I use oVirt 3.x, to install i follow this guide : http://wiki.centos.org/HowTos/oVirt And ovirt-node version is 2.6.0 [root@scenic ~]# openssl x509 -in /etc/pki/ovirt-engine/certs/engine.cer -text Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=lix.polytechnique.fr, CN=CA-scenic.lix.polytechnique.fr.20433 Validity Not Before: Apr 29 15:11:10 2013 Not After : Apr 4 15:11:12 2018 GMT Subject: C=US, O=lix.polytechnique.fr, CN= scenic.lix.polytechnique.fr Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ce:7a:2e:c1:9a:86:2c:c2:76:5e:ea:8b:59:18: 62:7d:7a:9f:55:ff:71:15:f7:93:3f:40:1e:70:5d: 80:43:ea:c7:f4:50:0a:a6:47:2a:f8:07:4d:0c:0a: 4d:01:1e:97:de:36:63:40:df:30:7a:40:9d:34:93: d6:a8:43:c6:b3:62:c1:de:db:57:d1:fb:b9:c6:e2: 34:65:f2:67:e1:8c:91:67:3f:99:a6:2b:7b:8a:51: ad:9c:43:c3:a5:cd:c5:a2:29:e9:99:db:ba:f4:76: d0:e5:41:97:31:fc:13:94:53:af:90:ca:06:aa:7d: 68:04:62:66:a5:90:4b:11:de:07:34:ec:68:89:9c: 13:7b:a2:ba:1f:2a:28:6b:ba:9a:b3:ba:97:5c:96: cd:1e:2e:e7:fc:bf:20:a2:a5:57:f3:73:8d:12:db: 81:00:53:50:a6:54:e9:14:1e:46:69:08:e2:80:b1: 30:97:89:d3:a1:a2:7a:47:a3:c9:2e:c9:ce:14:74: 92:27:02:58:41:d8:e1:dd:9e:99:26:fa:b0:ad:6c: e0:11:3f:17:7d:f7:63:27:62:a3:d0:28:f3:1a:91: ca:65:b7:69:9b:b6:86:85:70:a6:ac:5c:51:e2:ff: e9:f2:28:78:24:21:28:0c:d0:95:a4:f8:e5:67:15: d6:77 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 4A:E0:DF:6D:4D:AD:03:26:30:B5:D4:D4:DC:69:C5:DA:74:B2:66:AB Authority Information Access: CA Issuers - URI: http://scenic.lix.polytechnique.fr:80/ca.crt X509v3 Authority Key Identifier: keyid:7E:D8:AE:56:25:C5:B0:34:96:5A:EA:AF:E9:2D:F3:E0:06:1C:19:D0 DirName:/C=US/O= lix.polytechnique.fr/CN=CA-scenic.lix.polytechnique.fr.20433 serial:01 X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: critical TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha1WithRSAEncryption 89:f3:e5:af:a8:98:44:fa:60:52:93:4f:7c:e8:62:78:40:f8: c7:a7:e1:c3:38:b5:7d:4c:5b:7a:df:5d:1b:05:2c:ca:43:ce: a2:8a:f6:fd:02:3e:98:6f:bc:ea:a6:78:f7:e4:7a:4f:49:0c: 86:cb:b6:23:2e:b7:93:f1:e8:ba:76:05:21:00:ed:cc:f2:ee: 0e:17:dc:21:0a:21:9e:ce:e1:bf:b5:11:d4:a5:d3:31:dd:f4: e3:c7:ea:40:26:27:45:79:9f:2d:79:91:41:03:61:26:51:31: 54:d5:06:90:cf:d4:a0:8b:b7:8a:b0:02:b4:37:24:0f:b2:26: 99:a9:39:78:48:8a:1b:03:89:64:68:de:9e:cb:fc:99:d6:41: 3d:3d:d9:15:8f:f6:ef:3f:b2:51:c8:dd:60:a8:c5:29:88:20: 69:b9:8a:23:eb:9b:64:94:cd:ad:e2:f9:7c:0e:d7:92:cf:cb: 7d:dd:3b:2d:67:13:1d:c3:0a:51:28:e7:b7:44:36:fa:43:83: 80:13:51:ff:f7:1b:22:c0:80:c5:c1:85:90:87:a6:17:46:44: dc:88:1f:16:69:ee:27:44:89:c0:2b:2a:4d:f9:46:fc:50:f1: 2c:af:af:c1:30:ee:6f:6c:b5:cd:f5:e7:73:99:b0:ff:36:2c: 87:32:66:0e -----BEGIN CERTIFICATE----- MIIEXjCCA0agAwIBAgIBAjANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJVUzEd MBsGA1UEChMUbGl4LnBvbHl0ZWNobmlxdWUuZnIxLTArBgNVBAMTJENBLXNjZW5p Yy5saXgucG9seXRlY2huaXF1ZS5mci4yMDQzMzAiFxExMzA0MjkxNTExMTArMDAw MBcNMTgwNDA0MTUxMTEyWjBSMQswCQYDVQQGEwJVUzEdMBsGA1UECgwUbGl4LnBv bHl0ZWNobmlxdWUuZnIxJDAiBgNVBAMMG3NjZW5pYy5saXgucG9seXRlY2huaXF1 ZS5mcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM56LsGahizCdl7q i1kYYn16n1X/cRX3kz9AHnBdgEPqx/RQCqZHKvgHTQwKTQEel942Y0DfMHpAnTST 1qhDxrNiwd7bV9H7ucbiNGXyZ+GMkWc/maYre4pRrZxDw6XNxaIp6ZnbuvR20OVB lzH8E5RTr5DKBqp9aARiZqWQSxHeBzTsaImcE3uiuh8qKGu6mrO6l1yWzR4u5/y/ IKKlV/NzjRLbgQBTUKZU6RQeRmkI4oCxMJeJ06GiekejyS7JzhR0kicCWEHY4d2e mSb6sK1s4BE/F333Yydio9Ao8xqRymW3aZu2hoVwpqxcUeL/6fIoeCQhKAzQlaT4 5WcV1ncCAwEAAaOCATAwggEsMB0GA1UdDgQWBBRK4N9tTa0DJjC11NTcacXadLJm qzBIBggrBgEFBQcBAQQ8MDowOAYIKwYBBQUHMAKGLGh0dHA6Ly9zY2VuaWMubGl4 LnBvbHl0ZWNobmlxdWUuZnI6ODAvY2EuY3J0MIGDBgNVHSMEfDB6gBR+2K5WJcWw NJZa6q/pLfPgBhwZ0KFfpF0wWzELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFGxpeC5w b2x5dGVjaG5pcXVlLmZyMS0wKwYDVQQDEyRDQS1zY2VuaWMubGl4LnBvbHl0ZWNo bmlxdWUuZnIuMjA0MzOCAQEwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwIAYD VR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IB AQCJ8+WvqJhE+mBSk0986GJ4QPjHp+HDOLV9TFt6310bBSzKQ86iivb9Aj6Yb7zq pnj35HpPSQyGy7YjLreT8ei6dgUhAO3M8u4OF9whCiGezuG/tRHUpdMx3fTjx+pA JidFeZ8teZFBA2EmUTFU1QaQz9Sgi7eKsAK0NyQPsiaZqTl4SIobA4lkaN6ey/yZ 1kE9PdkVj/bvP7JRyN1gqMUpiCBpuYoj65tklM2t4vl8DteSz8t93TstZxMdwwpR KOe3RDb6Q4OAE1H/9xsiwIDFwYWQh6YXRkTciB8Wae4nRInAKypN+Ub8UPEsr6/B MO5vbLXN9edzmbD/NiyHMmYO -----END CERTIFICATE----- 2013/4/30 Alon Bar-Lev <alonbl@redhat.com>
Which version do you use?
this should not happen...
what is the output of:
$ openssl x509 -in /etc/pki/ovirt-engine/certs/engine.cer -text
----- Original Message -----
From: "Florian BRUSCHET" <florian.bruschet@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "engine-devel" <engine-devel@ovirt.org> Sent: Wednesday, May 1, 2013 12:47:13 AM Subject: Re: [Engine-devel] Root password to add Host
Sure,
2013-04-30 23:44:35,984 ERROR [org.ovirt.engine.core.pki.PKIResourceServlet] (ajp--127.0.0.1-8702-4) Cannot send public key resource '/etc/pki/ovirt-engine/certs/engine.cer' format 'SSH': java.security.cert.CertificateParsingException: invalid DER-encoded certificate data at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1723) [rt.jar:1.6.0_24] at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:320) [rt.jar:1.6.0_24] at
sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:121)
[rt.jar:1.6.0_24] at
java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:322)
[rt.jar:1.6.0_24] at
org.ovirt.engine.core.pki.PKIResourceServlet.doGet(PKIResourceServlet.java:83)
[classes:] at javax.servlet.http.HttpServlet.service(HttpServlet.java:734) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
[jbossweb-7.0.13.Final.jar:] at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
[jbossweb-7.0.13.Final.jar:] at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
[jbossweb-7.0.13.Final.jar:] at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
[jbossweb-7.0.13.Final.jar:] at
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
[jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
[jbossweb-7.0.13.Final.jar:] at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
[jbossweb-7.0.13.Final.jar:] at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) [jbossweb-7.0.13.Final.jar:] at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
[jbossweb-7.0.13.Final.jar:] at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
[jbossweb-7.0.13.Final.jar:] at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) [jbossweb-7.0.13.Final.jar:] at
[jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:] at java.lang.Thread.run(Thread.java:679) [rt.jar:1.6.0_24]
2013/4/30 Alon Bar-Lev <alonbl@redhat.com>
Can you please attach /var/log/ovirt-engine/engine.log?
----- Original Message -----
From: "Florian BRUSCHET" <florian.bruschet@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "engine-devel" <engine-devel@ovirt.org> Sent: Wednesday, May 1, 2013 12:33:38 AM Subject: Re: [Engine-devel] Root password to add Host
Ok this what I have done, I see it, I specify the engine address,
ask me to "Retrieve Certificate" i do it, it works. After I choose "Save & Register", i can see "Activating VDMS", and "All changes were applied successfully". But nothing in the engine ... I tryed the other way but don't work too ... for this solution i'm nearly sure that it's cause the password is wrong, it isn't the one which i specified in ovirt-node.
2013/4/30 Alon Bar-Lev <alonbl@redhat.com>
Please reply to 'all'.
When you login as admin you should be presented with Text User
Interface.
Within this interface there should be options on the left and a
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445) then he dialog
the right. At the left you should see 'ovirt-engine' or similar option, when selecting it, you should see on the right an input field of address of
ovirt-engine server, specifying the engine address and selecting apply will initiate registration into the engine.
Once registered, you should see the host in the engine, select it and click on "Approve".
Another option is to specify password at the same dialog without filling the engine address. This password may be used as the password withi the 'Add Host' dialog.
Alon
----- Original Message -----
From: "Florian BRUSCHET" <florian.bruschet@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Sent: Wednesday, May 1, 2013 12:00:01 AM Subject: Re: [Engine-devel] Root password to add Host
I think I don't really understand what you call TUI? Yes I'm log as admin on ovirt-node to use Hypervisor
(And sorry if I make some language faults English isn't my native language ^^)
2013/4/30 Alon Bar-Lev <alonbl@redhat.com>
> > You cannot do this via agent by via the TUI of the ovirt-node. > > Just to make sure, you are using ovirt-node as hypervisor, right? > > ----- Original Message ----- > > From: "Florian BRUSCHET" <florian.bruschet@gmail.com> > > To: "Alon Bar-Lev" <alonbl@redhat.com> > > Sent: Tuesday, April 30, 2013 11:47:53 PM > > Subject: Re: [Engine-devel] Root password to add Host > > > > Oh ok, i didn't know ... > > > > I was looking my oVirt Engine and i don't understand how i can add an > Host > > without this password ... > > For me i have to right click on the Hosts panel, select "new" and it asks > > me to give name, address and Root password. > > I have already register this Host from oVirt Node Hypervisor, i add my > > Management Server and there is no problem i can see "Certificate Status : > > Verified" but this Host don't appears in the Web page ... > > > > > > 2013/4/30 Alon Bar-Lev <alonbl@redhat.com> > > > > > > > > > > > ----- Original Message ----- > > > > From: "Florian BRUSCHET" <florian.bruschet@gmail.com> > > > > To: "Alon Bar-Lev" <alonbl@redhat.com> > > > > Sent: Tuesday, April 30, 2013 11:06:14 PM > > > > Subject: Re: [Engine-devel] Root password to add Host > > > > > > > > For me single mode it's when you add "single" at the end of
on the the
> kernel > > > > commande line like that you boot on shell commande as > > > > root@localhostand > > > > you can do what you want. > > > > > > Oh... this is "single user mode"... :) > > > > > > > > > > > I will try it soon! > > > > > > > > Thank you > > > > > > > > Florian > > > > > > > > > > > > 2013/4/30 Alon Bar-Lev <alonbl@redhat.com> > > > > > > > > > What is 'single mode'? > > > > > > > > > > You should be able to set root password via node TUI, at ovirt tab. > > > > > Or... you can simply perform registration via the node TUI, so you > > > don't > > > > > need to specify password at all. > > > > > > > > > > ----- Original Message ----- > > > > > > From: "Florian BRUSCHET" <florian.bruschet@gmail.com
> > > > > > To: engine-devel@ovirt.org > > > > > > Sent: Tuesday, April 30, 2013 7:28:12 PM > > > > > > Subject: [Engine-devel] Root password to add Host > > > > > > > > > > > > Hi, > > > > > > > > > > > > I try to add Host from oVirt Engine Web Administration, but it > asks > > > me to > > > > > > give a Root Password (It's not the same that i used to log in > admin > > > on > > > > > the > > > > > > Node). > > > > > > Do i really need this Root Password? Because i can't have it and > i > > > don't > > > > > want > > > > > > to change it by using single mode... > > > > > > There is an other solution to add Hosts? > > > > > > > > > > > > Thank you, > > > > > > > > > > > > Florian BRUSCHET > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > Engine-devel mailing list > > > > > > Engine-devel@ovirt.org > > > > > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > > > > > > > > > > > > > > > > > > > >