No migration in master (WrongHost: Peer certificate commonName does not match host, expected 10.35.0.112, got xxxxxx.tlv.redhat.com)
Hi all, Migration is broken in master, using oVirt Engine Version: 3.6.1-0.0.master.20151113175558.git6a36a6d.fc22 It fails with this error: Thread-247::ERROR::2016-02-10 18:51:57,582::migration::323::virt.vm::(run) vmId=`44ba3800-e179-4744-b9aa-952483c23030`::Failed to migrate Traceback (most recent call last): File "/usr/share/vdsm/virt/migration.py", line 292, in run self._setupVdsConnection() File "/usr/share/vdsm/virt/migration.py", line 156, in _setupVdsConnection client = self._createClient(port) File "/usr/share/vdsm/virt/migration.py", line 143, in _createClient client_socket = utils.create_connected_socket(host, int(port), sslctx) File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 860, in create_connected_socket sock.connect(sockaddr) File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 188, in connect if not check(self.get_peer_cert(), self.addr[0]): File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Checker.py", line 124, in __call__ fieldName='commonName') WrongHost: Peer certificate commonName does not match host, expected 10.35.0.112, got xxxxxx.tlv.redhat.com Hopefully someone can take a look. Cheers, Nir
More details: - Tried couple of times - Enrolled new certificate, reboot - no change - Tried on 2 different hosts, 2 ways (a -> b, b -> a) - same result On Wed, Feb 10, 2016 at 7:19 PM, Nir Soffer <nsoffer@redhat.com> wrote:
Hi all,
Migration is broken in master, using oVirt Engine Version: 3.6.1-0.0.master.20151113175558.git6a36a6d.fc22
It fails with this error:
Thread-247::ERROR::2016-02-10 18:51:57,582::migration::323::virt.vm::(run) vmId=`44ba3800-e179-4744-b9aa-952483c23030`::Failed to migrate Traceback (most recent call last): File "/usr/share/vdsm/virt/migration.py", line 292, in run self._setupVdsConnection() File "/usr/share/vdsm/virt/migration.py", line 156, in _setupVdsConnection client = self._createClient(port) File "/usr/share/vdsm/virt/migration.py", line 143, in _createClient client_socket = utils.create_connected_socket(host, int(port), sslctx) File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 860, in create_connected_socket sock.connect(sockaddr) File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 188, in connect if not check(self.get_peer_cert(), self.addr[0]): File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Checker.py", line 124, in __call__ fieldName='commonName') WrongHost: Peer certificate commonName does not match host, expected 10.35.0.112, got xxxxxx.tlv.redhat.com
Hopefully someone can take a look.
Cheers, Nir
On Wed, Feb 10, 2016 at 7:22 PM, Nir Soffer <nsoffer@redhat.com> wrote:
More details:
- Tried couple of times - Enrolled new certificate, reboot - no change - Tried on 2 different hosts, 2 ways (a -> b, b -> a) - same result
On Wed, Feb 10, 2016 at 7:19 PM, Nir Soffer <nsoffer@redhat.com> wrote:
Hi all,
Migration is broken in master, using oVirt Engine Version: 3.6.1-0.0.master.20151113175558.git6a36a6d.fc22
Seems like a pretty old master to me. Perhaps try fc23 (not perfect but partially working) or el7.
It fails with this error:
Thread-247::ERROR::2016-02-10 18:51:57,582::migration::323::virt.vm::(run) vmId=`44ba3800-e179-4744-b9aa-952483c23030`::Failed to migrate Traceback (most recent call last): File "/usr/share/vdsm/virt/migration.py", line 292, in run self._setupVdsConnection() File "/usr/share/vdsm/virt/migration.py", line 156, in _setupVdsConnection client = self._createClient(port) File "/usr/share/vdsm/virt/migration.py", line 143, in _createClient client_socket = utils.create_connected_socket(host, int(port), sslctx) File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 860, in create_connected_socket sock.connect(sockaddr) File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 188, in connect if not check(self.get_peer_cert(), self.addr[0]): File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Checker.py", line 124, in __call__ fieldName='commonName') WrongHost: Peer certificate commonName does not match host, expected 10.35.0.112, got xxxxxx.tlv.redhat.com
Hopefully someone can take a look.
Cheers, Nir
-- Didi
Please try to switch to standard ssl. I need to kno2 whether it is m2c issue or both. Thanks, Piotr 10 lut 2016 19:25 "Yedidyah Bar David" <didi@redhat.com> napisał(a):
On Wed, Feb 10, 2016 at 7:22 PM, Nir Soffer <nsoffer@redhat.com> wrote:
More details:
- Tried couple of times - Enrolled new certificate, reboot - no change - Tried on 2 different hosts, 2 ways (a -> b, b -> a) - same result
On Wed, Feb 10, 2016 at 7:19 PM, Nir Soffer <nsoffer@redhat.com> wrote:
Hi all,
Migration is broken in master, using oVirt Engine Version: 3.6.1-0.0.master.20151113175558.git6a36a6d.fc22
Seems like a pretty old master to me. Perhaps try fc23 (not perfect but partially working) or el7.
It fails with this error:
Thread-247::ERROR::2016-02-10 18:51:57,582::migration::323::virt.vm::(run) vmId=`44ba3800-e179-4744-b9aa-952483c23030`::Failed to migrate Traceback (most recent call last): File "/usr/share/vdsm/virt/migration.py", line 292, in run self._setupVdsConnection() File "/usr/share/vdsm/virt/migration.py", line 156, in
_setupVdsConnection
client = self._createClient(port) File "/usr/share/vdsm/virt/migration.py", line 143, in _createClient client_socket = utils.create_connected_socket(host, int(port),
sslctx)
File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 860, in create_connected_socket sock.connect(sockaddr) File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 188, in connect if not check(self.get_peer_cert(), self.addr[0]): File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Checker.py", line 124, in __call__ fieldName='commonName') WrongHost: Peer certificate commonName does not match host, expected 10.35.0.112, got xxxxxx.tlv.redhat.com
Hopefully someone can take a look.
Cheers, Nir
-- Didi
Nir I pushed a patch [1] which uses ssl custom code to verify the certificates. I customized it a bit to work with m2c. Can you please verify whether it works in your setup? Thanks, Piotr [1] https://gerrit.ovirt.org/53398 On Wed, Feb 10, 2016 at 7:37 PM, Piotr Kliczewski <pkliczew@redhat.com> wrote:
Please try to switch to standard ssl. I need to kno2 whether it is m2c issue or both.
Thanks, Piotr
10 lut 2016 19:25 "Yedidyah Bar David" <didi@redhat.com> napisał(a):
On Wed, Feb 10, 2016 at 7:22 PM, Nir Soffer <nsoffer@redhat.com> wrote:
More details:
- Tried couple of times - Enrolled new certificate, reboot - no change - Tried on 2 different hosts, 2 ways (a -> b, b -> a) - same result
On Wed, Feb 10, 2016 at 7:19 PM, Nir Soffer <nsoffer@redhat.com> wrote:
Hi all,
Migration is broken in master, using oVirt Engine Version: 3.6.1-0.0.master.20151113175558.git6a36a6d.fc22
Seems like a pretty old master to me. Perhaps try fc23 (not perfect but partially working) or el7.
It fails with this error:
Thread-247::ERROR::2016-02-10 18:51:57,582::migration::323::virt.vm::(run) vmId=`44ba3800-e179-4744-b9aa-952483c23030`::Failed to migrate Traceback (most recent call last): File "/usr/share/vdsm/virt/migration.py", line 292, in run self._setupVdsConnection() File "/usr/share/vdsm/virt/migration.py", line 156, in _setupVdsConnection client = self._createClient(port) File "/usr/share/vdsm/virt/migration.py", line 143, in _createClient client_socket = utils.create_connected_socket(host, int(port), sslctx) File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 860, in create_connected_socket sock.connect(sockaddr) File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 188, in connect if not check(self.get_peer_cert(), self.addr[0]): File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Checker.py", line 124, in __call__ fieldName='commonName') WrongHost: Peer certificate commonName does not match host, expected 10.35.0.112, got xxxxxx.tlv.redhat.com
Hopefully someone can take a look.
Cheers, Nir
-- Didi
_______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
participants (4)
-
Nir Soffer -
Piotr Kliczewski -
Piotr Kliczewski -
Yedidyah Bar David