[Engine-devel] Root password to add Host

Alon Bar-Lev alonbl at redhat.com
Tue Apr 30 21:59:05 UTC 2013



----- Original Message -----
> From: "Florian BRUSCHET" <florian.bruschet at gmail.com>
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: "engine-devel" <engine-devel at ovirt.org>
> Sent: Wednesday, May 1, 2013 12:56:07 AM
> Subject: Re: [Engine-devel] Root password to add Host
> 
> I use oVirt 3.x, to install i follow this guide :
> http://wiki.centos.org/HowTos/oVirt

The x is quite important...
rpm -q ovirt-engine

Also, please send your java version:
java -version

> And ovirt-node version is 2.6.0
> 
> [root at scenic ~]# openssl x509 -in /etc/pki/ovirt-engine/certs/engine.cer
> -text
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 2 (0x2)
>         Signature Algorithm: sha1WithRSAEncryption
>         Issuer: C=US, O=lix.polytechnique.fr,
> CN=CA-scenic.lix.polytechnique.fr.20433
>         Validity
>             Not Before: Apr 29 15:11:10 2013
>             Not After : Apr  4 15:11:12 2018 GMT
>         Subject: C=US, O=lix.polytechnique.fr, CN=
> scenic.lix.polytechnique.fr
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>                 Public-Key: (2048 bit)
>                 Modulus:
>                     00:ce:7a:2e:c1:9a:86:2c:c2:76:5e:ea:8b:59:18:
>                     62:7d:7a:9f:55:ff:71:15:f7:93:3f:40:1e:70:5d:
>                     80:43:ea:c7:f4:50:0a:a6:47:2a:f8:07:4d:0c:0a:
>                     4d:01:1e:97:de:36:63:40:df:30:7a:40:9d:34:93:
>                     d6:a8:43:c6:b3:62:c1:de:db:57:d1:fb:b9:c6:e2:
>                     34:65:f2:67:e1:8c:91:67:3f:99:a6:2b:7b:8a:51:
>                     ad:9c:43:c3:a5:cd:c5:a2:29:e9:99:db:ba:f4:76:
>                     d0:e5:41:97:31:fc:13:94:53:af:90:ca:06:aa:7d:
>                     68:04:62:66:a5:90:4b:11:de:07:34:ec:68:89:9c:
>                     13:7b:a2:ba:1f:2a:28:6b:ba:9a:b3:ba:97:5c:96:
>                     cd:1e:2e:e7:fc:bf:20:a2:a5:57:f3:73:8d:12:db:
>                     81:00:53:50:a6:54:e9:14:1e:46:69:08:e2:80:b1:
>                     30:97:89:d3:a1:a2:7a:47:a3:c9:2e:c9:ce:14:74:
>                     92:27:02:58:41:d8:e1:dd:9e:99:26:fa:b0:ad:6c:
>                     e0:11:3f:17:7d:f7:63:27:62:a3:d0:28:f3:1a:91:
>                     ca:65:b7:69:9b:b6:86:85:70:a6:ac:5c:51:e2:ff:
>                     e9:f2:28:78:24:21:28:0c:d0:95:a4:f8:e5:67:15:
>                     d6:77
>                 Exponent: 65537 (0x10001)
>         X509v3 extensions:
>             X509v3 Subject Key Identifier:
>                 4A:E0:DF:6D:4D:AD:03:26:30:B5:D4:D4:DC:69:C5:DA:74:B2:66:AB
>             Authority Information Access:
>                 CA Issuers - URI:
> http://scenic.lix.polytechnique.fr:80/ca.crt
> 
>             X509v3 Authority Key Identifier:
> 
> keyid:7E:D8:AE:56:25:C5:B0:34:96:5A:EA:AF:E9:2D:F3:E0:06:1C:19:D0
>                 DirName:/C=US/O=
> lix.polytechnique.fr/CN=CA-scenic.lix.polytechnique.fr.20433
>                 serial:01
> 
>             X509v3 Basic Constraints:
>                 CA:FALSE
>             X509v3 Key Usage: critical
>                 Digital Signature, Key Encipherment
>             X509v3 Extended Key Usage: critical
>                 TLS Web Server Authentication, TLS Web Client Authentication
>     Signature Algorithm: sha1WithRSAEncryption
>         89:f3:e5:af:a8:98:44:fa:60:52:93:4f:7c:e8:62:78:40:f8:
>         c7:a7:e1:c3:38:b5:7d:4c:5b:7a:df:5d:1b:05:2c:ca:43:ce:
>         a2:8a:f6:fd:02:3e:98:6f:bc:ea:a6:78:f7:e4:7a:4f:49:0c:
>         86:cb:b6:23:2e:b7:93:f1:e8:ba:76:05:21:00:ed:cc:f2:ee:
>         0e:17:dc:21:0a:21:9e:ce:e1:bf:b5:11:d4:a5:d3:31:dd:f4:
>         e3:c7:ea:40:26:27:45:79:9f:2d:79:91:41:03:61:26:51:31:
>         54:d5:06:90:cf:d4:a0:8b:b7:8a:b0:02:b4:37:24:0f:b2:26:
>         99:a9:39:78:48:8a:1b:03:89:64:68:de:9e:cb:fc:99:d6:41:
>         3d:3d:d9:15:8f:f6:ef:3f:b2:51:c8:dd:60:a8:c5:29:88:20:
>         69:b9:8a:23:eb:9b:64:94:cd:ad:e2:f9:7c:0e:d7:92:cf:cb:
>         7d:dd:3b:2d:67:13:1d:c3:0a:51:28:e7:b7:44:36:fa:43:83:
>         80:13:51:ff:f7:1b:22:c0:80:c5:c1:85:90:87:a6:17:46:44:
>         dc:88:1f:16:69:ee:27:44:89:c0:2b:2a:4d:f9:46:fc:50:f1:
>         2c:af:af:c1:30:ee:6f:6c:b5:cd:f5:e7:73:99:b0:ff:36:2c:
>         87:32:66:0e
> -----BEGIN CERTIFICATE-----
> MIIEXjCCA0agAwIBAgIBAjANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJVUzEd
> MBsGA1UEChMUbGl4LnBvbHl0ZWNobmlxdWUuZnIxLTArBgNVBAMTJENBLXNjZW5p
> Yy5saXgucG9seXRlY2huaXF1ZS5mci4yMDQzMzAiFxExMzA0MjkxNTExMTArMDAw
> MBcNMTgwNDA0MTUxMTEyWjBSMQswCQYDVQQGEwJVUzEdMBsGA1UECgwUbGl4LnBv
> bHl0ZWNobmlxdWUuZnIxJDAiBgNVBAMMG3NjZW5pYy5saXgucG9seXRlY2huaXF1
> ZS5mcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM56LsGahizCdl7q
> i1kYYn16n1X/cRX3kz9AHnBdgEPqx/RQCqZHKvgHTQwKTQEel942Y0DfMHpAnTST
> 1qhDxrNiwd7bV9H7ucbiNGXyZ+GMkWc/maYre4pRrZxDw6XNxaIp6ZnbuvR20OVB
> lzH8E5RTr5DKBqp9aARiZqWQSxHeBzTsaImcE3uiuh8qKGu6mrO6l1yWzR4u5/y/
> IKKlV/NzjRLbgQBTUKZU6RQeRmkI4oCxMJeJ06GiekejyS7JzhR0kicCWEHY4d2e
> mSb6sK1s4BE/F333Yydio9Ao8xqRymW3aZu2hoVwpqxcUeL/6fIoeCQhKAzQlaT4
> 5WcV1ncCAwEAAaOCATAwggEsMB0GA1UdDgQWBBRK4N9tTa0DJjC11NTcacXadLJm
> qzBIBggrBgEFBQcBAQQ8MDowOAYIKwYBBQUHMAKGLGh0dHA6Ly9zY2VuaWMubGl4
> LnBvbHl0ZWNobmlxdWUuZnI6ODAvY2EuY3J0MIGDBgNVHSMEfDB6gBR+2K5WJcWw
> NJZa6q/pLfPgBhwZ0KFfpF0wWzELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFGxpeC5w
> b2x5dGVjaG5pcXVlLmZyMS0wKwYDVQQDEyRDQS1zY2VuaWMubGl4LnBvbHl0ZWNo
> bmlxdWUuZnIuMjA0MzOCAQEwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwIAYD
> VR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IB
> AQCJ8+WvqJhE+mBSk0986GJ4QPjHp+HDOLV9TFt6310bBSzKQ86iivb9Aj6Yb7zq
> pnj35HpPSQyGy7YjLreT8ei6dgUhAO3M8u4OF9whCiGezuG/tRHUpdMx3fTjx+pA
> JidFeZ8teZFBA2EmUTFU1QaQz9Sgi7eKsAK0NyQPsiaZqTl4SIobA4lkaN6ey/yZ
> 1kE9PdkVj/bvP7JRyN1gqMUpiCBpuYoj65tklM2t4vl8DteSz8t93TstZxMdwwpR
> KOe3RDb6Q4OAE1H/9xsiwIDFwYWQh6YXRkTciB8Wae4nRInAKypN+Ub8UPEsr6/B
> MO5vbLXN9edzmbD/NiyHMmYO
> -----END CERTIFICATE-----
> 
> 
> 
> 2013/4/30 Alon Bar-Lev <alonbl at redhat.com>
> 
> > Which version do you use?
> >
> > this should not happen...
> >
> > what is the output of:
> >
> > $ openssl x509 -in /etc/pki/ovirt-engine/certs/engine.cer -text
> >
> > ----- Original Message -----
> > > From: "Florian BRUSCHET" <florian.bruschet at gmail.com>
> > > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > > Cc: "engine-devel" <engine-devel at ovirt.org>
> > > Sent: Wednesday, May 1, 2013 12:47:13 AM
> > > Subject: Re: [Engine-devel] Root password to add Host
> > >
> > > Sure,
> > >
> > > 2013-04-30 23:44:35,984 ERROR
> > > [org.ovirt.engine.core.pki.PKIResourceServlet] (ajp--127.0.0.1-8702-4)
> > > Cannot send public key resource '/etc/pki/ovirt-engine/certs/engine.cer'
> > > format 'SSH': java.security.cert.CertificateParsingException: invalid
> > > DER-encoded certificate data
> > >         at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1723)
> > > [rt.jar:1.6.0_24]
> > >         at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:320)
> > > [rt.jar:1.6.0_24]
> > >         at
> > >
> > sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:121)
> > > [rt.jar:1.6.0_24]
> > >         at
> > >
> > java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:322)
> > > [rt.jar:1.6.0_24]
> > >         at
> > >
> > org.ovirt.engine.core.pki.PKIResourceServlet.doGet(PKIResourceServlet.java:83)
> > > [classes:]
> > >         at javax.servlet.http.HttpServlet.service(HttpServlet.java:734)
> > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
> > >         at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
> > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
> > >         at
> > >
> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
> > > [jbossweb-7.0.13.Final.jar:]
> > >         at
> > >
> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > > [jbossweb-7.0.13.Final.jar:]
> > >         at
> > >
> > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
> > > [jbossweb-7.0.13.Final.jar:]
> > >         at
> > >
> > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
> > > [jbossweb-7.0.13.Final.jar:]
> > >         at
> > >
> > org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
> > > [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
> > >         at
> > >
> > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
> > > [jbossweb-7.0.13.Final.jar:]
> > >         at
> > >
> > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> > > [jbossweb-7.0.13.Final.jar:]
> > >         at
> > org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466)
> > > [jbossweb-7.0.13.Final.jar:]
> > >         at
> > >
> > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> > > [jbossweb-7.0.13.Final.jar:]
> > >         at
> > >
> > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
> > > [jbossweb-7.0.13.Final.jar:]
> > >         at
> > > org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505)
> > > [jbossweb-7.0.13.Final.jar:]
> > >         at
> > >
> > org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
> > > [jbossweb-7.0.13.Final.jar:]
> > >         at
> > > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
> > > [jbossweb-7.0.13.Final.jar:]
> > >         at java.lang.Thread.run(Thread.java:679) [rt.jar:1.6.0_24]
> > >
> > >
> > >
> > > 2013/4/30 Alon Bar-Lev <alonbl at redhat.com>
> > >
> > > >
> > > > Can you please attach /var/log/ovirt-engine/engine.log?
> > > >
> > > > ----- Original Message -----
> > > > > From: "Florian BRUSCHET" <florian.bruschet at gmail.com>
> > > > > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > > > > Cc: "engine-devel" <engine-devel at ovirt.org>
> > > > > Sent: Wednesday, May 1, 2013 12:33:38 AM
> > > > > Subject: Re: [Engine-devel] Root password to add Host
> > > > >
> > > > > Ok this what I have done, I see it, I specify the engine address,
> > then he
> > > > > ask me to "Retrieve Certificate" i do it, it works. After I choose
> > "Save
> > > > &
> > > > > Register", i can see "Activating VDMS", and "All changes were applied
> > > > > successfully". But nothing in the engine ...
> > > > > I tryed the other way but don't work too ... for this solution i'm
> > nearly
> > > > > sure that it's cause the password is wrong, it isn't the one which i
> > > > > specified in ovirt-node.
> > > > >
> > > > >
> > > > > 2013/4/30 Alon Bar-Lev <alonbl at redhat.com>
> > > > >
> > > > > >
> > > > > > Please reply to 'all'.
> > > > > >
> > > > > > When you login as admin you should be presented with Text User
> > > > Interface.
> > > > > > Within this interface there should be options on the left and a
> > dialog
> > > > on
> > > > > > the right.
> > > > > > At the left you should see 'ovirt-engine' or similar option, when
> > > > > > selecting it, you should see on the right an input field of
> > address of
> > > > the
> > > > > > ovirt-engine server, specifying the engine address and selecting
> > apply
> > > > will
> > > > > > initiate registration into the engine.
> > > > > >
> > > > > > Once registered, you should see the host in the engine, select it
> > and
> > > > > > click on "Approve".
> > > > > >
> > > > > > Another option is to specify password at the same dialog without
> > > > filling
> > > > > > the engine address. This password may be used as the password
> > withi the
> > > > > > 'Add Host' dialog.
> > > > > >
> > > > > > Alon
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > > From: "Florian BRUSCHET" <florian.bruschet at gmail.com>
> > > > > > > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > > > > > > Sent: Wednesday, May 1, 2013 12:00:01 AM
> > > > > > > Subject: Re: [Engine-devel] Root password to add Host
> > > > > > >
> > > > > > > I think I don't really understand what you call TUI?
> > > > > > > Yes I'm log as admin on ovirt-node to use Hypervisor
> > > > > > >
> > > > > > > (And sorry if I make some language faults English isn't my native
> > > > > > language
> > > > > > > ^^)
> > > > > > >
> > > > > > >
> > > > > > > 2013/4/30 Alon Bar-Lev <alonbl at redhat.com>
> > > > > > >
> > > > > > > >
> > > > > > > > You cannot do this via agent by via the TUI of the ovirt-node.
> > > > > > > >
> > > > > > > > Just to make sure, you are using ovirt-node as hypervisor,
> > right?
> > > > > > > >
> > > > > > > > ----- Original Message -----
> > > > > > > > > From: "Florian BRUSCHET" <florian.bruschet at gmail.com>
> > > > > > > > > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > > > > > > > > Sent: Tuesday, April 30, 2013 11:47:53 PM
> > > > > > > > > Subject: Re: [Engine-devel] Root password to add Host
> > > > > > > > >
> > > > > > > > > Oh ok, i didn't know ...
> > > > > > > > >
> > > > > > > > > I was looking my oVirt Engine and i don't understand how i
> > can
> > > > add an
> > > > > > > > Host
> > > > > > > > > without this password ...
> > > > > > > > > For me i have to right click on the Hosts panel, select "new"
> > > > and it
> > > > > > asks
> > > > > > > > > me to give name, address and Root password.
> > > > > > > > > I have already register this Host from oVirt Node
> > Hypervisor, i
> > > > add
> > > > > > my
> > > > > > > > > Management Server and there is no problem i can see
> > "Certificate
> > > > > > Status :
> > > > > > > > > Verified" but this Host don't appears in the Web page ...
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > 2013/4/30 Alon Bar-Lev <alonbl at redhat.com>
> > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > ----- Original Message -----
> > > > > > > > > > > From: "Florian BRUSCHET" <florian.bruschet at gmail.com>
> > > > > > > > > > > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > > > > > > > > > > Sent: Tuesday, April 30, 2013 11:06:14 PM
> > > > > > > > > > > Subject: Re: [Engine-devel] Root password to add Host
> > > > > > > > > > >
> > > > > > > > > > > For me single mode it's when you add "single" at the end
> > of
> > > > the
> > > > > > > > kernel
> > > > > > > > > > > commande line like that you boot on shell commande as
> > > > > > > > > > > root at localhostand
> > > > > > > > > > > you can do what you want.
> > > > > > > > > >
> > > > > > > > > > Oh... this is "single user mode"... :)
> > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > I will try it soon!
> > > > > > > > > > >
> > > > > > > > > > > Thank you
> > > > > > > > > > >
> > > > > > > > > > > Florian
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > 2013/4/30 Alon Bar-Lev <alonbl at redhat.com>
> > > > > > > > > > >
> > > > > > > > > > > > What is 'single mode'?
> > > > > > > > > > > >
> > > > > > > > > > > > You should be able to set root password via node TUI,
> > at
> > > > ovirt
> > > > > > tab.
> > > > > > > > > > > > Or... you can simply perform registration via the node
> > > > TUI, so
> > > > > > you
> > > > > > > > > > don't
> > > > > > > > > > > > need to specify password at all.
> > > > > > > > > > > >
> > > > > > > > > > > > ----- Original Message -----
> > > > > > > > > > > > > From: "Florian BRUSCHET" <florian.bruschet at gmail.com
> > >
> > > > > > > > > > > > > To: engine-devel at ovirt.org
> > > > > > > > > > > > > Sent: Tuesday, April 30, 2013 7:28:12 PM
> > > > > > > > > > > > > Subject: [Engine-devel] Root password to add Host
> > > > > > > > > > > > >
> > > > > > > > > > > > > Hi,
> > > > > > > > > > > > >
> > > > > > > > > > > > > I try to add Host from oVirt Engine Web
> > Administration,
> > > > but
> > > > > > it
> > > > > > > > asks
> > > > > > > > > > me to
> > > > > > > > > > > > > give a Root Password (It's not the same that i used
> > to
> > > > log in
> > > > > > > > admin
> > > > > > > > > > on
> > > > > > > > > > > > the
> > > > > > > > > > > > > Node).
> > > > > > > > > > > > > Do i really need this Root Password? Because i can't
> > > > have it
> > > > > > and
> > > > > > > > i
> > > > > > > > > > don't
> > > > > > > > > > > > want
> > > > > > > > > > > > > to change it by using single mode...
> > > > > > > > > > > > > There is an other solution to add Hosts?
> > > > > > > > > > > > >
> > > > > > > > > > > > > Thank you,
> > > > > > > > > > > > >
> > > > > > > > > > > > > Florian BRUSCHET
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > > _______________________________________________
> > > > > > > > > > > > > Engine-devel mailing list
> > > > > > > > > > > > > Engine-devel at ovirt.org
> > > > > > > > > > > > > http://lists.ovirt.org/mailman/listinfo/engine-devel
> > > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> 



More information about the Devel mailing list