[Users] [Engine-devel] [help]how to get the CA certificate when uploader ISO

Fri Nov 2 08:01:00 UTC 2012

On 11/01/2012 09:52 PM, Keith Robertson wrote:
> On 11/01/2012 05:23 AM, Sheldon wrote:
>> On 10/31/2012 09:37 PM, Keith Robertson wrote:
>>> On 10/31/2012 01:40 AM, Sheldon wrote:
>>>> I make a domain name "ISO", Domain type is ISO, Storage Type is 
>>>> NFS, Format is V1
>>>>
>>>> $ sudo engine-iso-uploader -v --iso-domain=ISO upload 
>>>> Fedora-17-x86_64-DVD.iso
>>>> [sudo] password for ovirt:
>>>> Please provide the REST API username for oVirt Engine (CTRL+D to 
>>>> abort): admin at internal
>>>> Please provide the REST API password for the admin at internal oVirt 
>>>> Engine user (CTRL+D to abort):
>>>> ERROR: Problem connecting to the REST API.  Is the service 
>>>> available and does the CA certificate exist?
>>>> ERROR: 'NoneType' object is not iterable
>>>> INFO: Use the -h option to see usage. 
>>>
>>> Just to be clear the error in [1] is simply a symptom.  It isn't the 
>>> root cause.  The root cause is quite possibly the CA certificate.
>>>
>>> I have created a patch in [2] that I'd appreciate if you could test 
>>> as it will provide more debugging information about why the API 
>>> creation is failing.  Simply follow the steps in [3]
>>>
>>> Cheers,
>>> Keith
>>>
>>> [1] ERROR: 'NoneType' object is not iterable
>>> [2] http://gerrit.ovirt.org/8954
>>> [3]
>>> Step 1: git clone http://gerrit.ovirt.org/p/ovirt-iso-uploader.git
>>> Step 2: Cherry pick the patch...
>>> git fetch git://gerrit.ovirt.org/ovirt-iso-uploader 
>>> refs/changes/54/8954/2 && git cherry-pick FETCH_HEAD
>>> Step 3: export APP_VERSION=3.0.0; export APP_RELEASE=1
>>> Step 4: cd ovirt-iso-uploader
>>> Step 5: make
>>> Step 6: Notice the ovirt-iso-uploader*.rpm location in the STDOUT
>>> Step 7: yum install /path/to/ovirt-iso-uploader*.rpm
>>
>> still error. but different debug info.
> Yes.  The patch adds additional debug info.
>>
>> $ sudo engine-iso-uploader -v --iso-domain=ISO upload 
>> RHEL6.3-20120531.0-Server-x86_64-DVD1.iso
>> Please provide the REST API username for oVirt Engine (CTRL+D to 
>> abort): admin at internal
>> Please provide the REST API password for the admin at internal oVirt 
>> Engine user (CTRL+D to abort):
>> DEBUG: url(https://localhost:443/api)
>> DEBUG: user(admin at internal)
>> DEBUG: ca(/etc/pki/ovirt-engine/ca.pem)
>> DEBUG: insecure(False)
>> ERROR: Problem connecting to the REST API.  Is the service available 
>> and does the CA certificate exist? Error: [ERROR]::oVirt API 
>> connection failure, 
> Now we're getting to the good stuff as you can see that you are 
> getting a connection refused.  Questions for you:
>
> 1) Are you *certain* that 'https://localhost:443/api' is accessible 
> from the local system, that it is the address of your oVirt engine, 
> and is not being blocked by a FW?  Easy test on the local box point 
> your browser at that url.
I have edited the tls port, it is not 443.  It is 4301.
I can access https://localhost:4301/api'
>
> 2) Are you certain that the CA is valid?  To verify this you will need 
> to issue a 'curl' statement and supply the CA.  Example:
>  curl -v -k -u $USER:$PASS --cacert /etc/pki/ovirt-engine/ca.pem -X 
> GET -H 'Accept: application/xml'  'https://localhost:443/api/api/vms
also:
$ curl -v -k -u admin at internal:letmein! --cacert 
/etc/pki/ovirt-engine/ca.pem  -X GET -H 'Accept: application/xml' 
'https://localhost:4301/api/vms'
is ok

and I designate the tls port, now it can work.
$ sudo engine-iso-uploader -rlocalhost:4301 -v --iso-domain=ISO upload 
Fedora-17-x86_64-DVD.iso

Thank you.
>> [Errno 111] Connection refused
>> DEBUG: Unable to get host and path information from API.
>>
>>
>> -- 
>> Sheldon Feng(冯少合)<shaohef at linux.vnet.ibm.com>
>> IBM Linux Technology Center
>

-- 
Sheldon Feng(冯少合)<shaohef at linux.vnet.ibm.com>
IBM Linux Technology Center

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20121102/c596cf7b/attachment-0001.html>