Re: [Users] [Engine-devel] [help]how to get the CA certificate when uploader ISO

On 11/01/2012 09:52 PM, Keith Robertson wrote: > On 11/01/2012 05:23 AM, Sheldon wrote: >> On 10/31/2012 09:37 PM, Keith Robertson wrote: >>> On 10/31/2012 01:40 AM, Sheldon wrote: >>>> I make a domain name "ISO", Domain type is ISO, Storage Type is >>>> NFS, Format is V1 >>>> >>>> $ sudo engine-iso-uploader -v --iso-domain=ISO upload >>>> Fedora-17-x86_64-DVD.iso >>>> [sudo] password for ovirt: >>>> Please provide the REST API username for oVirt Engine (CTRL+D to >>>> abort): admin@internal >>>> Please provide the REST API password for the admin@internal oVirt >>>> Engine user (CTRL+D to abort): >>>> ERROR: Problem connecting to the REST API. Is the service >>>> available and does the CA certificate exist? >>>> ERROR: 'NoneType' object is not iterable >>>> INFO: Use the -h option to see usage. >>> >>> Just to be clear the error in [1] is simply a symptom. It isn't the >>> root cause. The root cause is quite possibly the CA certificate. >>> >>> I have created a patch in [2] that I'd appreciate if you could test >>> as it will provide more debugging information about why the API >>> creation is failing. Simply follow the steps in [3] >>> >>> Cheers, >>> Keith >>> >>> [1] ERROR: 'NoneType' object is not iterable >>> [2] http://gerrit.ovirt.org/8954 >>> [3] >>> Step 1: git clone http://gerrit.ovirt.org/p/ovirt-iso-uploader.git >>> Step 2: Cherry pick the patch... >>> git fetch git://gerrit.ovirt.org/ovirt-iso-uploader >>> refs/changes/54/8954/2 && git cherry-pick FETCH_HEAD >>> Step 3: export APP_VERSION=3.0.0; export APP_RELEASE=1 >>> Step 4: cd ovirt-iso-uploader >>> Step 5: make >>> Step 6: Notice the ovirt-iso-uploader*.rpm location in the STDOUT >>> Step 7: yum install /path/to/ovirt-iso-uploader*.rpm >> >> still error. but different debug info. > Yes. The patch adds additional debug info. >> >> $ sudo engine-iso-uploader -v --iso-domain=ISO upload >> RHEL6.3-20120531.0-Server-x86_64-DVD1.iso >> Please provide the REST API username for oVirt Engine (CTRL+D to >> abort): admin@internal >> Please provide the REST API password for the admin@internal oVirt >> Engine user (CTRL+D to abort): >> DEBUG: url(https://localhost:443/api) >> DEBUG: user(admin@internal) >> DEBUG: ca(/etc/pki/ovirt-engine/ca.pem) >> DEBUG: insecure(False) >> ERROR: Problem connecting to the REST API. Is the service available >> and does the CA certificate exist? Error: [ERROR]::oVirt API >> connection failure, > Now we're getting to the good stuff as you can see that you are > getting a connection refused. Questions for you: > > 1) Are you *certain* that 'https://localhost:443/api' is accessible > from the local system, that it is the address of your oVirt engine, > and is not being blocked by a FW? Easy test on the local box point > your browser at that url. I have edited the tls port, it is not 443. It is 4301. I can access https://localhost:4301/api' > > 2) Are you certain that the CA is valid? To verify this you will need > to issue a 'curl' statement and supply the CA. Example: > curl -v -k -u $USER:$PASS --cacert /etc/pki/ovirt-engine/ca.pem -X > GET -H 'Accept: application/xml' 'https://localhost:443/api/api/vms also: $ curl -v -k -u admin@internal:letmein! --cacert /etc/pki/ovirt-engine/ca.pem -X GET -H 'Accept: application/xml' 'https://localhost:4301/api/vms' is ok and I designate the tls port, now it can work. $ sudo engine-iso-uploader -rlocalhost:4301 -v --iso-domain=ISO upload Fedora-17-x86_64-DVD.iso Thank you.