-
Notifications
You must be signed in to change notification settings - Fork 3
/
yum_conncheck.py
78 lines (74 loc) · 3.51 KB
/
yum_conncheck.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#!/QOpenSys/pkgs/bin/python2.7
import socket;
import ssl;
import locale;
from traceback import print_exc;
from os.path import exists;
locale.setlocale(locale.LC_ALL, 'EN_US.UTF-8');
hostname='public.dhe.ibm.com'
ip='129.35.224.112'
timeout=30
def check_alternative_protos():
print 'Checking if alternative protocols might work...'
try:
socket.create_connection((hostname,80), timeout)
print 'HTTP protocol should work!'
print 'To try it, run:'
if exists('/QOpenSys/etc/yum/repos.d/ibmi-release-unsecure.repo'):
print ' /QOpenSys/pkgs/bin/yum-config-manager --enable-repo=ibmi-base-unsecure'
print ' /QOpenSys/pkgs/bin/yum-config-manager --enable-repo=ibmi-release-unsecure'
else:
print ' /QOpenSys/pkgs/bin/yum-config-manager --setopt=ibm.baseurl=http://public.dhe.ibm.com/software/ibmi/products/pase/rpms/repo'
except:
try:
socket.create_connection((hostname,21), timeout)
print 'FTP should work!'
return
except Exception as e:
print 'No luck: '+str(e)
print "Checking to see connectivity via TLS..."
try:
ssl.create_default_context().wrap_socket(socket.create_connection((hostname,443), timeout), server_hostname=hostname)
print 'Looks good! If you are having issues, maybe try renaming the legacy repo file by running:'
print ' mv /QOpenSys/etc/yum/repos.d/ibm.repo /QOpenSys/etc/yum/repos.d/ibm.repo.backup'
except (socket.error, socket.timeout):
print 'Could not connect to %s' % hostname
check_alternative_protos();
except (socket.herror, socket.gaierror):
print 'name lookup failed'
print ''
print 'Your DNS is not configured properly and cannot look up host ' + hostname
print 'Please work with your IBM i administrator or network team to configure DNS properly!'
print ''
print 'You can implement a temporary workaround by running:'
print ' system "ADDTCPHTE INTNETADR(\'%s\') HOSTNAME((public.dhe.ibm.com))"' % ip
print 'NOTE: If this IP changes, you will need to create a new host list entry in the future'
exit(5)
except ssl.CertificateError as e:
message = str(e)
print 'SSL certificate error: '+message
if "doesn't match" in message:
print 'Looks like some entity is injecting an unrecognized SSL certificate'
print 'See this page for guidance on adding a new certificate to your system:'
print ' https://www.seidengroup.com/2021/04/26/how-to-validate-self-signed-ssl-tls-certificates-from-ibm-i/'
print ''
print 'Checking for another workaround...'
print 'Checking if disabling SSL verification works around the problem...'
try:
socket.create_connection((hostname,80), timeout)
print 'Connectivity works without SSL verification!'
print 'You need to temporarily disable the SSL certificate checker and install ca-certificates-mozilla'
print 'to do so, run the following commands:'
if exists('/QOpenSys/etc/yum/repos.d/ibmi-base.repo'):
print ' /QOpenSys/pkgs/bin/yum-config-manager --save --setopt=ibmi-base.sslverify=0'
print ' /QOpenSys/pkgs/bin/yum install ca-certificates-mozilla'
print ' /QOpenSys/pkgs/bin/yum-config-manager --save --setopt=ibmi-base.sslverify=1'
else:
print ' /QOpenSys/pkgs/bin/yum-config-manager --save --setopt=ibm.sslverify=0'
print ' /QOpenSys/pkgs/bin/yum install ca-certificates-mozilla'
print ' /QOpenSys/pkgs/bin/yum-config-manager --save --setopt=ibm.sslverify=1'
except Exception as e:
print 'Error: '+str(e)
check_alternative_protos()
except Exception as e:
print 'Unknown error: '+str(e)