I'm developing a cli tool in python (https://github.com/fbacchella/ovirtcmd). I'm trying it using kerberos authentication. On Linux, it works well. On mac os, I get the following message : self.api = API(**self.api_connect_settings) File "build/bdist.macosx-10.10-x86_64/egg/ovirtsdk/api.py", line 191, in __init__ File "build/bdist.macosx-10.10-x86_64/egg/ovirtsdk/infrastructure/proxy.py", line 115, in request File "build/bdist.macosx-10.10-x86_64/egg/ovirtsdk/infrastructure/connectionspool.py", line 81, in do_request ovirtsdk.infrastructure.errors.ConnectionError: [ERROR]::oVirt API connection failure, (4, '') What this (4, '') means ?
It probably means that the version of libcurl in that system hasn't been compiled with Kerberos support. Can you check it? $ curl --version | grep Kerberos If that is the reason then we can check it earlier, and generate a better error message.
That's not the point. I don't want an explicit check on Kerberos, I want a translation of (4, '') Is that a SSL error, authentication error, TCP error ? When did the connexion fails ? A what phase ? Adding debug change nothing. If I know that's an authentication error, I will start to look at curl and kerberos. But perhaps it's also an SSL error, the negotiation might have failed because I miss a cipher. I don't like wild guess when debugging, I prefer helpful informations that save time.
I don't have a translation of (4, ''), and I can't reproduce your problem, as I don't have a Mac OS X environment to test it. If you want progress with this issue please provide the information that I requested.
The problem is here : except pycurl.error as error: raise errors.ConnectionError(error) So you have a pycurl exception and wrap it inside a ovirt exception. The message "(4, '')" is from pycurl, but I have no way to know that. And also if I look at ConnectionError: class ConnectionError(Exception): def __init__(self, expect): Exception.__init__(self, '[ERROR]::oVirt API connection failure, %s' % expect) The original exception is not kept, only it's message, so I can't dig inside it, to found where the error is coming from in pycurl. And there is a typo I think, it should be except, not expect. Just adding a indication to look at pycurl error code would have been helpful. I found them here: https://curl.haxx.se/libcurl/c/libcurl-errors.html CURLE_NOT_BUILT_IN (4) A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision. This means that a feature or option was not enabled or explicitly disabled when libcurl was built and in order to get it to function you have to get a rebuilt libcurl. So indeed your guess was right, kerberos is missing, but I have no help from the sdk about that and needs to open a ticket to found out. That's not very efficient.
Thanks, that is helpful. We can add the complete backtrace to the exception, and maybe translate the pycurl error code into an string, if pycurl supports that.
Just add the original exception in ConnectionError: class ConnectionError(Exception): def __init__(self, except): ... self.original_exception = except So end user can choose to print the stack or not, depending of his own use case, log level, and difficulty of the exception.
Can you submit a patch for that?
I will have a look.
I'm looking at https://github.com/fbacchella/ovirt-engine-sdk/tree/sdk_3.6 And I see: This requires that the Maven artifacts are available either locally or in an accessible remote Maven repository. As those artifacts aren't currently published to any public Maven repository, this means that you will have to build the engine first. So trying to patch the python sdk seems to be quite an adventure. I don't think I have time to test. Not tested code is always broken, I'm not sur I can provide useful help then.
This bug was fixed and is slated to be in the upcoming version. As we are focusing our testing at this phase on severe bugs, this bug was closed without going through its verification step. If you think this bug should be verified by QE, please set its severity to high and move it back to ON_QA