[Users] ssl error using ovirt-shell in 3.3.1
Gianluca Cecchi
gianluca.cecchi at gmail.com
Tue Nov 26 17:29:03 UTC 2013
On Tue, Nov 26, 2013 at 4:06 PM, Michael Pasternak wrote:
> On 11/26/2013 04:09 PM, Gianluca Cecchi wrote:
>> Hello,
>> based on RHEVM 3.2 and 3.3 beta docs I'm trying connection from ovirt cli.
>> I have:
>> engine on f19 + ovirt stable ovirt-engine-3.3.1-2.fc19.noarch
>> client from where I run cli is f19 with
>> ovirt-engine-sdk-python-3.3.0.7-1.fc19.noarch
>> ovirt-engine-cli-3.3.0.5-1.fc19.noarch
> this is client side certificate key, you should be using "ca_file" for the host CA.
Reading these documents:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.3-Beta/html/Command_Line_Shell_Guide/Attaining_an_SSL_certificate_from_RHEVM_for_a_REST_API_Client.html
http://www.ovirt.org/CLI
http://www.ovirt.org/How_to_Connect_to_SPICE_Console_Without_Portal
It is not clear to me the correct combination/requirements on client
side to be able to connect
Suppose I keep empty (aka default values) the .ovirtshellrc file:
[cli]
autoconnect = True
autopage = True
[ovirt-shell]
username =
timeout = None
extended_prompt = False
url =
insecure = False
filter = False
session_timeout = None
ca_file =
dont_validate_cert_chain = False
key_file = None
password =
cert_file =
And put all needed options into command line. The steps I understand I
have to do are
1) curl -o ca.crt http://f18engine/ca.crt
(that should be "server CA cert-file", correct?)
2) connect
But with
ovirt-shell -c -A ./ca.crt -l https://10.4.4.60:443/api -u admin at internal
I get
error: _ssl.c:291: Both the key & certificate files must be specified
that I don't find any reference for in the docs...
Probably it is my fault with poor certificates/CA knowledge, but I
presume it should be simpler for a user that only wants to interface
to oVirt CLI have a correct sequence of steps
Also, from http://www.ovirt.org/CLI#Usage (referred in
/usr/share/doc/ovirt-engine-cli-3.3.0.5/README)
ovirt-shell --help should give the help
but this seems not to be true:
$ ovirt-shell --help
URL:
Gianluca
More information about the Users
mailing list