As a part of my university diploma, we are making kind of access control tool as a firewall  without dependence on oVirt roles ( this tool should actually work for all libvirt based virtualization products for KVM). It should be similar to Hytrust products or these ones http://en.securitycode.ru/vGate//.
So my work is to find out what information I can use from the RPC calls and from where I can get an information about the user.

2018-05-07 11:00 GMT+03:00 Martin Sivak <msivak@redhat.com>:
Hi,

I think what you are looking for is mostly this:
https://github.com/oVirt/vdsm/blob/master/lib/vdsm/api/vdsm-api.yml

The best way to see what the traffic is is to disable SSL. The
postgres database is installed and accessible using the postgres user
(the engine user is not allowed to access it directly).

You might also be interested in the vdsm fake project we use as node
simulator. Its readme will tell you exactly how to do this:
https://github.com/oVirt/ovirt-vdsmfake

I wrote an article some time ago that explained how to setup a
development environment without real hosts:
https://www.ovirt.org/blog/2016/11/testing-ovirt-changes-without-cluster/

Might I ask what you goal is?

Best regards

--
Martin Sivak
SLA / oVirt

On Sun, May 6, 2018 at 6:26 AM, Anastasiya Ruzhanskaya
<anastasiya.ruzhanskaya@frtk.ru> wrote:
> Hello everyone!
> Currently I want to determine what information is included in messages
> passing from oVirt engine to VDSM on ovirt-node.
>
> I made up a really simple configuration with one VM representing engine,
> another - node, a managed to successfully  launch a single VM on this node.
> However, I have chosen to configure everything automatically. Currently
> traffic is encrypted with default certificates.
> So, there are three options for me and no one of them really works.
>
> 1) Find the format of messages ( what the fields are, session id for
> example) in docs, but I didn't  manage to find it;
> 2) Use wireshark to decrypt the traffic and the apply maybe a json
> -dissector to the decrypted data. I have tried many solutions ( thanks god I
> have rsa private and public keys but there is another session key which is
> generated every time engine starts to communicate with vdsm, which I cannot
> get with the help of sslkeylog file or ld_preload technology.
> Maybe someone knows the exact methodology how to do this correctly?
>
> 3) Turn off ssl in oVirt. It is simple to do that for vdsm, but for engine,
> according to answers on oVirt site, I should do 2 requests to the database.
> I was really surprised that psql was not installed by oVirt on my system.
> How did it then created a default database? ( I have chosen to create all
> locally and with default configurations).
> I mean these two commands :
> https://www.ovirt.org/develop/developer-guide/vdsm/connecting-development-vdsm-to-engine/
> . I have a following error there :
> psql: FATAL: Peer authentication failed for user "engine"
>
> Could you please guide my what method is the best and how should I correct
> my faults there?
>
>
> _______________________________________________
> Devel mailing list
> Devel@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/devel