[Engine-devel] [help]how to get the CA certificate when uploader ISO

Keith Robertson kroberts at redhat.com
Thu Nov 1 13:52:19 UTC 2012 

On 11/01/2012 05:23 AM, Sheldon wrote:
> On 10/31/2012 09:37 PM, Keith Robertson wrote:
>> On 10/31/2012 01:40 AM, Sheldon wrote:
>>> I make a domain name "ISO", Domain type is ISO, Storage Type is NFS, 
>>> Format is V1
>>>
>>> $ sudo engine-iso-uploader -v --iso-domain=ISO upload 
>>> Fedora-17-x86_64-DVD.iso
>>> [sudo] password for ovirt:
>>> Please provide the REST API username for oVirt Engine (CTRL+D to 
>>> abort): admin at internal
>>> Please provide the REST API password for the admin at internal oVirt 
>>> Engine user (CTRL+D to abort):
>>> ERROR: Problem connecting to the REST API.  Is the service available 
>>> and does the CA certificate exist?
>>> ERROR: 'NoneType' object is not iterable
>>> INFO: Use the -h option to see usage. 
>>
>> Just to be clear the error in [1] is simply a symptom.  It isn't the 
>> root cause.  The root cause is quite possibly the CA certificate.
>>
>> I have created a patch in [2] that I'd appreciate if you could test 
>> as it will provide more debugging information about why the API 
>> creation is failing.  Simply follow the steps in [3]
>>
>> Cheers,
>> Keith
>>
>> [1] ERROR: 'NoneType' object is not iterable
>> [2] http://gerrit.ovirt.org/8954
>> [3]
>> Step 1: git clone http://gerrit.ovirt.org/p/ovirt-iso-uploader.git
>> Step 2: Cherry pick the patch...
>> git fetch git://gerrit.ovirt.org/ovirt-iso-uploader 
>> refs/changes/54/8954/2 && git cherry-pick FETCH_HEAD
>> Step 3: export APP_VERSION=3.0.0; export APP_RELEASE=1
>> Step 4: cd ovirt-iso-uploader
>> Step 5: make
>> Step 6: Notice the ovirt-iso-uploader*.rpm location in the STDOUT
>> Step 7: yum install /path/to/ovirt-iso-uploader*.rpm
>
> still error. but different debug info.
Yes.  The patch adds additional debug info.
>
> $ sudo engine-iso-uploader -v --iso-domain=ISO upload 
> RHEL6.3-20120531.0-Server-x86_64-DVD1.iso
> Please provide the REST API username for oVirt Engine (CTRL+D to 
> abort): admin at internal
> Please provide the REST API password for the admin at internal oVirt 
> Engine user (CTRL+D to abort):
> DEBUG: url(https://localhost:443/api)
> DEBUG: user(admin at internal)
> DEBUG: ca(/etc/pki/ovirt-engine/ca.pem)
> DEBUG: insecure(False)
> ERROR: Problem connecting to the REST API.  Is the service available 
> and does the CA certificate exist? Error: [ERROR]::oVirt API 
> connection failure, 
Now we're getting to the good stuff as you can see that you are getting 
a connection refused.  Questions for you:

1) Are you *certain* that 'https://localhost:443/api' is accessible from 
the local system, that it is the address of your oVirt engine, and is 
not being blocked by a FW?  Easy test on the local box point your 
browser at that url.

2) Are you certain that the CA is valid?  To verify this you will need 
to issue a 'curl' statement and supply the CA.  Example:
  curl -v -k -u $USER:$PASS --cacert /etc/pki/ovirt-engine/ca.pem  -X 
GET -H 'Accept: application/xml'  'https://localhost:443/api/api/vms
> [Errno 111] Connection refused
> DEBUG: Unable to get host and path information from API.
>
>
> -- 
> Sheldon Feng(冯少合)<shaohef at linux.vnet.ibm.com>
> IBM Linux Technology Center

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/engine-devel/attachments/20121101/2113ae82/attachment.html>

More information about the Engine-devel mailing list