Ok, I understood. Thank you for the information. And could you please somehow comment the approach with error sending which I described in a previous email?
четверг, 25 октября 2018 г. пользователь Piotr Kliczewski написал: > > > czw., 25 paź 2018, 06:32 użytkownik Anastasiya Ruzhanskaya < > [email protected]> napisał: > >> Also in official docs of oVirt it is written that xml rpc is used. For >> example here : https://ovirt.org/documentation/architecture/architecture/ >> So, this is an incorrect info, right? >> > > This doc seems not to up to date for quite some time. Now we use jsonrpc > over stomp. > > >> чт, 25 окт. 2018 г. в 7:28, Anastasiya Ruzhanskaya < >> [email protected]>: >> >>> In virt-manager for the same purpose there was an option to send error >>> messages with help of mitmproxy. I modified a little bit this proxy to be >>> able to use it with any tcp connection. >>> And this error message was correctly processed. But the amount of source >>> code for analysis in that case was rather small and I found rather quickly >>> how error messages should be sent and encoded in rpc. >>> >>> Is there any possibility like this here? >>> >>> чт, 25 окт. 2018 г. в 0:47, Piotr Kliczewski <[email protected]>: >>> >>>> >>>> >>>> On Wed, Oct 24, 2018 at 9:34 PM Anastasiya Ruzhanskaya < >>>> [email protected]> wrote: >>>> >>>>> My proxy is based on mitmproxy, so I want to analyze messages coming >>>>> from client to ovirt-engine or from engine to node and based on the >>>>> content >>>>> permit the actions or not. I know that there is access control inside >>>>> oVirt, but I need to implement the similar thing by myself using proxy. >>>>> From ovirt-engine to vdsm it is trickier as there I have no users and >>>>> session ids to identify the actor, I can determine only actions. >>>>> >>>> >>>> By using engine or vdsm certs you could decrypt the traffic. How would >>>> you prevent command from being executed. If you drop packet(s) the engine >>>> would attempt to retry or consider vdsm to be down/dead. In either case >>>> engine would be confused. >>>> I would not recommend such approach because it may prevent you from >>>> using oVirt or break it. >>>> >>>> >>>>> >>>>> But anyway, I can decipher normal rpc ( for virt-manager), got >>>>> familiar with gwt -rpc ( client-engine) and now trying to understand what >>>>> is happening with xml rpc. >>>>> >>>> >>>> As Nir mentioned we estabilish tcp connection and send jsonrpc over >>>> stomp. >>>> >>>> >>>>> >>>>> ср, 24 окт. 2018 г. в 21:41, Nir Soffer <[email protected]>: >>>>> >>>>>> >>>>>> >>>>>> On Wed, 24 Oct 2018, 18:51 Anastasiya Ruzhanskaya, < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> I need this for my proxy, >>>>>>> >>>>>> >>>>>> What is your proxy? >>>>>> >>>>>> I need to do this analysis "online", not just by analyzing the logs >>>>>>> after the action happened. >>>>>>> >>>>>>> ср, 24 окт. 2018 г. в 19:00, Nir Soffer <[email protected]>: >>>>>>> >>>>>>>> >>>>>>>> On Wed, 24 Oct 2018, 13:16 Anastasiya Ruzhanskaya, < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hello! >>>>>>>>> I was successful in deciphering the traffic between the client and >>>>>>>>> ovirt-engine, >>>>>>>>> >>>>>>>> >>>>>>>> Why do you need to do this? it is easier to add logging to vdsm of >>>>>>>> you want to see more info about the messages. >>>>>>>> >>>>>>>> Anyway Piotr may help. >>>>>>>> >>>>>>>> Nir >>>>>>>> >>>>>>>> actually, only by dumping the premaster key from the browser, which >>>>>>>>> was generated during the session and providing it to wireshark. >>>>>>>>> >>>>>>>>> How it can be done for ovirt-engine and vdsm communication? Should >>>>>>>>> the engine private key be provided? Actually to my surprise I don't >>>>>>>>> see any >>>>>>>>> ssl communication between engine and node when for example turn on the >>>>>>>>> virtual machine, only tcp packets. But this page >>>>>>>>> https://ovirt.org/develop/release-management/features/infra/pki/ >>>>>>>>> states that there should be one. And also should I look for any xml >>>>>>>>> rpc >>>>>>>>> dissector? I know that for example virt-manager uses rpc protocol, I >>>>>>>>> found >>>>>>>>> a dissector for that case, but seems I need another one here. >>>>>>>>> _______________________________________________ >>>>>>>>> Devel mailing list -- [email protected] >>>>>>>>> To unsubscribe send an email to [email protected] >>>>>>>>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >>>>>>>>> oVirt Code of Conduct: https://www.ovirt.org/ >>>>>>>>> community/about/community-guidelines/ >>>>>>>>> List Archives: https://lists.ovirt.org/ >>>>>>>>> archives/list/[email protected]/message/ >>>>>>>>> HJOBKO5MOF56NFEXX6Z2T7RBTFX6OACP/ >>>>>>>>> >>>>>>>>
_______________________________________________ Devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/67SVM447T3BVULP23ONTLOFYZW7VTTP5/
