[Engine-devel] [help]how to get the CA certificate when uploader ISO
Sheldon
shaohef at linux.vnet.ibm.com
Fri Nov 2 08:01:00 UTC 2012
On 11/01/2012 09:52 PM, Keith Robertson wrote:
> On 11/01/2012 05:23 AM, Sheldon wrote:
>> On 10/31/2012 09:37 PM, Keith Robertson wrote:
>>> On 10/31/2012 01:40 AM, Sheldon wrote:
>>>> I make a domain name "ISO", Domain type is ISO, Storage Type is
>>>> NFS, Format is V1
>>>>
>>>> $ sudo engine-iso-uploader -v --iso-domain=ISO upload
>>>> Fedora-17-x86_64-DVD.iso
>>>> [sudo] password for ovirt:
>>>> Please provide the REST API username for oVirt Engine (CTRL+D to
>>>> abort): admin at internal
>>>> Please provide the REST API password for the admin at internal oVirt
>>>> Engine user (CTRL+D to abort):
>>>> ERROR: Problem connecting to the REST API. Is the service
>>>> available and does the CA certificate exist?
>>>> ERROR: 'NoneType' object is not iterable
>>>> INFO: Use the -h option to see usage.
>>>
>>> Just to be clear the error in [1] is simply a symptom. It isn't the
>>> root cause. The root cause is quite possibly the CA certificate.
>>>
>>> I have created a patch in [2] that I'd appreciate if you could test
>>> as it will provide more debugging information about why the API
>>> creation is failing. Simply follow the steps in [3]
>>>
>>> Cheers,
>>> Keith
>>>
>>> [1] ERROR: 'NoneType' object is not iterable
>>> [2] http://gerrit.ovirt.org/8954
>>> [3]
>>> Step 1: git clone http://gerrit.ovirt.org/p/ovirt-iso-uploader.git
>>> Step 2: Cherry pick the patch...
>>> git fetch git://gerrit.ovirt.org/ovirt-iso-uploader
>>> refs/changes/54/8954/2 && git cherry-pick FETCH_HEAD
>>> Step 3: export APP_VERSION=3.0.0; export APP_RELEASE=1
>>> Step 4: cd ovirt-iso-uploader
>>> Step 5: make
>>> Step 6: Notice the ovirt-iso-uploader*.rpm location in the STDOUT
>>> Step 7: yum install /path/to/ovirt-iso-uploader*.rpm
>>
>> still error. but different debug info.
> Yes. The patch adds additional debug info.
>>
>> $ sudo engine-iso-uploader -v --iso-domain=ISO upload
>> RHEL6.3-20120531.0-Server-x86_64-DVD1.iso
>> Please provide the REST API username for oVirt Engine (CTRL+D to
>> abort): admin at internal
>> Please provide the REST API password for the admin at internal oVirt
>> Engine user (CTRL+D to abort):
>> DEBUG: url(https://localhost:443/api)
>> DEBUG: user(admin at internal)
>> DEBUG: ca(/etc/pki/ovirt-engine/ca.pem)
>> DEBUG: insecure(False)
>> ERROR: Problem connecting to the REST API. Is the service available
>> and does the CA certificate exist? Error: [ERROR]::oVirt API
>> connection failure,
> Now we're getting to the good stuff as you can see that you are
> getting a connection refused. Questions for you:
>
> 1) Are you *certain* that 'https://localhost:443/api' is accessible
> from the local system, that it is the address of your oVirt engine,
> and is not being blocked by a FW? Easy test on the local box point
> your browser at that url.
I have edited the tls port, it is not 443. It is 4301.
I can access https://localhost:4301/api'
>
> 2) Are you certain that the CA is valid? To verify this you will need
> to issue a 'curl' statement and supply the CA. Example:
> curl -v -k -u $USER:$PASS --cacert /etc/pki/ovirt-engine/ca.pem -X
> GET -H 'Accept: application/xml' 'https://localhost:443/api/api/vms
also:
$ curl -v -k -u admin at internal:letmein! --cacert
/etc/pki/ovirt-engine/ca.pem -X GET -H 'Accept: application/xml'
'https://localhost:4301/api/vms'
is ok
and I designate the tls port, now it can work.
$ sudo engine-iso-uploader -rlocalhost:4301 -v --iso-domain=ISO upload
Fedora-17-x86_64-DVD.iso
Thank you.
>> [Errno 111] Connection refused
>> DEBUG: Unable to get host and path information from API.
>>
>>
>> --
>> Sheldon Feng(冯少合)<shaohef at linux.vnet.ibm.com>
>> IBM Linux Technology Center
>
--
Sheldon Feng(冯少合)<shaohef at linux.vnet.ibm.com>
IBM Linux Technology Center
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/engine-devel/attachments/20121102/c596cf7b/attachment.html>
More information about the Engine-devel
mailing list