Skip to content

Commit

Permalink
Merge pull request #2143 from allmightyspiff/master
Browse files Browse the repository at this point in the history
updated internal readme
  • Loading branch information
allmightyspiff authored May 1, 2024
2 parents 9d96e4e + 01648bb commit 14b75d4
Showing 1 changed file with 35 additions and 3 deletions.
38 changes: 35 additions & 3 deletions README-internal.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,18 @@
This document is for internal users wanting to use this library to interact with the internal API. It will not work for `api.softlayer.com`.

## SSL: CERTIFICATE_VERIFY_FAILED fix
You need to specify the server certificate to verify the connection to the internal API since its a self signed certificate. Python's request module doesn't use the system SSL cert for some reason, so even if you can use `curl` without SSL errors becuase you installed the certificate on your system, you still need to tell python about it. Further reading:
- https://hackernoon.com/solving-the-dreadful-certificate-issues-in-python-requests-module
- https://levelup.gitconnected.com/using-custom-ca-in-python-here-is-the-how-to-for-k8s-implementations-c450451b6019

On Mac, after installing the softlayer.local certificate, the following worked for me:

```bash
security export -t certs -f pemseq -k /System/Library/Keychains/SystemRootCertificates.keychain -o bundleCA.pem
sudo cp bundleCA.pem /etc/ssl/certs/bundleCA.pem
```
Then in the `~/.softlayer` config, set `verify = /etc/ssl/certs/bundleCA.pem` and that should work.


## Certificate Example

Expand All @@ -11,14 +24,14 @@ endpoint_url = https://<internal api endpoint>/v3/internal/rest/
timeout = 0
theme = dark
auth_cert = /etc/ssl/certs/my_utility_cert-dev.pem
server_cert = /etc/ssl/certs/allCAbundle.pem
verify = /etc/ssl/certs/allCAbundle.pem
```

`auth_cert`: is your utility user certificate
`server_cert`: is the CA certificate bundle to validate the internal API ssl chain. Otherwise you get self-signed ssl errors without this.


```
```python
import SoftLayer
import logging
import click
Expand All @@ -37,4 +50,23 @@ if __name__ == "__main__":
testAuthentication()
```

## Employee Example
## Employee Example

To login with your employee username, have your config look something like this

*NOTE*: Currently logging in with the rest endpoint doesn't quite work, so use xmlrpc until I fix [this issue](https://github.ibm.com/SoftLayer/internal-softlayer-cli/issues/10)

```
[softlayer]
username = <softlayer domain username>
endpoint_url = https://<internal api endpoint>/v3/internal/xmlrpc/
verify = /etc/ssl/certs/allCAbundle.pem
```

You can login and use the `slcli` with. Use the `-i` flag to make internal API calls, otherwise it will make SLDN api calls.

```bash
slcli -i emplogin
```

If you want to use any of the built in commands, you may need to use the `-a <accountId>` flag.

0 comments on commit 14b75d4

Please sign in to comment.