This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-API] how do i use xen api with key and cert?

To: xen-api@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-API] how do i use xen api with key and cert?
From: "stephan nies" <nies.stephan@xxxxxxxxxxxxxx>
Date: Thu, 22 Nov 2007 19:30:20 +0100
Delivery-date: Thu, 22 Nov 2007 10:30:46 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=qfWzRm2TPGjLH++FSbmyKOO/SVNFcIojnRNm85HSllE=; b=W+J0l0TWM5a8j6wW+HACq7Hf7Bru+LbFgTA4FLFq38d5AncRcbssHgbQJLHEB5DMkWLMsxT3dO7hrY2KeuObeZgSuOR+H3slGyoJ7TX1WmpgpDPctkwNDetK8uiaPj4Wg7KaaWMcYUncM8KoRb8P5nMeKNQNIps/qZVKWcpgH8M=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=uizrEgzEGvv0kqtqefbkPGP3wfaWFnySy7Zq7R+45Jo0M7SWSStsfUtFlpp3BI6fRLkQ8pa8tiL/Ul+MEWl/7oOLxWUOj8KImYITJ+DLXlvJHzzX5WneJuMJa0MB8cG8oifweXcGYrIzmzdM27gDTHlT8VvFsQUOozEIM9LA2u0=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-api-request@lists.xensource.com?subject=help>
List-id: Discussion of API issues surrounding Xen <xen-api.lists.xensource.com>
List-post: <mailto:xen-api@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-api-bounces@xxxxxxxxxxxxxxxxxxx

I would like to use the xen-api with key and cert

- Debian Etch
- Xen 3.1 compiled from source
- python-pam installed
- python-pyopenssl installed

I did set up a key and a self signed cert:

openssl genrsa -out ca.key 1024
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

put that under /root/ssl

and modified /etc/
(xen-api-server ((9367 pam '' /root/ssl/ca.key /root/ssl/ca.crt)
                       (unix none)))

restarted xend:
/etc/init.d/xend restart

seems to work :
since in /var/log/xen/xend.log i found this line
[2007-11-22 19:14:11 21880] INFO (__init__:1072) Opening HTTPS XML-RPC
server on all interfaces, port 9367.
[2007-11-22 19:14:11 21880] INFO (__init__:1072) Opening Unix domain
socket XML-RPC server on /var/run/xend/xen-api.sock; authentication
has been disabled for this server.
[2007-11-22 19:14:11 21880] INFO (__init__:1072) Opening Unix domain
socket XML-RPC server on /var/run/xend/xmlrpc.sock.

also netstat -l reports:
tcp        0      0 *:9367                  *:*                     LISTEN

But I cant figure out how to call from the client side,
what do I have to provide for user and password?

I tried:
>> import xmlrpclib
>> xen = xmlrpclib.Server("https://server_name:9367";)
>> xen.session.login_with_password('<name_in_cert>','<optional_password_in_cert>')
Traceback (most recent call last):
  File "<stdin>", line 1, in ?
  File "/usr/lib/python2.4/xmlrpclib.py", line 1096, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib/python2.4/xmlrpclib.py", line 1383, in __request
  File "/usr/lib/python2.4/xmlrpclib.py", line 1147, in request
    return self._parse_response(h.getfile(), sock)
  File "/usr/lib/python2.4/xmlrpclib.py", line 1274, in _parse_response
    response = sock.recv(1024)
  File "/usr/lib/python2.4/httplib.py", line 1051, in recv
    return self._ssl.read(len)
socket.sslerror: (6, 'TLS/SSL connection has been closed')

So can you please give an example how to attach to a key+cert-secured
xen-api xml-rpc service.


xen-api mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-API] how do i use xen api with key and cert?, stephan nies <=