[ovirt-devel] ovirt-sdk get_subject() problem

Wed Oct 29 14:53:46 UTC 2014

On 10/29/2014 02:03 PM, Denis Kirjanov wrote:
> I've installed rhemv-sdk 3.5.0.7 but nothing has changed.
> 

Ok, looks like your server is that old that it doesn't implement the
"All-Content" header. I'd suggest to update, but if it isn't possible
then you can do something like this to obtain the certificate of the
display:

import OpenSSL
import ssl

display_host = ...
display_port = ...

# Get the certificate from the server and convert it to a data structure
# that can be manipulated:
pem = ssl.get_server_certificate(
    addr=(display_host, display_port),
    ssl_version=ssl.PROTOCOL_TLSv1,
    ca_certs="/etc/pki/ovirt-engine/ca.pem"
)
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, pem)

# Build the subject string iterating the components of the subject
# name:
subject = ""
for component in cert.get_subject().get_components():
    subject += "/%s=%s" % component

Note that it is important that you use here the "ca_certs" parameter, so
that the display certificate is propertly validated. Also you will need
to setup that manually if the script is running outside of the engine
machine.

> ----- Исходное сообщение -----
> От: "Juan Hernandez" <jhernand at redhat.com>
> Кому: "Denis Kirjanov" <kda at itsirius.su>
> Копия: devel at ovirt.org
> Отправленные: Среда, 29 Октябрь 2014 г 14:45:15
> Тема: Re: [ovirt-devel] ovirt-sdk get_subject() problem
> 
> On 10/29/2014 11:37 AM, Denis Kirjanov wrote:
>> Thanks for the tip, but I've got "got an unexpected keyword argument all_content"
>>
> 
> You can solve that updating the version of the Python SDK, no need to
> update the engine. Newer versions of the SDK should work correctly with
> older versions of the engine, so if you use the 3.5 version of the SDK
> this should work.
> 
>> ----- Исходное сообщение -----
>> От: "Juan Hernandez" <jhernand at redhat.com>
>> Кому: "Denis Kirjanov" <kda at itsirius.su>, devel at ovirt.org
>> Отправленные: Среда, 29 Октябрь 2014 г 13:46:16
>> Тема: Re: [ovirt-devel] ovirt-sdk get_subject() problem
>>
>> On 10/29/2014 10:40 AM, Denis Kirjanov wrote:
>>> Hi guys, 
>>>
>>> I'm having a problem getting the value from the manager using vm.get_display().get_certificate().get_subject():
>>> It happens on VM restart and what I get is: 'NoneType' object has no attribute 'get_subject'.
>>>
>>> It happens only with get_subject() since I don't have a problem to get other values like vm address or display port.
>>> Moreover, the second attempt to query the certificate subject always succeeds...
>>>
>>> Is there a way to overcome this?
>>>
>>> We're using ovirt 3.1 and I've found the same issue here: 
>>> http://lists.ovirt.org/pipermail/devel/2013-July/005221.html
>>>
>>> Thank you.
>>>
>>
>> When you request the information of a VM not all the details are
>> populated by default, including the certificate. Thus the
>> "get_certificate" method returns None. If you want the certificate data
>> populated you have to use the "all_content" parameter of the method used
>> to retrieve the VM:
>>
>>   vm = api.vms.get(name="myvm", all_content=True)
>>
>> Then you should be able to get the certificate and the subject.
>>
> 
> 

-- 
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.