WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] how do i use xen api with key and cert?

from [stephan nies] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] how do i use xen api with key and cert?
From: "stephan nies" <nies.stephan@xxxxxxxxxxxxxx>
Date: Wed, 28 Nov 2007 00:09:08 +0100
Delivery-date: Tue, 27 Nov 2007 15:10:05 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=gi5iv9GRBUBFNu4al0Skm6mFIDq3R2h7sYORmXRVz+Y=; b=Ber4iJOkSThP846JqmDm21OLN6adtw9PPjedzUEfAOjsHLa7s2I7f7ttY6cGthZFzWRaFQ/VMGh6L7+NG+Q2PdWh9qxoEltF6/1CNTxcsMUoHWEf9TD86aJNqFzNj30CUtKn4flGUHkoYpnPkfHiB43+c1BIlsmIad1HuLclFNY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=MEHT8vc3lzaTdRDgUujzGDKO6gcc3Lg6VzVo+s49Jco01xuyIUzqeVU7SQgV5r3AtwNFhov9J6+Lq64wkwaVY1HFk6vDGw7VFke6eYGKEjmwz7iMtjy76pQxwj/acWSKlEfseqOnv5AL6YmgovCG8vBMVCC/KnhYRmLe8bNG1Fg=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <79f682bf0711221030y3dfc2016ob6a488ced858a3e6@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <79f682bf0711221030y3dfc2016ob6a488ced858a3e6@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
Hello,

I am forwarding this from the xen-api mailing-list,
because it seems to be quite dormant.

I hope someone here might be able to answer the
following question.

Cheers,
Stephan


---------- Forwarded message ----------
From: stephan nies <nies.stephan@xxxxxxxxxxxxxx>
Date: Nov 22, 2007 7:30 PM
Subject: how do i use xen api with key and cert?
To: xen-api@xxxxxxxxxxxxxxxxxxx


Hello,

I would like to use the xen-api with key and cert

System:
- Debian Etch
- Xen 3.1 compiled from source
- python-pam installed
- python-pyopenssl installed

I did set up a key and a self signed cert:

openssl genrsa -out ca.key 1024
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

put that under /root/ssl

and modified /etc/
(xen-api-server ((9367 pam '' /root/ssl/ca.key /root/ssl/ca.crt)
                       (unix none)))

restarted xend:
/etc/init.d/xend restart

seems to work :
since in /var/log/xen/xend.log i found this line
[2007-11-22 19:14:11 21880] INFO (__init__:1072) Opening HTTPS XML-RPC
server on all interfaces, port 9367.
[2007-11-22 19:14:11 21880] INFO (__init__:1072) Opening Unix domain
socket XML-RPC server on /var/run/xend/xen-api.sock; authentication
has been disabled for this server.
[2007-11-22 19:14:11 21880] INFO (__init__:1072) Opening Unix domain
socket XML-RPC server on /var/run/xend/xmlrpc.sock.

also netstat -l reports:
tcp        0      0 *:9367                  *:*                     LISTEN


But I cant figure out how to call from the client side,
what do I have to provide for user and password?

I tried:
python
>> import xmlrpclib
>> xen = xmlrpclib.Server("https://server_name:9367";)
>> xen.session.login_with_password('<name_in_cert>','<optional_password_in_cert>')
Traceback (most recent call last):
  File "<stdin>", line 1, in ?
  File "/usr/lib/python2.4/xmlrpclib.py", line 1096, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib/python2.4/xmlrpclib.py", line 1383, in __request
    verbose=self.__verbose
  File "/usr/lib/python2.4/xmlrpclib.py", line 1147, in request
    return self._parse_response(h.getfile(), sock)
  File "/usr/lib/python2.4/xmlrpclib.py", line 1274, in _parse_response
    response = sock.recv(1024)
  File "/usr/lib/python2.4/httplib.py", line 1051, in recv
    return self._ssl.read(len)
socket.sslerror: (6, 'TLS/SSL connection has been closed')

So can you please give an example how to attach to a key+cert-secured
xen-api xml-rpc service.

Cheers,
Stephan

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] how do i use xen api with key and cert?, stephan nies <=
Previous by Date:  Re: [Xen-users] XEN 3.1 - eth0 Device Problems during booting, Mark Williamson
Next by Date:  [Xen-users] Very slow NFS write performance from VM, but good from the XenServer console, Arpad KUN
Previous by Thread:  [Xen-users] Clustering DOMUs, Errol Neal
Next by Thread:  [Xen-users] Very slow NFS write performance from VM, but good from the XenServer console, Arpad KUN
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy