Hello,
I am forwarding this from the xen-api mailing-list,
because it seems to be quite dormant.
I hope someone here might be able to answer the
following question.
Cheers,
Stephan
---------- Forwarded message ----------
From: stephan nies <nies.stephan@googlemail.com>
Date: Nov 22, 2007 7:30 PM
Subject: how do i use xen api with key and cert?
To: xen-api@lists.xensource.com
Hello,
I would like to use the xen-api with key and cert
System:
- Debian Etch
- Xen 3.1 compiled from source
- python-pam installed
- python-pyopenssl installed
I did set up a key and a self signed cert:
openssl genrsa -out ca.key 1024
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
put that under /root/ssl
and modified /etc/
(xen-api-server ((9367 pam '''' /root/ssl/ca.key
/root/ssl/ca.crt)
(unix none)))
restarted xend:
/etc/init.d/xend restart
seems to work :
since in /var/log/xen/xend.log i found this line
[2007-11-22 19:14:11 21880] INFO (__init__:1072) Opening HTTPS XML-RPC
server on all interfaces, port 9367.
[2007-11-22 19:14:11 21880] INFO (__init__:1072) Opening Unix domain
socket XML-RPC server on /var/run/xend/xen-api.sock; authentication
has been disabled for this server.
[2007-11-22 19:14:11 21880] INFO (__init__:1072) Opening Unix domain
socket XML-RPC server on /var/run/xend/xmlrpc.sock.
also netstat -l reports:
tcp 0 0 *:9367 *:* LISTEN
But I cant figure out how to call from the client side,
what do I have to provide for user and password?
I tried:
python>> import xmlrpclib
>> xen = xmlrpclib.Server("https://server_name:9367")
>>
xen.session.login_with_password(''<name_in_cert>'',''<optional_password_in_cert>'')
Traceback (most recent call last):
File "<stdin>", line 1, in ?
File "/usr/lib/python2.4/xmlrpclib.py", line 1096, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python2.4/xmlrpclib.py", line 1383, in __request
verbose=self.__verbose
File "/usr/lib/python2.4/xmlrpclib.py", line 1147, in request
return self._parse_response(h.getfile(), sock)
File "/usr/lib/python2.4/xmlrpclib.py", line 1274, in
_parse_response
response = sock.recv(1024)
File "/usr/lib/python2.4/httplib.py", line 1051, in recv
return self._ssl.read(len)
socket.sslerror: (6, ''TLS/SSL connection has been closed'')
So can you please give an example how to attach to a key+cert-secured
xen-api xml-rpc service.
Cheers,
Stephan
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users