<p>The pki folder is likely to be a problem but the backups folder is populated. Is there a way to remove client certs from hosts to restore access with a host add process?</p>
<div class="gmail_quote">On Feb 6, 2013 9:24 AM, "Juan Hernandez" <<a href="mailto:jhernand@redhat.com">jhernand@redhat.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 02/06/2013 03:02 PM, Jim Kinney wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
as things stand now:<br>
<br>
I manually reinstalled 3.1, then dropped the engine database and<br>
restored from the backup. There were some errors at the end. Even though<br>
I used all the same passwords, the admin@internal account was not<br>
working. Used engine-config -s LocalAdminPassword='*****' to fix. On log<br>
in, everything is down, offline, unreachable. No hosts can be contacted.<br>
No storage is connected. Can't add a new host.<br>
<br>
crud.<br>
<br>
I copied the database backup and removed all the db creation part<br>
leaving just the data "copy into..." section (that was fun). Ran<br>
engine-cleanup then engine-setup then tried to restore just the data.<br>
<br>
no joy there either.<br>
<br>
The system is CentOS 6.3 as are the hosts. This ran wonderfully until I<br>
goofed trying to get the cli and sdk updated. Without the database<br>
working, I have no way to know what vm is what in the ISCSI LVM storage<br>
system to even export to another platform.<br>
<br>
So I'm assuming my next step is panic (or total reinstall from bare<br>
iron?). I'm setting this up at work and today is my last day as I'm<br>
moving to a new job at a totally different organization. I'd hate to<br>
walk out and lose all the windows VMs and templates that were built over<br>
the last 2 months.<br>
</blockquote>
<br>
Do you still have the original backup of the database and the contents of the original /etc/pki/ovirt-engine directory? With those two things it is possible to recover.<br>
<br>
I would suggest the following procedure:<br>
<br>
1. Make a clean installation of 3.1, exactly the same version that you had before trying to update (make a backup of the database and of the /etc/pki/ovirt-engine directory before, just in case). During this installation use the answers that you used during the initial installation (specially the passwords).<br>
<br>
2. Stop the engine, then drop and recover the database as you already did.<br>
<br>
3. Restore the contents of the /etc/pki/ovirt-engine directory.<br>
<br>
4. Start the engine.<br>
<br>
You should be able to log in with the same credentials that you used in the original installation.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
On Wed, Feb 6, 2013 at 8:43 AM, Jim Kinney <<a href="mailto:jim.kinney@gmail.com" target="_blank">jim.kinney@gmail.com</a><br>
<mailto:<a href="mailto:jim.kinney@gmail.com" target="_blank">jim.kinney@gmail.com</a>>> wrote:<br>
<br>
added 3.2 lines to dre ovirt yum repo (and disabled 3.1 - probably<br>
not good) and did engine-upgrade.<br>
<br>
Process choked at opening the CA cert and proceeded to "rollback".<br>
Didn't actually roll back as 3.1 repo was disabled.<br>
<br>
System still has 3.2 installed. Did yum update to pull in the<br>
cli/sdk 3.2 (wish I had done that first!).<br>
<br>
Engine starts but fails to open CA to run gui. found following in log:<br>
<br>
2013-02-05 14:02:40,825 ERROR [org.ovirt.engine.core.<br>
engineencryptutils.<u></u>EncryptionUtils] (MSC service thread 1-16) Can't<br>
load keystore from file "/etc/pki/ovirt-engine/.<u></u>keystore".<br>
IOException: DerInputStream.getLength(): lengthTag=109, too big.<br>
2013-02-05 14:02:40,826 ERROR<br>
[org.ovirt.engine.core.<u></u>engineencryptutils.<u></u>EncryptionUtils] (MSC<br>
service thread 1-16) Failed to decrypt java.io.IOException:<br>
DerInputStream.getLength(): lengthTag=109, too big.<br>
2013-02-05 14:02:40,827 ERROR<br>
[org.ovirt.engine.core.dal.<u></u>dbbroker.generic.<u></u>DBConfigUtils] (MSC<br>
service thread 1-16) Failed to decrypt value for property<br>
TruststorePass will be used encrypted value<br>
2013-02-05 14:02:40,829 WARN<br>
[org.ovirt.engine.core.utils.<u></u>ConfigUtilsBase] (MSC service thread<br>
1-16) Could not find enum value for option: CertificatePassword<br>
2013-02-05 14:02:40,830 ERROR<br>
[org.ovirt.engine.core.<u></u>engineencryptutils.<u></u>EncryptionUtils] (MSC<br>
service thread 1-16) Can't load keystore from file<br>
"/etc/pki/ovirt-engine/.<u></u>keystore". IOException:<br>
DerInputStream.getLength(): lengthTag=109, too big.<br>
2013-02-05 14:02:40,830 ERROR<br>
[org.ovirt.engine.core.<u></u>engineencryptutils.<u></u>EncryptionUtils] (MSC<br>
service thread 1-16) Failed to decrypt java.io.IOException:<br>
DerInputStream.getLength(): lengthTag=109, too big.<br>
2013-02-05 14:02:40,831 ERROR<br>
[org.ovirt.engine.core.dal.<u></u>dbbroker.generic.<u></u>DBConfigUtils] (MSC<br>
service thread 1-16) Failed to decrypt value for property<br>
LocalAdminPassword will be used encrypted value<br>
2013-02-05 14:02:40,833 ERROR<br>
[org.ovirt.engine.core.<u></u>engineencryptutils.<u></u>EncryptionUtils] (MSC<br>
service thread 1-16) Can't load keystore from file<br>
"/etc/pki/ovirt-engine/.<u></u>keystore". IOException:<br>
DerInputStream.getLength(): lengthTag=109, too big.<br>
2013-02-05 14:02:40,834 ERROR<br>
[org.ovirt.engine.core.<u></u>engineencryptutils.<u></u>EncryptionUtils] (MSC<br>
service thread 1-16) Failed to decrypt java.io.IOException:<br>
DerInputStream.getLength(): lengthTag=109, too big.<br>
<br>
<br>
On Tue, Feb 5, 2013 at 6:11 AM, Michael Pasternak<br>
<<a href="mailto:mpastern@redhat.com" target="_blank">mpastern@redhat.com</a> <mailto:<a href="mailto:mpastern@redhat.com" target="_blank">mpastern@redhat.com</a>>> wrote:<br>
<br>
<br>
Hi Jim,<br>
<br>
On 02/04/2013 08:33 PM, Jim Kinney wrote:<br>
> I'm trying to setup a way to restart a large group of windows<br>
vms on a schedule. I'm getting a connection failure that seems<br>
related to the use of https but I'm not sure.<br>
><br>
> error: __init__() got an unexpected keyword argument<br>
'source_address'<br>
<br>
This error is caused by running ovirt-sdk on a older version of<br>
python (less then python27),<br>
please upgrade your sdk/cli with one shipped in 3.2 (it's<br>
backward compatible to 3.1).<br>
<br>
><br>
> I ran:<br>
> ovirt-shell -A <path to server cert/certfile exported from<br>
browser> -c<br>
><br>
> and my .ovirtshellrc is:<br>
><br>
> [ovirt-shell]<br>
> username = "admin@internal"<br>
> url = <a href="https://my.internal.url/api" target="_blank">https://my.internal.url/api</a><br>
> #insecure = False<br>
> #filter = False<br>
> #timeout = -1<br>
> password = **********************<br>
><br>
><br>
> I tried putting the ca_cert = <path to cert> but that clearly<br>
was not allowed in .ovirtshellrc<br>
<br>
not related, but supported in 3.2 cli.<br>
<br>
><br>
> ideas?<br>
> --<br>
> --<br>
> James P. Kinney III<br>
> ////<br>
> ////Every time you stop a school, you will have to build a<br>
jail. What you gain at one end you lose at the other. It's like<br>
feeding a dog on his own tail. It won't fatten<br>
> the dog.<br>
> - Speech 11/23/1900 Mark Twain<br>
> ////<br>
> <a href="http://electjimkinney.org" target="_blank">http://electjimkinney.org</a><br>
> <a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.<u></u>blogspot.com/</a><br>
> ////<br>
><br>
><br>
><br>
> ______________________________<u></u>_________________<br>
> Users mailing list<br>
> <a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>><br>
> <a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/<u></u>mailman/listinfo/users</a><br>
<br>
<br>
--<br>
<br>
Michael Pasternak<br>
RedHat, ENG-Virtualization R&D<br>
<br>
<br>
<br>
<br>
--<br>
--<br>
James P. Kinney III<br>
////<br>
////Every time you stop a school, you will have to build a jail.<br>
What you gain at one end you lose at the other. It's like feeding a<br>
dog on his own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br>
////<br>
<a href="http://electjimkinney.org" target="_blank">http://electjimkinney.org</a><br>
<a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.<u></u>blogspot.com/</a><br>
////<br>
<br>
<br>
<br>
<br>
--<br>
--<br>
James P. Kinney III<br>
////<br>
////Every time you stop a school, you will have to build a jail. What<br>
you gain at one end you lose at the other. It's like feeding a dog on<br>
his own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br>
////<br>
<a href="http://electjimkinney.org" target="_blank">http://electjimkinney.org</a><br>
<a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.<u></u>blogspot.com/</a><br>
////<br>
<br>
<br>
______________________________<u></u>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/<u></u>mailman/listinfo/users</a><br>
<br>
</blockquote>
<br>
<br>
-- <br>
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain<br>
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.<br>
</blockquote></div>