[Engine-devel] [help]how to get the CA certificate when uploader ISO
Keith Robertson
kroberts at redhat.com
Thu Nov 1 13:52:19 UTC 2012
On 11/01/2012 05:23 AM, Sheldon wrote:
> On 10/31/2012 09:37 PM, Keith Robertson wrote:
>> On 10/31/2012 01:40 AM, Sheldon wrote:
>>> I make a domain name "ISO", Domain type is ISO, Storage Type is NFS,
>>> Format is V1
>>>
>>> $ sudo engine-iso-uploader -v --iso-domain=ISO upload
>>> Fedora-17-x86_64-DVD.iso
>>> [sudo] password for ovirt:
>>> Please provide the REST API username for oVirt Engine (CTRL+D to
>>> abort): admin at internal
>>> Please provide the REST API password for the admin at internal oVirt
>>> Engine user (CTRL+D to abort):
>>> ERROR: Problem connecting to the REST API. Is the service available
>>> and does the CA certificate exist?
>>> ERROR: 'NoneType' object is not iterable
>>> INFO: Use the -h option to see usage.
>>
>> Just to be clear the error in [1] is simply a symptom. It isn't the
>> root cause. The root cause is quite possibly the CA certificate.
>>
>> I have created a patch in [2] that I'd appreciate if you could test
>> as it will provide more debugging information about why the API
>> creation is failing. Simply follow the steps in [3]
>>
>> Cheers,
>> Keith
>>
>> [1] ERROR: 'NoneType' object is not iterable
>> [2] http://gerrit.ovirt.org/8954
>> [3]
>> Step 1: git clone http://gerrit.ovirt.org/p/ovirt-iso-uploader.git
>> Step 2: Cherry pick the patch...
>> git fetch git://gerrit.ovirt.org/ovirt-iso-uploader
>> refs/changes/54/8954/2 && git cherry-pick FETCH_HEAD
>> Step 3: export APP_VERSION=3.0.0; export APP_RELEASE=1
>> Step 4: cd ovirt-iso-uploader
>> Step 5: make
>> Step 6: Notice the ovirt-iso-uploader*.rpm location in the STDOUT
>> Step 7: yum install /path/to/ovirt-iso-uploader*.rpm
>
> still error. but different debug info.
Yes. The patch adds additional debug info.
>
> $ sudo engine-iso-uploader -v --iso-domain=ISO upload
> RHEL6.3-20120531.0-Server-x86_64-DVD1.iso
> Please provide the REST API username for oVirt Engine (CTRL+D to
> abort): admin at internal
> Please provide the REST API password for the admin at internal oVirt
> Engine user (CTRL+D to abort):
> DEBUG: url(https://localhost:443/api)
> DEBUG: user(admin at internal)
> DEBUG: ca(/etc/pki/ovirt-engine/ca.pem)
> DEBUG: insecure(False)
> ERROR: Problem connecting to the REST API. Is the service available
> and does the CA certificate exist? Error: [ERROR]::oVirt API
> connection failure,
Now we're getting to the good stuff as you can see that you are getting
a connection refused. Questions for you:
1) Are you *certain* that 'https://localhost:443/api' is accessible from
the local system, that it is the address of your oVirt engine, and is
not being blocked by a FW? Easy test on the local box point your
browser at that url.
2) Are you certain that the CA is valid? To verify this you will need
to issue a 'curl' statement and supply the CA. Example:
curl -v -k -u $USER:$PASS --cacert /etc/pki/ovirt-engine/ca.pem -X
GET -H 'Accept: application/xml' 'https://localhost:443/api/api/vms
> [Errno 111] Connection refused
> DEBUG: Unable to get host and path information from API.
>
>
> --
> Sheldon Feng(冯少合)<shaohef at linux.vnet.ibm.com>
> IBM Linux Technology Center
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/engine-devel/attachments/20121101/2113ae82/attachment.html>
More information about the Engine-devel
mailing list