload_okhq4ssw/ansible_vmware_content_library_manager_payload.zip/ansible_collections/community/vmware/plugins/modules/vmware_content_library_manager.py\", line 219, in process_state\n  File \"/tmp/ansible_vmware_content_library_manager_payload_okhq4ssw/ansible_vmware_content_library_manager_payload.zip/ansible_collections/community/vmware/plugins/modules/vmware_content_library_manager.py\", line 338, in state_create_library\n  File \"/tmp/ansible_vmware_content_library_manager_payload_okhq4ssw/ansible_vmware_content_library_manager_payload.zip/ansible_collections/community/vmware/plugins/modules/vmware_content_library_manager.py\", line 284, in create_update\n  File \"/home/zuul/venv/lib/python3.11/site-packages/com/vmware/content_client.py\", line 807, in create\n    return self._invoke('create',\n           ^^^^^^^^^^^^^^^^^^^^^^\n  File \"/home/zuul/venv/lib/python3.11/site-packages/vmware/vapi/bindings/stub.py\", line 345, in _invoke\n    return self._api_interface.native_invoke(ctx, _method_name, kwargs)\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/home/zuul/venv/lib/python3.11/site-packages/vmware/vapi/bindings/stub.py\", line 295, in native_invoke\n    raise TypeConverter.convert_to_python(method_result.error,  # pylint: disable=E0702\ncom.vmware.vapi.std.errors_client.InvalidArgument: {messages : [LocalizableMessage(id='com.vmware.vdcs.cls-main.invalid_storage_backing_inaccessible', default_message='The provided storage backing rw_datastore for library 197f95de-5b05-4770-9a6c-5b8ddfc45b9f is inaccessible.', args=['rw_datastore', '197f95de-5b05-4770-9a6c-5b8ddfc45b9f'], params=None, localized=None)], data : None, error_type : INVALID_ARGUMENT}\n/home/zuul/venv/lib/python3.11/site-packages/urllib3/connectionpool.py:1099: InsecureRequestWarning: Unverified HTTPS request is being made to host 'vcenter.test'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings\n  warnings.warn(\n",
    "module_stdout": "",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 1
}

This doesn't look related to your changes because I think this module doesn't use get_cert_fingerprint(). Might be a change in one of the libs we depend on.

FYI this looks suspiciously like something mentioned in the forum.

I'll have to investigate this a bit...

[ihumster]

I saw that the problem is in vmware_content_library_info. But anyway, first I want to get a second result of the same kind before conducting further investigation. Knowing our CI >_<

[mariolenz]

I've created #1968 to investigate this further.

Maybe we can fix the issue like this:

community.vmware/plugins/connection/vmware_tools.py

Lines 304 to 306 in 9718381

	if not self.validate_certs:
	if HAS_URLLIB3:
	urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

I'll work on it and let you know if I found a solution.

[softwarefactory-project-zuul]

Build succeeded.
https://ansible.softwarefactory-project.io/zuul/buildset/b7c0dde9c1164778b7bad0b168d5630b

✔️ ansible-tox-linters SUCCESS in 9m 35s
✔️ build-ansible-collection SUCCESS in 10m 19s
✔️ ansible-test-cloud-integration-vcenter7_only-stable216 SUCCESS in 22m 07s
✔️ ansible-test-cloud-integration-vcenter7_2esxi-stable216 SUCCESS in 20m 43s
✔️ ansible-test-cloud-integration-vcenter7_1esxi-stable216_1_of_2 SUCCESS in 52m 15s
✔️ ansible-test-cloud-integration-vcenter7_1esxi-stable216_2_of_2 SUCCESS in 53m 15s
✔️ ansible-galaxy-importer SUCCESS in 4m 53s

[mariolenz]

What is this?! I thought I would understand why the CI failed, but now I don't understand why it started to succeed again... I realyy hate things like this...

[ihumster]

@mariolenz As I said earlier - knowing our CI, until I get a 100% reproducible problem, I will not investigate. 😂

[softwarefactory-project-zuul]

Build failed.
https://ansible.softwarefactory-project.io/zuul/buildset/410c98cb450242d29bd340ef2c2d972d

✔️ ansible-tox-linters SUCCESS in 9m 42s
✔️ build-ansible-collection SUCCESS in 10m 20s
⚠️ ansible-test-cloud-integration-vcenter7_only-stable216 CANCELED
⚠️ ansible-test-cloud-integration-vcenter7_2esxi-stable216 CANCELED
⚠️ ansible-test-cloud-integration-vcenter7_1esxi-stable216_1_of_2 CANCELED
❌ ansible-test-cloud-integration-vcenter7_1esxi-stable216_2_of_2 FAILURE in 16m 16s
✔️ ansible-galaxy-importer SUCCESS in 4m 58s

[ihumster]

recheck

[softwarefactory-project-zuul]

Build succeeded.
https://ansible.softwarefactory-project.io/zuul/buildset/e7362fa010c8443597982a73fdbaef0a

✔️ ansible-tox-linters SUCCESS in 9m 42s
✔️ build-ansible-collection SUCCESS in 10m 04s
✔️ ansible-test-cloud-integration-vcenter7_only-stable216 SUCCESS in 22m 36s
✔️ ansible-test-cloud-integration-vcenter7_2esxi-stable216 SUCCESS in 21m 11s
✔️ ansible-test-cloud-integration-vcenter7_1esxi-stable216_1_of_2 SUCCESS in 1h 03m 08s
✔️ ansible-test-cloud-integration-vcenter7_1esxi-stable216_2_of_2 SUCCESS in 52m 13s
✔️ ansible-galaxy-importer SUCCESS in 4m 44s

[mariolenz]

LGTM

But it would be great if @Fredouye would give us some feedback on this.

[mariolenz]

I can't test this at the moment with Python 3.12. I was hoping @Fredouye would test this but we didn't get any feedback :-/

As an alternative, I thought we could make the CI test your code with Python 3.12. So I've opened ansible/ansible-zuul-jobs#1844 and #1974 but it looks like there is a problem with Python 3.12.

I'll try to make the CI succeed with Python 3.12 and then we could test you changes there.

However, I'd like to do a new release soon and would like to have your changes there. Should we merge in 2 or 3 days, anyway? I mean, it doesn't look like your changes break anything (CI succeeded) even if we're not 100% sure that your PR really fixes the issues.

[mariolenz]

It looks like the vSphere Automation Python SDK has some problems with Python 3.12 (vmware/vsphere-automation-sdk-python#407 and vmware/vsphere-automation-sdk-python#400). So I don't see how our CI could succeed until they've fixed this.

I'm not 100% sure if this PR fixes #1930 because I can't test at the moment, but it looks like it does to me. So let's merge, especially since the CI is happy so it shouldn't break anything.

Thanks @ihumster!

[softwarefactory-project-zuul]

Build succeeded (gate pipeline).
https://ansible.softwarefactory-project.io/zuul/buildset/a4c2f7940c7440cdbb50f0c7a64548cb

✔️ ansible-tox-linters SUCCESS in 9m 28s
✔️ build-ansible-collection SUCCESS in 8m 06s
✔️ ansible-galaxy-importer SUCCESS in 3m 45s