On 05/01/2012 10:30 AM, Doron Fediuck wrote:
On 30/04/12 19:23, Itamar Heim wrote:
> On 04/30/2012 06:45 PM, Sascha Littel wrote:
>> Am Montag, 30. April 2012, 16:45:12 schrieben Sie:
>>> Hi Sasha,
>>> This may be an issue of SSH authentication method.
>>> Can you please check you SSH server in the host-
>>> Password auth should be password and not Keyboard-interactive.
>>> This may lead to SSH auth failure as you engine log indicates.
>> Thanks dude this was the hint I need. I changed the PasswordAuthentication in
>> /etc/ssh/sshd_config. Now I can add the vdsm into the oVirt engine host. Now
>> the real work can beginn.
>
> Doron - can we catch this error and give this hint to users as something worth
checking?
>
(added engine-devel, as this extends to the engine side).
AFAICT, we get auth failure, with no reason.
In order to handle it we can go in to ways (need to decide)-
1. Add the keyboard-interactive auth to Mina SSHD.
There's a guy who added it[a] and we may try and ask for hints from him.
I know that patches are welcomed there as well ;)
2. Try to diagnose the failure we get, or scan Mina's err / debug stream.
I suspect we should be able to see something like:
debug1: Authentications that can continue: password,publickey
...
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
So if server does not report 'password' as an option we could give a better
auth-failure message.
It will be nice if someone from our community could pick this up,
and if not this would be a nice feature for one of the coming versions.
indeed.
Sascha - care to document this issue and details in a bug to begin with?
thanks,
Itamar
[a]
http://mail-archives.apache.org/mod_mbox/mina-dev/201112.mbox/%3CCACPdTxM...
>>>
>>>> Am Montag, 30. April 2012, 13:09:25 schrieben Sie:
>>>>> On 04/30/2012 02:07 PM, Sascha Littel wrote:
>>>>>> Am Montag, 30. April 2012, 05:04:09 schrieben Sie:
>>>>>>> On 04/29/2012 10:24 PM, S. Littel wrote:
>>>>>>>> Hi everybody, I'm working currently on a running
version of vdsm
>>>>>>>> 4.9.1 for openSuSE 11.3. I'm changing many lines in
the start/stop
>>>>>>>> scripts e.g. paths, rc commands. Most of this work looks
fine but
>>>>>>>> if I try to get a connection between the oVirt engine
(runs on a
>>>>>>>> openSuSE 12.1) and the vdsm host I get a ssl error. Also
after
>>>>>>>> setting ssl in vdsm.conf to false and changing the
settings in
>>>>>>>> oVirt engine database I still get this error.
>>>>>>>
>>>>>>> which settings are you changing in the db?
>>>>>>
>>>>>> I changed the seetings in the database with this 2 commands:
>>>>> did you restart engine after changing these?
>>>>
>>>> Yes. I found this page in the oVirt Wiki:
>>>>
http://ovirt.org/w/index.php?title=OVirt_-
>>>> _disable_SSL_in_VDSM&diff=3036&oldid=prev
>>>>
>>>>>> psql engine -U postgres -c "UPDATE vdc_options set
option_value =
>>>>>> 'false' where option_name = 'SSLEnabled'"
>>>>>>
>>>>>> psql engine -U postgres -c "UPDATE vdc_options set
option_value =
>>>>>> 'false' where option_name =
'UseSecureConnectionWithServers'"
>>>>>>
>>>>>>> UseSecureConnectionWithServers?
>>>>>>
>>>>>> Yes.
>>>>>>
>>>>>>>> So the general question, is there someone working on a
openSuSE 11.3
>>>>>>>> or 11.4 version of vdsm? Or someone who has experience
how to get
>>>>>>>> it work?
>>>>>>>>
>>>>>>>> Regards
>>>>>>>>
>>>>>>>> Sascha Littel
>>>>>>
>>>>>> Here is the failure massage from the vdsm-reg.log I get on the
vdsm
>>>>>> host:
>>>>>>
>>>>>> SSLError: [Errno 185090050] _ssl.c:328: error:0B084002:x509
>>>>>> certificate routines:X509_load_cert_crl_file:system lib
>>>>>> MainThread::DEBUG::::deployUtil::1413::root::getRemoteFile end.
>>>>>> MainThread::DEBUG::::deployUtil::621::root::handleSSHKey start
>>>>>> MainThread::ERROR::::deployUtil::614::root::restorecon
>>>>>> /root/.ssh/authorized_keys failed
>>>>>>
>>>>>> And this is the failure message from engine.log on the oVirt
engine
>>>>>> host:
>>>>>>
>>>>>> ERROR
[org.ovirt.engine.core.utils.hostinstall.MinaInstallWrapper]
>>>>>> (http--0.0.0.0-8443-1) Could not connect to server
>>>>>>
xen007.f1.aiges.net: Failed connecting
>>>>>>
>>>>>> to
xen007.f1.aiges.net using given password! Please verify
your
>>>>>> password is
>>>>>>
>>>>>> correct and that the host accepts password-based authentication
>>>>>> WARN [org.ovirt.engine.core.bll.AddVdsCommand]
(http--0.0.0.0-8443-1)
>>>>>> CanDoAction of action AddVds failed.
>>>>>> Reasons:VDS_CANNOT_CONNECT_TO_SERVER,VAR__ACTION
>>>>>> __ADD,VAR__TYPE__HOST
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> Sascha Littel
>>
>>
>