[ovirt-users] RESTAPI and kerberos authentication

Marcel Galke mazl_galke at web.de
Wed Apr 13 20:43:54 UTC 2016


Hello,

I need to automatically create a list of all the VMs and the storage
path to their disks in the data center for offline storage for desaster
recovery. We have oVirt 3.6 and IPA 4.2.0.
To achieve this my idea was to query the API using Kerberos
authentication and a keytab. This could then run as cronjob.
Using username and password is not an option.

To configure oVirt for use with IPA I've run engine-manage-domains but
the result is not exactly what I'm looking for (despite from the fact,
that I can add direcotry users etc.).
Next I tried the generic LDAP provider as per documentation
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.5/html/Administration_Guide/sect-Directory_Users.html

It was quite easy to get Apache to authenticate against IPA, but I did
not manage to access the API. Each try ended with an "HTTP/1.1 401
Unauthorized".
At the moment Apache authentication appears first and then the RESTAPI
auth dialog comes up.
Some facts about my setup:
oVirt Host:
-OS: CentOS 6.7
-Engine Version: 3.6
IPA Host:
-OS: CentOS 7.2
-IPA Version: 4.2.0


I might mix some things up. Please help me to find out how to achieve my
goal. I can provide more information if required.

Thanks a lot!


Best regards
Marcel



More information about the Users mailing list