[Xen-API] how do i use xen api with key and cert?

To:	xen-api@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-API] how do i use xen api with key and cert?
From:	"stephan nies" <nies.stephan@xxxxxxxxxxxxxx>
Date:	Thu, 22 Nov 2007 19:30:20 +0100
Delivery-date:	Thu, 22 Nov 2007 10:30:46 -0800
Dkim-signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=qfWzRm2TPGjLH++FSbmyKOO/SVNFcIojnRNm85HSllE=; b=W+J0l0TWM5a8j6wW+HACq7Hf7Bru+LbFgTA4FLFq38d5AncRcbssHgbQJLHEB5DMkWLMsxT3dO7hrY2KeuObeZgSuOR+H3slGyoJ7TX1WmpgpDPctkwNDetK8uiaPj4Wg7KaaWMcYUncM8KoRb8P5nMeKNQNIps/qZVKWcpgH8M=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=googlemail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=uizrEgzEGvv0kqtqefbkPGP3wfaWFnySy7Zq7R+45Jo0M7SWSStsfUtFlpp3BI6fRLkQ8pa8tiL/Ul+MEWl/7oOLxWUOj8KImYITJ+DLXlvJHzzX5WneJuMJa0MB8cG8oifweXcGYrIzmzdM27gDTHlT8VvFsQUOozEIM9LA2u0=
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-api-request@lists.xensource.com?subject=help>
List-id:	Discussion of API issues surrounding Xen <xen-api.lists.xensource.com>
List-post:	<mailto:xen-api@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-api-bounces@xxxxxxxxxxxxxxxxxxx

Hello,

I would like to use the xen-api with key and cert

System:
- Debian Etch
- Xen 3.1 compiled from source
- python-pam installed
- python-pyopenssl installed

I did set up a key and a self signed cert:

openssl genrsa -out ca.key 1024
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

put that under /root/ssl

and modified /etc/
(xen-api-server ((9367 pam '' /root/ssl/ca.key /root/ssl/ca.crt)
                       (unix none)))

restarted xend:
/etc/init.d/xend restart

seems to work :
since in /var/log/xen/xend.log i found this line
[2007-11-22 19:14:11 21880] INFO (__init__:1072) Opening HTTPS XML-RPC
server on all interfaces, port 9367.
[2007-11-22 19:14:11 21880] INFO (__init__:1072) Opening Unix domain
socket XML-RPC server on /var/run/xend/xen-api.sock; authentication
has been disabled for this server.
[2007-11-22 19:14:11 21880] INFO (__init__:1072) Opening Unix domain
socket XML-RPC server on /var/run/xend/xmlrpc.sock.

also netstat -l reports:
tcp        0      0 *:9367                  *:*                     LISTEN


But I cant figure out how to call from the client side,
what do I have to provide for user and password?

I tried:
python
>> import xmlrpclib
>> xen = xmlrpclib.Server("https://server_name:9367";)
>> xen.session.login_with_password('<name_in_cert>','<optional_password_in_cert>')
Traceback (most recent call last):
  File "<stdin>", line 1, in ?
  File "/usr/lib/python2.4/xmlrpclib.py", line 1096, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib/python2.4/xmlrpclib.py", line 1383, in __request
    verbose=self.__verbose
  File "/usr/lib/python2.4/xmlrpclib.py", line 1147, in request
    return self._parse_response(h.getfile(), sock)
  File "/usr/lib/python2.4/xmlrpclib.py", line 1274, in _parse_response
    response = sock.recv(1024)
  File "/usr/lib/python2.4/httplib.py", line 1051, in recv
    return self._ssl.read(len)
socket.sslerror: (6, 'TLS/SSL connection has been closed')

So can you please give an example how to attach to a key+cert-secured
xen-api xml-rpc service.

Cheers,
Stephan

_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api