Bug 1136434
| Summary: | rhevm-image-uploader ignores insecure option | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | akotov | |
| Component: | ovirt-image-uploader | Assignee: | Simone Tiraboschi <stirabos> | |
| Status: | CLOSED ERRATA | QA Contact: | Pavel Stehlik <pstehlik> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | urgent | |||
| Version: | 3.4.0 | CC: | adahms, ecohen, gklein, iheim, jbuchta, pstehlik, rbalakri, rdlugyhe, Rhev-m-bugs, sbonazzo, sherold, slitmano, stirabos, yeylon | |
| Target Milestone: | --- | Keywords: | ZStream | |
| Target Release: | 3.5.0 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | integration | |||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: |
Previously, the rhevm-image-uploader tool would ignore the --insecure option, causing image upload operations to fail and display an unnecessary trace. With this update, the --insecure option now functions correctly.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 1138558 (view as bug list) | Environment: | ||
| Last Closed: | 2015-02-11 17:46:54 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | External | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1138558, 1142923, 1156165 | |||
Simone, can you check what's going on? This bug is supposed to be fixed as per bug #1104500 on rhevm-image-uploader-3.4.1-1.el6ev It's a bit tricky indeed and not so easy to found. Python SDK insecure parameter simply skips hostname validation from API cert; if, at the same, we also pass a CA cert it still tries to validate that cert against that CA (independently from the hostname). By default image-uploader is trying to read the CA file from /etc/pki/ovirt-engine/ca.pem so, if your are running image-uploader from another engine host, it founds another CA cert witch make API cert verification failing. I'm not sure if it's better to fix it here or on python SDK side. It also fails if ca.pem is missing completely, not just if CA does not match the host in rhevm-image-uploader-3.5.0-0.3.beta.el6ev.noarch Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0192.html > upstream ovirt-engine-uploader fails too Disambiguation: The upstream utility is called "engine-iso-uploader" rather than "ovirt-engine-uploader." Red Hat calls the downstream utility "engine-image-uploader." Additional resources: * https://www.ovirt.org/documentation/admin-guide/chap-Utilities.html#the-iso-uploader-tool * https://access.redhat.com/discussions/3068711 |
Description of problem: rhevm-image-uploader ignores insecure option and shows unnecessary trace Version-Release number of selected component (if applicable): rhevm-image-uploader-3.4.1-1.el6ev.noarch How reproducible: Steps to Reproduce: 1. configure user/pw/engine URL in /etc/ovirt-engine/imageuploader.conf 2. run engine-image-uploader -e export -N manageiq upload cfme-rhevm-5.3-15.x86_64.rhevm.ova -v --insecure Actual results: [root@dell-pe1650-02 ~]# engine-image-uploader -e export -N manageiq upload cfme-rhevm-5.3-15.x86_64.rhevm.ova -v --insecure ERROR: Problem connecting to the REST API. Is the service available and does the CA certificate exist? ERROR: 'NoneType' object is not iterable INFO: Use the -h option to see usage. DEBUG: Configuration: DEBUG: command: upload DEBUG: Traceback (most recent call last): DEBUG: File "/usr/bin/engine-image-uploader", line 1597, in <module> DEBUG: imageup = ImageUploader(conf) DEBUG: File "/usr/bin/engine-image-uploader", line 402, in __init__ DEBUG: self.upload_to_storage_domain() DEBUG: File "/usr/bin/engine-image-uploader", line 1316, in upload_to_storage_domain DEBUG: (id, address, path) = self.get_host_and_path_from_export_domain(self.configuration.get('export_domain')) DEBUG: TypeError: 'NoneType' object is not iterable Expected results: - insecure option is honored - descriptive error is shown when CA file missing instead of " 'NoneType' object is not iterable" Additional info: upstream ovirt-engine-uploader fails too