[Engine-devel] [help]how to get the CA certificate when uploader ISO

Keith Robertson kroberts at redhat.com
Fri Nov 2 11:02:28 UTC 2012 

On 11/02/2012 04:01 AM, Sheldon wrote:
> On 11/01/2012 09:52 PM, Keith Robertson wrote:
>> On 11/01/2012 05:23 AM, Sheldon wrote:
>>> On 10/31/2012 09:37 PM, Keith Robertson wrote:
>>>> On 10/31/2012 01:40 AM, Sheldon wrote:
>>>>> I make a domain name "ISO", Domain type is ISO, Storage Type is 
>>>>> NFS, Format is V1
>>>>>
>>>>> $ sudo engine-iso-uploader -v --iso-domain=ISO upload 
>>>>> Fedora-17-x86_64-DVD.iso
>>>>> [sudo] password for ovirt:
>>>>> Please provide the REST API username for oVirt Engine (CTRL+D to 
>>>>> abort): admin at internal
>>>>> Please provide the REST API password for the admin at internal oVirt 
>>>>> Engine user (CTRL+D to abort):
>>>>> ERROR: Problem connecting to the REST API.  Is the service 
>>>>> available and does the CA certificate exist?
>>>>> ERROR: 'NoneType' object is not iterable
>>>>> INFO: Use the -h option to see usage. 
>>>>
>>>> Just to be clear the error in [1] is simply a symptom.  It isn't 
>>>> the root cause.  The root cause is quite possibly the CA certificate.
>>>>
>>>> I have created a patch in [2] that I'd appreciate if you could test 
>>>> as it will provide more debugging information about why the API 
>>>> creation is failing.  Simply follow the steps in [3]
>>>>
>>>> Cheers,
>>>> Keith
>>>>
>>>> [1] ERROR: 'NoneType' object is not iterable
>>>> [2] http://gerrit.ovirt.org/8954
>>>> [3]
>>>> Step 1: git clone http://gerrit.ovirt.org/p/ovirt-iso-uploader.git
>>>> Step 2: Cherry pick the patch...
>>>> git fetch git://gerrit.ovirt.org/ovirt-iso-uploader 
>>>> refs/changes/54/8954/2 && git cherry-pick FETCH_HEAD
>>>> Step 3: export APP_VERSION=3.0.0; export APP_RELEASE=1
>>>> Step 4: cd ovirt-iso-uploader
>>>> Step 5: make
>>>> Step 6: Notice the ovirt-iso-uploader*.rpm location in the STDOUT
>>>> Step 7: yum install /path/to/ovirt-iso-uploader*.rpm
>>>
>>> still error. but different debug info.
>> Yes.  The patch adds additional debug info.
>>>
>>> $ sudo engine-iso-uploader -v --iso-domain=ISO upload 
>>> RHEL6.3-20120531.0-Server-x86_64-DVD1.iso
>>> Please provide the REST API username for oVirt Engine (CTRL+D to 
>>> abort): admin at internal
>>> Please provide the REST API password for the admin at internal oVirt 
>>> Engine user (CTRL+D to abort):
>>> DEBUG: url(https://localhost:443/api)
>>> DEBUG: user(admin at internal)
>>> DEBUG: ca(/etc/pki/ovirt-engine/ca.pem)
>>> DEBUG: insecure(False)
>>> ERROR: Problem connecting to the REST API.  Is the service available 
>>> and does the CA certificate exist? Error: [ERROR]::oVirt API 
>>> connection failure, 
>> Now we're getting to the good stuff as you can see that you are 
>> getting a connection refused.  Questions for you:
>>
>> 1) Are you *certain* that 'https://localhost:443/api' is accessible 
>> from the local system, that it is the address of your oVirt engine, 
>> and is not being blocked by a FW?  Easy test on the local box point 
>> your browser at that url.
> I have edited the tls port, it is not 443.  It is 4301.
OK, here *here* is the problem. The ISO Uploader has been configured to 
use 'localhost:443' while you have customized it to 'localhost:4301'.  
You need to edit /etc/ovirt-engine/logcollector.conf and set the 
variable that tells the uploader which host/port combination to use.

Note: The other 2 tools will have similar issues (ie. Log Collector and 
Image Uploader) and, they each have conf files in /etc/ovirt-engine.

> I can access https://localhost:4301/api'
>>
>> 2) Are you certain that the CA is valid?  To verify this you will 
>> need to issue a 'curl' statement and supply the CA. Example:
>>  curl -v -k -u $USER:$PASS --cacert /etc/pki/ovirt-engine/ca.pem  -X 
>> GET -H 'Accept: application/xml'  'https://localhost:443/api/api/vms
> also:
> $ curl -v -k -u admin at internal:letmein! --cacert 
> /etc/pki/ovirt-engine/ca.pem  -X GET -H 'Accept: application/xml' 
> 'https://localhost:4301/api/vms'
> is ok
>
> and I designate the tls port, now it can work.
> $ sudo engine-iso-uploader -rlocalhost:4301 -v --iso-domain=ISO upload 
> Fedora-17-x86_64-DVD.iso
>
> Thank you.
>>> [Errno 111] Connection refused
>>> DEBUG: Unable to get host and path information from API.
>>>
>>>
>>> -- 
>>> Sheldon Feng(冯少合)<shaohef at linux.vnet.ibm.com>
>>> IBM Linux Technology Center
>>
>
>
> -- 
> Sheldon Feng(冯少合)<shaohef at linux.vnet.ibm.com>
> IBM Linux Technology Center

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/engine-devel/attachments/20121102/993d79f4/attachment.html>

More information about the Engine-devel mailing list