Re: [libvirt-users] Python Libvirt Bindings

https://www.redhat.com/archives/libvirt-users/2012-May/msg00005.html When I run the sample code with the case of Python code for using qemu+tcp with SASL, I always got this SASL error: Traceback (most recent call last): File "esxList.py", line 102, in ? conn = libvirt.openAuth(uri, auth, 0) File "/usr/lib/python2.4/site-packages/libvirt.py", line 102, in openAuth if ret is None:raise libvirtError('virConnectOpenAuth() failed') libvirt.libvirtError: authentication failed: Failed to start SASL negotiation: -4 (SASL(-4): no mechanism available: I have no problem to run the C&java code with qemu+tcp with SASL. Is it possible an error of Python binding? Thanks, -Hubert

On 05/21/2012 08:03 PM, Hubert Zhang wrote:
https://www.redhat.com/archives/libvirt-users/2012-May/msg00005.html
When I run the sample code with the case of Python code for using qemu+tcp with SASL, I always got this SASL error:
Traceback (most recent call last): File "esxList.py", line 102, in ? conn = libvirt.openAuth(uri, auth, 0) File "/usr/lib/python2.4/site-packages/libvirt.py", line 102, in openAuth if ret is None:raise libvirtError('virConnectOpenAuth() failed') libvirt.libvirtError: authentication failed: Failed to start SASL negotiation: -4 (SASL(-4): no mechanism available:
I have no problem to run the C&java code with qemu+tcp with SASL. Is it possible an error of Python binding?
Thanks, -Hubert
Hello, I tried to reproduce this issue and I almost got to the same point as you did. Explaining how and why would take a very long time and probably wouldn't be that interesting, so I'll skip to the point. I was reading through the documentation and there's probably a little mistake (to be sure, I have to look at it), but what worked for me was putting client certificate info into '/etc/pki/libvirt/' instead of '/etc/pki/libvirt/private/'. I also couldn't run the server with server certificates in '/etc/pki/libvirt/' and had to put them in '/etc/pki/libvirt/private/', that's why I'm thinking this will be just a mistake in the docs. I'll have a look at it and fix it if it's like this. Maybe it seems like this could not be the problem, because you get this error only when using python, but what I think is, that by modifying esxlist.py, you used 'qemu://<hostname>/system' or something like that and that is not the same as 'qemu+tcp'. The reason is that when the connection is not specified, than for remote connections it defaults to tls, so you were using 'qemu(+tls)' in python, but tested it in virsh with 'qemu+tcp'. Definitely try virsh with 'qemu+tls', I bet you'll see error as well and then try moving the certificates as I did and I hope everything will work for you then. Have a nice day, Martin

On 05/22/2012 10:04 AM, Martin Kletzander wrote: [...]
I'll have a look at it and fix it if it's like this.
Going through the docs, I realized I made a mistake and I've set up the keys incorrectly (I should read more slowly and twice) and the documentation is right. '*key*.pem' goes to '/etc/pki/libvirt/private/' and '*cert*.pem' into '/etc/pki/libvirt/', so it's my fault. Sorry for the confusion. However, I'd still recommend to check this on your machine as I ran into the same error with my bad setup. Martin
participants (2)
-
Hubert Zhang
-
Martin Kletzander