[Engine-devel] [help]how to get the CA certificate when uploader ISO
Keith Robertson
kroberts at redhat.com
Fri Nov 2 11:02:28 UTC 2012
On 11/02/2012 04:01 AM, Sheldon wrote:
> On 11/01/2012 09:52 PM, Keith Robertson wrote:
>> On 11/01/2012 05:23 AM, Sheldon wrote:
>>> On 10/31/2012 09:37 PM, Keith Robertson wrote:
>>>> On 10/31/2012 01:40 AM, Sheldon wrote:
>>>>> I make a domain name "ISO", Domain type is ISO, Storage Type is
>>>>> NFS, Format is V1
>>>>>
>>>>> $ sudo engine-iso-uploader -v --iso-domain=ISO upload
>>>>> Fedora-17-x86_64-DVD.iso
>>>>> [sudo] password for ovirt:
>>>>> Please provide the REST API username for oVirt Engine (CTRL+D to
>>>>> abort): admin at internal
>>>>> Please provide the REST API password for the admin at internal oVirt
>>>>> Engine user (CTRL+D to abort):
>>>>> ERROR: Problem connecting to the REST API. Is the service
>>>>> available and does the CA certificate exist?
>>>>> ERROR: 'NoneType' object is not iterable
>>>>> INFO: Use the -h option to see usage.
>>>>
>>>> Just to be clear the error in [1] is simply a symptom. It isn't
>>>> the root cause. The root cause is quite possibly the CA certificate.
>>>>
>>>> I have created a patch in [2] that I'd appreciate if you could test
>>>> as it will provide more debugging information about why the API
>>>> creation is failing. Simply follow the steps in [3]
>>>>
>>>> Cheers,
>>>> Keith
>>>>
>>>> [1] ERROR: 'NoneType' object is not iterable
>>>> [2] http://gerrit.ovirt.org/8954
>>>> [3]
>>>> Step 1: git clone http://gerrit.ovirt.org/p/ovirt-iso-uploader.git
>>>> Step 2: Cherry pick the patch...
>>>> git fetch git://gerrit.ovirt.org/ovirt-iso-uploader
>>>> refs/changes/54/8954/2 && git cherry-pick FETCH_HEAD
>>>> Step 3: export APP_VERSION=3.0.0; export APP_RELEASE=1
>>>> Step 4: cd ovirt-iso-uploader
>>>> Step 5: make
>>>> Step 6: Notice the ovirt-iso-uploader*.rpm location in the STDOUT
>>>> Step 7: yum install /path/to/ovirt-iso-uploader*.rpm
>>>
>>> still error. but different debug info.
>> Yes. The patch adds additional debug info.
>>>
>>> $ sudo engine-iso-uploader -v --iso-domain=ISO upload
>>> RHEL6.3-20120531.0-Server-x86_64-DVD1.iso
>>> Please provide the REST API username for oVirt Engine (CTRL+D to
>>> abort): admin at internal
>>> Please provide the REST API password for the admin at internal oVirt
>>> Engine user (CTRL+D to abort):
>>> DEBUG: url(https://localhost:443/api)
>>> DEBUG: user(admin at internal)
>>> DEBUG: ca(/etc/pki/ovirt-engine/ca.pem)
>>> DEBUG: insecure(False)
>>> ERROR: Problem connecting to the REST API. Is the service available
>>> and does the CA certificate exist? Error: [ERROR]::oVirt API
>>> connection failure,
>> Now we're getting to the good stuff as you can see that you are
>> getting a connection refused. Questions for you:
>>
>> 1) Are you *certain* that 'https://localhost:443/api' is accessible
>> from the local system, that it is the address of your oVirt engine,
>> and is not being blocked by a FW? Easy test on the local box point
>> your browser at that url.
> I have edited the tls port, it is not 443. It is 4301.
OK, here *here* is the problem. The ISO Uploader has been configured to
use 'localhost:443' while you have customized it to 'localhost:4301'.
You need to edit /etc/ovirt-engine/logcollector.conf and set the
variable that tells the uploader which host/port combination to use.
Note: The other 2 tools will have similar issues (ie. Log Collector and
Image Uploader) and, they each have conf files in /etc/ovirt-engine.
> I can access https://localhost:4301/api'
>>
>> 2) Are you certain that the CA is valid? To verify this you will
>> need to issue a 'curl' statement and supply the CA. Example:
>> curl -v -k -u $USER:$PASS --cacert /etc/pki/ovirt-engine/ca.pem -X
>> GET -H 'Accept: application/xml' 'https://localhost:443/api/api/vms
> also:
> $ curl -v -k -u admin at internal:letmein! --cacert
> /etc/pki/ovirt-engine/ca.pem -X GET -H 'Accept: application/xml'
> 'https://localhost:4301/api/vms'
> is ok
>
> and I designate the tls port, now it can work.
> $ sudo engine-iso-uploader -rlocalhost:4301 -v --iso-domain=ISO upload
> Fedora-17-x86_64-DVD.iso
>
> Thank you.
>>> [Errno 111] Connection refused
>>> DEBUG: Unable to get host and path information from API.
>>>
>>>
>>> --
>>> Sheldon Feng(冯少合)<shaohef at linux.vnet.ibm.com>
>>> IBM Linux Technology Center
>>
>
>
> --
> Sheldon Feng(冯少合)<shaohef at linux.vnet.ibm.com>
> IBM Linux Technology Center
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/engine-devel/attachments/20121102/993d79f4/attachment.html>
More information about the Engine-devel
mailing list