<div dir="ltr">Hi.<div><br></div><div>I made some changes and now there are fresh installations, and durring add new node I got the same issue:</div><div><br></div><div><div>2017-01-07 07:44:08,847 ERROR [org.ovirt.engine.core.bll.hostdeploy.AddVdsCommand] (default task-49) [c5fb7a0] Failed to establish session with host 'node1': SSH session closed during connection '<a href="mailto:root@10.30.30.51">root@10.30.30.51</a>'</div><div>2017-01-07 07:44:08,847 WARN [org.ovirt.engine.core.bll.hostdeploy.AddVdsCommand] (default task-49) [c5fb7a0] Validation of action 'AddVds' failed for user admin@internal-authz. Reasons: VAR__ACTION__ADD,VAR__TYPE__HOST,$server 10.30.30</div><div>.51,VDS_CANNOT_CONNECT_TO_SERVER</div></div><div><br></div><div>on both servers are this fresh installed system:</div><div><br></div><div>CentOS Linux release 7.3.1611 (Core)</div><div><br></div><div>Here are some informations about you asked last time:</div><div><br></div><div><div>[root@ovirt ovirt-engine]# rpm -qa | grep ovirt</div><div>ovirt-imageio-common-0.4.0-1.el7.noarch</div><div>python-ovirt-engine-sdk4-4.0.2-1.el7.centos.x86_64</div><div>ovirt-imageio-proxy-setup-0.4.0-0.201608310602.gita9b573b.el7.centos.noarch</div><div>ovirt-engine-websocket-proxy-4.0.5.5-1.el7.centos.noarch</div><div>ovirt-engine-dashboard-1.0.5-1.el7.centos.noarch</div><div>ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.0.5.5-1.el7.centos.noarch</div><div>ovirt-engine-backend-4.0.5.5-1.el7.centos.noarch</div><div>ovirt-engine-extension-aaa-jdbc-1.1.1-1.el7.noarch</div><div>ovirt-host-deploy-1.5.3-1.el7.centos.noarch</div><div>ovirt-engine-wildfly-overlay-10.0.0-1.el7.noarch</div><div>ovirt-engine-setup-base-4.0.5.5-1.el7.centos.noarch</div><div>ovirt-vmconsole-proxy-1.0.4-1.el7.centos.noarch</div><div>ovirt-host-deploy-java-1.5.3-1.el7.centos.noarch</div><div>ovirt-release40-4.0.5-2.noarch</div><div>ovirt-engine-setup-plugin-ovirt-engine-common-4.0.5.5-1.el7.centos.noarch</div><div>ovirt-engine-dwh-4.0.5-1.el7.centos.noarch</div><div>ovirt-imageio-proxy-0.4.0-0.201608310602.gita9b573b.el7.centos.noarch</div><div>ovirt-engine-setup-plugin-websocket-proxy-4.0.5.5-1.el7.centos.noarch</div><div>ovirt-iso-uploader-4.0.2-1.el7.centos.noarch</div><div>ovirt-engine-dbscripts-4.0.5.5-1.el7.centos.noarch</div><div>ovirt-engine-webadmin-portal-4.0.5.5-1.el7.centos.noarch</div><div>ovirt-engine-setup-4.0.5.5-1.el7.centos.noarch</div><div>ovirt-engine-vmconsole-proxy-helper-4.0.5.5-1.el7.centos.noarch</div><div>ovirt-engine-userportal-4.0.5.5-1.el7.centos.noarch</div><div>ovirt-engine-restapi-4.0.5.5-1.el7.centos.noarch</div><div>ovirt-setup-lib-1.0.2-1.el7.centos.noarch</div><div>ovirt-engine-sdk-python-3.6.9.1-1.el7.centos.noarch</div><div>ovirt-engine-extensions-api-impl-4.0.5.5-1.el7.centos.noarch</div><div>ovirt-engine-wildfly-10.1.0-1.el7.x86_64</div><div>ovirt-engine-lib-4.0.5.5-1.el7.centos.noarch</div><div>ovirt-vmconsole-1.0.4-1.el7.centos.noarch</div><div>ovirt-engine-cli-3.6.8.1-1.el7.centos.noarch</div><div>ovirt-engine-dwh-setup-4.0.5-1.el7.centos.noarch</div><div>ovirt-engine-tools-backup-4.0.5.5-1.el7.centos.noarch</div><div>ovirt-image-uploader-4.0.1-1.el7.centos.noarch</div><div>ovirt-engine-tools-4.0.5.5-1.el7.centos.noarch</div><div>ovirt-engine-setup-plugin-ovirt-engine-4.0.5.5-1.el7.centos.noarch</div><div>ovirt-engine-4.0.5.5-1.el7.centos.noarch</div><div><br></div></div><div><br></div><div><div>[root@ovirt ovirt-engine]# tail -33f server.log</div><div>2017-01-07 07:44:08,843 INFO [org.apache.sshd.client.session.ClientSessionImpl] (sshd-SshClient[4b16ff17]-nio2-thread-2) Server version string: SSH-2.0-OpenSSH_6.6.1</div><div>2017-01-07 07:44:08,844 WARN [org.apache.sshd.client.session.ClientSessionImpl] (sshd-SshClient[4b16ff17]-nio2-thread-2) Exception caught: java.lang.IllegalStateException: Unable to negotiate key exchange for kex algorithms (client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1 / server: diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1)</div><div> at org.apache.sshd.common.session.AbstractSession.negotiate(AbstractSession.java:1109)</div><div> at org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:357)</div><div> at org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:295)</div><div> at org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:256)</div><div> at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:731)</div><div> at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:277)</div><div> at org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)</div><div> at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:187)</div><div> at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173)</div><div> at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)</div><div> at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_111]</div><div> at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)</div><div> at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) [rt.jar:1.8.0_111]</div><div> at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157) [rt.jar:1.8.0_111]</div><div> at sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553) [rt.jar:1.8.0_111]</div><div> at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:276) [rt.jar:1.8.0_111]</div><div> at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:297) [rt.jar:1.8.0_111]</div><div> at java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:420) [rt.jar:1.8.0_111]</div><div> at org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:173)</div><div> at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:189)</div><div> at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173)</div><div> at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)</div><div> at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_111]</div><div> at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)</div><div> at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) [rt.jar:1.8.0_111]</div><div> at sun.nio.ch.Invoker$2.run(Invoker.java:218) [rt.jar:1.8.0_111]</div><div> at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) [rt.jar:1.8.0_111]</div><div> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_111]</div><div> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_111]</div><div> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_111]</div></div><div><br></div><div><br></div><div><br></div><div>In the end server (oVirt Node) in /var/log/secure.log:</div><div><br></div><div>Jan 7 08:10:26 ns3047117 sshd[30377]: fatal: Unable to negotiate a key exchange method [preauth]<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-12-01 8:22 GMT+01:00 Yedidyah Bar David <span dir="ltr"><<a href="mailto:didi@redhat.com" target="_blank">didi@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">(Adding the list. Please reply also to the list and not only<br>
to specific people. Thanks).<br>
<br>
On Wed, Nov 30, 2016 at 9:01 PM, Grzegorz Szypa<br>
<<a href="mailto:grzegorz.szypa@gmail.com">grzegorz.szypa@gmail.com</a>> wrote:<br>
> Hi.<br>
><br>
<span class="">> It works.<br>
><br>
> Problem I think are in other side, maybe I explain my landscape:<br>
><br>
> oVirt Engine is VM on after NAT, but currectly this way are disabled and now<br>
> only work direct access to Internet via dedicated WAN IP, and oVirt Node are<br>
> VM also under separat WAN IP, but still the same problem. I think there is<br>
> no problem with SSH configuration because setting it as self-hosted engine<br>
> work fine<br>
<br>
</span>What OS is on each of the engine and host?<br>
<br>
Did you change any configuration of sshd on the host,<br>
compared to the OS's defaults?<br>
<br>
Please check/share the output of previous ssh command, but<br>
with '-v' appended.<br>
<br>
Please also share more of the engine log, starting with a line<br>
containing 'AddVdsCommand'.<br>
<br>
Please attach output of: 'rpm -qa | grep ovirt'.<br>
<br>
Thanks,<br>
<div class="HOEnZb"><div class="h5"><br>
><br>
><br>
> 2016-11-30 14:18 GMT+01:00 Yedidyah Bar David <<a href="mailto:didi@redhat.com">didi@redhat.com</a>>:<br>
>><br>
>> On Wed, Nov 30, 2016 at 1:58 PM, Grzegorz Szypa<br>
>> <<a href="mailto:grzegorz.szypa@gmail.com">grzegorz.szypa@gmail.com</a>> wrote:<br>
>> > Hi.<br>
>> ><br>
>> > Did you meet ever with problem, when you try to add new node to quite<br>
>> > new<br>
>> > oVirt Engine via Gui and get Error :<br>
>> ><br>
>> > engine.log:<br>
>> ><br>
>> > 2016-11-30 12:50:55,453 ERROR<br>
>> > [org.ovirt.engine.core.bll.<wbr>hostdeploy.AddVdsCommand] (default task-23)<br>
>> > [178c9385] Failed to establish session with host 'node1': SSH session<br>
>> > closed<br>
>> > during connection '["my new node"]'<br>
>> > 2016-11-30 12:50:55,453 WARN<br>
>> > [org.ovirt.engine.core.bll.<wbr>hostdeploy.AddVdsCommand] (default task-23)<br>
>> > [178c9385] Validation of action 'AddVds' failed for user<br>
>> > admin@internal-authz. Reasons: VAR__ACTION__ADD,VAR__TYPE__<wbr>HOST,$server<br>
>> > <a href="http://vmsrv1.szypa.net" rel="noreferrer" target="_blank">vmsrv1.szypa.net</a>,VDS_CANNOT_<wbr>CONNECT_TO_SERVER<br>
>> ><br>
>> ><br>
>> ><br>
>> > in the end node I only got error that there is not possible, to exchange<br>
>> > key<br>
>> > between two hosts:<br>
>> ><br>
>> > there is log form /var/log/secure:<br>
>> ><br>
>> > fatal: Unable to negotiate a key exchange method [preauth]<br>
>> ><br>
>> > In network I found that it could be a problem with key exchange method,<br>
>> > which is not available on some host.<br>
>> ><br>
>> > SSH connection between this two hosts work fine so I do not understand<br>
>> > why<br>
>> > it does not work?<br>
>><br>
>> Please try this, from the engine machine, as user root:<br>
>><br>
>> ssh -i /etc/pki/ovirt-engine/keys/<wbr>engine_id_rsa HOST<br>
>><br>
>> Replace "HOST" with the name or address you input in the field "Address"<br>
>> in the "New Host" dialog. I think that's 'node1', from above.<br>
>><br>
>> Does it work? If not, please check sshd configuration/logs on the host.<br>
>><br>
>> Best,<br>
>> --<br>
>> Didi<br>
><br>
><br>
><br>
><br>
> --<br>
> G.Sz.<br>
<br>
<br>
<br>
</div></div><span class="HOEnZb"><font color="#888888">--<br>
Didi<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>G.Sz.</div></div></div>
</div>