[Engine-devel] [help]how to get the CA certificate when uploader ISO
Itamar Heim
iheim at redhat.com
Fri Nov 2 09:52:44 UTC 2012
On 11/02/2012 10:01 AM, Sheldon wrote:
> On 11/01/2012 09:52 PM, Keith Robertson wrote:
>> On 11/01/2012 05:23 AM, Sheldon wrote:
>>> On 10/31/2012 09:37 PM, Keith Robertson wrote:
>>>> On 10/31/2012 01:40 AM, Sheldon wrote:
>>>>> I make a domain name "ISO", Domain type is ISO, Storage Type is
>>>>> NFS, Format is V1
>>>>>
>>>>> $ sudo engine-iso-uploader -v --iso-domain=ISO upload
>>>>> Fedora-17-x86_64-DVD.iso
>>>>> [sudo] password for ovirt:
>>>>> Please provide the REST API username for oVirt Engine (CTRL+D to
>>>>> abort): admin at internal
>>>>> Please provide the REST API password for the admin at internal oVirt
>>>>> Engine user (CTRL+D to abort):
>>>>> ERROR: Problem connecting to the REST API. Is the service
>>>>> available and does the CA certificate exist?
>>>>> ERROR: 'NoneType' object is not iterable
>>>>> INFO: Use the -h option to see usage.
>>>>
>>>> Just to be clear the error in [1] is simply a symptom. It isn't the
>>>> root cause. The root cause is quite possibly the CA certificate.
>>>>
>>>> I have created a patch in [2] that I'd appreciate if you could test
>>>> as it will provide more debugging information about why the API
>>>> creation is failing. Simply follow the steps in [3]
>>>>
>>>> Cheers,
>>>> Keith
>>>>
>>>> [1] ERROR: 'NoneType' object is not iterable
>>>> [2] http://gerrit.ovirt.org/8954
>>>> [3]
>>>> Step 1: git clone http://gerrit.ovirt.org/p/ovirt-iso-uploader.git
>>>> Step 2: Cherry pick the patch...
>>>> git fetch git://gerrit.ovirt.org/ovirt-iso-uploader
>>>> refs/changes/54/8954/2 && git cherry-pick FETCH_HEAD
>>>> Step 3: export APP_VERSION=3.0.0; export APP_RELEASE=1
>>>> Step 4: cd ovirt-iso-uploader
>>>> Step 5: make
>>>> Step 6: Notice the ovirt-iso-uploader*.rpm location in the STDOUT
>>>> Step 7: yum install /path/to/ovirt-iso-uploader*.rpm
>>>
>>> still error. but different debug info.
>> Yes. The patch adds additional debug info.
>>>
>>> $ sudo engine-iso-uploader -v --iso-domain=ISO upload
>>> RHEL6.3-20120531.0-Server-x86_64-DVD1.iso
>>> Please provide the REST API username for oVirt Engine (CTRL+D to
>>> abort): admin at internal
>>> Please provide the REST API password for the admin at internal oVirt
>>> Engine user (CTRL+D to abort):
>>> DEBUG: url(https://localhost:443/api)
>>> DEBUG: user(admin at internal)
>>> DEBUG: ca(/etc/pki/ovirt-engine/ca.pem)
>>> DEBUG: insecure(False)
>>> ERROR: Problem connecting to the REST API. Is the service available
>>> and does the CA certificate exist? Error: [ERROR]::oVirt API
>>> connection failure,
>> Now we're getting to the good stuff as you can see that you are
>> getting a connection refused. Questions for you:
>>
>> 1) Are you *certain* that 'https://localhost:443/api' is accessible
>> from the local system, that it is the address of your oVirt engine,
>> and is not being blocked by a FW? Easy test on the local box point
>> your browser at that url.
> I have edited the tls port, it is not 443. It is 4301.
> I can access https://localhost:4301/api'
>>
>> 2) Are you certain that the CA is valid? To verify this you will need
>> to issue a 'curl' statement and supply the CA. Example:
>> curl -v -k -u $USER:$PASS --cacert /etc/pki/ovirt-engine/ca.pem -X
>> GET -H 'Accept: application/xml' 'https://localhost:443/api/api/vms
> also:
> $ curl -v -k -u admin at internal:letmein! --cacert
> /etc/pki/ovirt-engine/ca.pem -X GET -H 'Accept: application/xml'
> 'https://localhost:4301/api/vms'
> is ok
>
> and I designate the tls port, now it can work.
> $ sudo engine-iso-uploader -rlocalhost:4301 -v --iso-domain=ISO upload
> Fedora-17-x86_64-DVD.iso
>
> Thank you.
not sure how common are non-default ports.
i guess on a local run, the tool can get these parameters from the
engine config, but that's won't work for a remote run.
More information about the Engine-devel
mailing list