Bug 848049
| Summary: | Can not connect via SSL/TLS from command line | ||
|---|---|---|---|
| Product: | [Retired] oVirt | Reporter: | David Jaša <djasa> |
| Component: | ovirt-engine-cli | Assignee: | Michael Pasternak <mpastern> |
| Status: | CLOSED NOTABUG | QA Contact: | Elena <edolinin> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | unspecified | CC: | acathrow, bazulay, dyasny, iheim, srevivo, ykaul |
| Target Milestone: | --- | Flags: | mpastern:
ovirt_requires_release_note?
|
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | infra | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-08-14 16:01:21 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
David Jaša
2012-08-14 13:00:12 UTC
it's sounds like a permission issue on the cert. file for the ovirt-shell, can you verify that? $ ls -ldZ ${CA_FILE}
-rw-r--r--. djasa users unconfined_u:object_r:user_home_t:s0 ${CA_FILE}
running ovirt-shell as djasa in shell - can not connect
running curl as djasa in the very same shell - can connect
--> doesn't sound like permission issue
this is cert processing/handshake failure in https lib, - please see how to create/deploy SSL env. for the engine [1] - check if you see anything related to SSL in server.log [1] http://wiki.ovirt.org/wiki/Building_Engine_Draft#Enable_SSL_port_8443_in_the_application_server_.28optional.29 (In reply to comment #3) > this is cert processing/handshake failure in https lib, > > - please see how to create/deploy SSL env. for the engine [1] It is deployed correctly - everything else works just fine (firefox, curl, wget) > - check if you see anything related to SSL in server.log /var/log/ovirt-engine/server.log is silent /var/log/httpd/ssl_request_log contains entry like this for curl access: [14/Aug/2012:16:35:07 +0200] ${CLIENT_IP} TLSv1 DHE-RSA-AES256-SHA "HEAD /api HTTP/1.1" - /var/log/httpd/ssl_*_log remains silent when I run o-s, but a pcap shows few packets. ok, got it, cert_file should be PEM formatted file, see [1], key_file is the name of a PEM formatted file that contains your private key. [1] http://docs.python.org/library/httplib.html cert_file is engine's ca.pem. And after further investigation, I found that cert_file _is not_ CA trust store to verify server cert against, it is actually a client certificate file used for establishing client identity on the server. $ ovirt-shell -l https://${OVIRT}/ -u ${USER} -p ${PASS} -c connects fine (a basic scenario I didn't even try) so the only bug here is bug 848046. |