This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] how do i use xen api with key and cert?

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] how do i use xen api with key and cert?
From: "stephan nies" <nies.stephan@xxxxxxxxxxxxxx>
Date: Wed, 28 Nov 2007 00:09:08 +0100
Delivery-date: Tue, 27 Nov 2007 15:10:05 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=gi5iv9GRBUBFNu4al0Skm6mFIDq3R2h7sYORmXRVz+Y=; b=Ber4iJOkSThP846JqmDm21OLN6adtw9PPjedzUEfAOjsHLa7s2I7f7ttY6cGthZFzWRaFQ/VMGh6L7+NG+Q2PdWh9qxoEltF6/1CNTxcsMUoHWEf9TD86aJNqFzNj30CUtKn4flGUHkoYpnPkfHiB43+c1BIlsmIad1HuLclFNY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=MEHT8vc3lzaTdRDgUujzGDKO6gcc3Lg6VzVo+s49Jco01xuyIUzqeVU7SQgV5r3AtwNFhov9J6+Lq64wkwaVY1HFk6vDGw7VFke6eYGKEjmwz7iMtjy76pQxwj/acWSKlEfseqOnv5AL6YmgovCG8vBMVCC/KnhYRmLe8bNG1Fg=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <79f682bf0711221030y3dfc2016ob6a488ced858a3e6@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <79f682bf0711221030y3dfc2016ob6a488ced858a3e6@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx

I am forwarding this from the xen-api mailing-list,
because it seems to be quite dormant.

I hope someone here might be able to answer the
following question.


---------- Forwarded message ----------
From: stephan nies <nies.stephan@xxxxxxxxxxxxxx>
Date: Nov 22, 2007 7:30 PM
Subject: how do i use xen api with key and cert?
To: xen-api@xxxxxxxxxxxxxxxxxxx


I would like to use the xen-api with key and cert

- Debian Etch
- Xen 3.1 compiled from source
- python-pam installed
- python-pyopenssl installed

I did set up a key and a self signed cert:

openssl genrsa -out ca.key 1024
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

put that under /root/ssl

and modified /etc/
(xen-api-server ((9367 pam '' /root/ssl/ca.key /root/ssl/ca.crt)
                       (unix none)))

restarted xend:
/etc/init.d/xend restart

seems to work :
since in /var/log/xen/xend.log i found this line
[2007-11-22 19:14:11 21880] INFO (__init__:1072) Opening HTTPS XML-RPC
server on all interfaces, port 9367.
[2007-11-22 19:14:11 21880] INFO (__init__:1072) Opening Unix domain
socket XML-RPC server on /var/run/xend/xen-api.sock; authentication
has been disabled for this server.
[2007-11-22 19:14:11 21880] INFO (__init__:1072) Opening Unix domain
socket XML-RPC server on /var/run/xend/xmlrpc.sock.

also netstat -l reports:
tcp        0      0 *:9367                  *:*                     LISTEN

But I cant figure out how to call from the client side,
what do I have to provide for user and password?

I tried:
>> import xmlrpclib
>> xen = xmlrpclib.Server("https://server_name:9367";)
>> xen.session.login_with_password('<name_in_cert>','<optional_password_in_cert>')
Traceback (most recent call last):
  File "<stdin>", line 1, in ?
  File "/usr/lib/python2.4/xmlrpclib.py", line 1096, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib/python2.4/xmlrpclib.py", line 1383, in __request
  File "/usr/lib/python2.4/xmlrpclib.py", line 1147, in request
    return self._parse_response(h.getfile(), sock)
  File "/usr/lib/python2.4/xmlrpclib.py", line 1274, in _parse_response
    response = sock.recv(1024)
  File "/usr/lib/python2.4/httplib.py", line 1051, in recv
    return self._ssl.read(len)
socket.sslerror: (6, 'TLS/SSL connection has been closed')

So can you please give an example how to attach to a key+cert-secured
xen-api xml-rpc service.


Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] how do i use xen api with key and cert?, stephan nies <=