As a part of my university diploma, we are making kind of access control tool as a firewall without dependence on oVirt roles ( this tool should actually work for all libvirt based virtualization products for KVM). It should be similar to Hytrust products or these ones http://en.securitycode.ru/vGate//. So my work is to find out what information I can use from the RPC calls and from where I can get an information about the user.
2018-05-07 11:00 GMT+03:00 Martin Sivak <msi...@redhat.com>: > Hi, > > I think what you are looking for is mostly this: > https://github.com/oVirt/vdsm/blob/master/lib/vdsm/api/vdsm-api.yml > > The best way to see what the traffic is is to disable SSL. The > postgres database is installed and accessible using the postgres user > (the engine user is not allowed to access it directly). > > You might also be interested in the vdsm fake project we use as node > simulator. Its readme will tell you exactly how to do this: > https://github.com/oVirt/ovirt-vdsmfake > > I wrote an article some time ago that explained how to setup a > development environment without real hosts: > https://www.ovirt.org/blog/2016/11/testing-ovirt-changes-without-cluster/ > > Might I ask what you goal is? > > Best regards > > -- > Martin Sivak > SLA / oVirt > > On Sun, May 6, 2018 at 6:26 AM, Anastasiya Ruzhanskaya > <anastasiya.ruzhansk...@frtk.ru> wrote: > > Hello everyone! > > Currently I want to determine what information is included in messages > > passing from oVirt engine to VDSM on ovirt-node. > > > > I made up a really simple configuration with one VM representing engine, > > another - node, a managed to successfully launch a single VM on this > node. > > However, I have chosen to configure everything automatically. Currently > > traffic is encrypted with default certificates. > > So, there are three options for me and no one of them really works. > > > > 1) Find the format of messages ( what the fields are, session id for > > example) in docs, but I didn't manage to find it; > > 2) Use wireshark to decrypt the traffic and the apply maybe a json > > -dissector to the decrypted data. I have tried many solutions ( thanks > god I > > have rsa private and public keys but there is another session key which > is > > generated every time engine starts to communicate with vdsm, which I > cannot > > get with the help of sslkeylog file or ld_preload technology. > > Maybe someone knows the exact methodology how to do this correctly? > > > > 3) Turn off ssl in oVirt. It is simple to do that for vdsm, but for > engine, > > according to answers on oVirt site, I should do 2 requests to the > database. > > I was really surprised that psql was not installed by oVirt on my system. > > How did it then created a default database? ( I have chosen to create all > > locally and with default configurations). > > I mean these two commands : > > https://www.ovirt.org/develop/developer-guide/vdsm/ > connecting-development-vdsm-to-engine/ > > . I have a following error there : > > psql: FATAL: Peer authentication failed for user "engine" > > > > Could you please guide my what method is the best and how should I > correct > > my faults there? > > > > > > _______________________________________________ > > Devel mailing list > > Devel@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/devel >
_______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel