Hi, I'm getting following SSL error when adding new host: engine: [...] 2020-05-18 18:28:35,530-04 WARN [org.ovirt.vdsm.jsonrpc.client.utils.retry.Retryable] (EE-ManagedThreadFactory-engine-Thread-42) [762c711c] Retry failed 2020-05-18 18:28:39,033-04 WARN [org.ovirt.vdsm.jsonrpc.client.utils.retry.Retryable] (EE-ManagedThreadFactory-engine-Thread-43) [762c711c] Retry failed 2020-05-18 18:28:39,033-04 ERROR [org.ovirt.engine.core.bll.hostdeploy.InstallVdsInternalCommand] (EE-ManagedThreadFactory-engine-Thread-3) [762c711c] Host installation failed for host 'ab082e77-315c-4cfe-8188-11fbee94c2b8', 'fc30-glance': Network error during communication with the host host (vdsm log): 2020-05-18 18:26:36,963-0400 ERROR (Reactor thread) [vds.dispatcher] uncaptured python exception, closing channel <yajsonrpc.betterAsyncore.Dispatcher connected ('::ffff:192.168.122.246', 52428, 0, 0) at 0x7f9f8c7e8d30> (<class 'ssl.SSLError'>:[X509] no certificate or crl found (_ssl.c:4053) [/usr/lib64/python3.7/asyncore.py|readwrite|110] [/usr/lib64/python3.7/asyncore.py|handle_write_event|441] [/usr/lib/python3.7/site-packages/yajsonrpc/betterAsyncore.py|handle_write|75] [/usr/lib/python3.7/site-packages/yajsonrpc/betterAsyncore.py|_delegate_call|173] [/usr/lib/python3.7/site-packages/vdsm/sslutils.py|handle_write|190] [/usr/lib/python3.7/site-packages/vdsm/sslutils.py|_handle_io|194] [/usr/lib/python3.7/site-packages/vdsm/sslutils.py|_set_up_socket|154]) (betterAsyncore:184) Any idea what's wrong and/or how to fix it? Both engine and host are on FC30, host is installed from standard ovirt-release44-pre repo and engine is dev build of latest engine master with glance API v2 patches [1]. Thanks Vojta [1] https://gerrit.ovirt.org/#/q/topic :"Image+Service+API+v2"_______________________________________________ Devel mailing list -- devel(a)ovirt.org To unsubscribe send an email to devel-leave(a)ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/devel@ovirt.org/message/VSM7HZN5EB2...

I do have this patch in engine build, but checking the patch, ansible runner on engine is not up-to-date, so maybe this is the cause? Trying to update now.

Does the certificate look the same?

Maybe try to `systemctl restart httpd `

Before the certificate looked okay. (Strange that it ends with whitespace and not new line) On Tue, May 19, 2020 at 8:31 AM Vojtech Juranek <vjuranek(a)redhat.com&gt; wrote: > > I do have this patch in engine build, but checking the patch, ansible > > runner > > > on engine is not up-to-date, so maybe this is the cause? Trying to > > update > > now. > > now I have on engine machine > > # rpm -qa "*ansible-runner*" > python3-ansible-runner-1.4.5-1.fc30.noarch > ansible-runner-service-dev-1.0.2-1.fc30.noarch > > but it didn't help, still same issue

Sorry, my bad. `systemctl restart ansible-runner-service.service`

And just to be sure please also share `cat /etc/ansible-runner-service/config.yaml` On Tue, May 19, 2020 at 8:52 AM Vojtech Juranek <vjuranek(a)redhat.com&gt; wrote: > > Does the certificate look the same? > > yes > > > Maybe try to `systemctl restart httpd ` > > I'm running engine in developer mode, there's no httpd running, only > wildfly > on port 8080 > > > Before the certificate looked okay. (Strange that it ends with > > whitespace > > and not new line) > > > > On Tue, May 19, 2020 at 8:31 AM Vojtech Juranek <vjuranek(a)redhat.com&gt; > > wrote: > > > > I do have this patch in engine build, but checking the patch, > > > > ansible > > > > > > runner > > > > > > > on engine is not up-to-date, so maybe this is the cause? Trying to > > > > update > > > > now. > > > > > > now I have on engine machine > > > > > > # rpm -qa "*ansible-runner*" > > > python3-ansible-runner-1.4.5-1.fc30.noarch > > > ansible-runner-service-dev-1.0.2-1.fc30.noarch > > > > > > but it didn't help, still same issue

Hi, I've encountered the same problem but restarting ansible-runner-service.service didn't help in my case. I'm using engine in developer mode(current master) and Ovirt node 4.3 as hosts. My configuration: [root@node2 ~]# nodectl info layers: ovirt-node-ng-4.3.7-0.20191121.0: ovirt-node-ng-4.3.7-0.20191121.0+1 bootloader: default: ovirt-node-ng-4.3.7-0.20191121.0 (3.10.0-1062.4.3.el7.x86_64) entries: ovirt-node-ng-4.3.7-0.20191121.0 (3.10.0-1062.4.3.el7.x86_64): index: 0 title: ovirt-node-ng-4.3.7-0.20191121.0 (3.10.0-1062.4.3.el7.x86_64) kernel: /boot/ovirt-node-ng-4.3.7-0.20191121.0+1/vmlinuz-3.10.0-1062.4.3.el7.x86_64 args: "ro crashkernel=auto spectre_v2=retpoline rd.lvm.lv=onn/ovirt-node-ng-4.3.7-0.20191121.0+1 rd.lvm.lv=onn/swap rhgb quiet LANG=en_US.UTF-8 img.bootid=ovirt-node-ng-4.3.7-0.20191121.0+1 null" initrd: /boot/ovirt-node-ng-4.3.7-0.20191121.0+1/initramfs-3.10.0-1062.4.3.el7.x86_64.img root: /dev/onn/ovirt-node-ng-4.3.7-0.20191121.0+1 current_layer: ovirt-node-ng-4.3.7-0.20191121.0+1 Logs from installation: INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engine-Thread-2) [71f8a32b] EVENT_ID: VDS_ANSIBLE_INSTALL_FINISHED(561), Ansible host-deploy playbook execution has successfully finished on host node2. INFO [org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (SSL Stomp Reactor) [] Connecting to node2.ovirt-dev/192.168.144.54 WARN [org.ovirt.vdsm.jsonrpc.client.utils.retry.Retryable] (EE-ManagedThreadFactory-engine-Thread-3) [71f8a32b] Retry failed .... ERROR [org.ovirt.engine.core.bll.hostdeploy.InstallVdsInternalCommand] (EE-ManagedThreadFactory-engine-Thread-2) [71f8a32b] Host installation failed for host '1f9ff20d-cb8d-4b71-8305-3bf925b1db3f', 'node2': Network error during communication with the host [root@node2 ~]# cat /etc/pki/vdsm/certs/cacert.pem -----BEGIN CERTIFICATE----- MIIDujCCAqKgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCVVMxEjAQBgNVBAoM CW92aXJ0LWRldjEiMCAGA1UEAwwZZGV2ZWxvcGVyLm92aXJ0LWRldi40MzIwMTAeFw0yMDA1MTgw OTUyNDVaFw0zMDA1MTcwOTUyNDVaMEUxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlvdmlydC1kZXYx IjAgBgNVBAMMGWRldmVsb3Blci5vdmlydC1kZXYuNDMyMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQC92c+bQKySXhEh+sPppoiZFgpLXfzcR/DCpHnoh6r4C53LTR7nXe8wMjAHbRU1 guNQiW8D38oe43q3VDXNB59bU6+OHT6x0Vq/V7GlA3PorQjEei0mJUpPa8cuAzI0zK70r+RLFwGC RyxiC0cNRqlft3+EAvlEoe/cbDcbx2aqR8WPtWNHkCMphqSrOb0PNCHI8zcxaY7HcZKIMymzrAZO dE3Jl+L3+gcwH5tVIBPfVCVZcuOuM8xU0H9F6JL2vKm7FXiz3x2h/5HoyEZMjyyASQTd9uOdH5ev gUORvmHeelkru8WdRCPa6t7Cm5du2Thz/JLxQj2094rBDZMeOU5HAgMBAAGjgbMwgbAwHQYDVR0O BBYEFImHdLmvYLEqgW6Z5Mf7D9y0mv4NMG4GA1UdIwRnMGWAFImHdLmvYLEqgW6Z5Mf7D9y0mv4N oUmkRzBFMQswCQYDVQQGEwJVUzESMBAGA1UECgwJb3ZpcnQtZGV2MSIwIAYDVQQDDBlkZXZlbG9w ZXIub3ZpcnQtZGV2LjQzMjAxggIQADAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAN BgkqhkiG9w0BAQsFAAOCAQEAgqvfNakcETpuwiZKzWv3o98CT2F/TgZKO6XKOHm771v6wXR3ffZg QWCtpmqSsuaGWvuVoDDHdmDdjyPsoc1jcG9/8G0G/+AsDpoyAIijjH8WiOO8kAMGYJYTFE8jy0hY 3psr01s0ktQtNgBHi8s58hrcB3sh7iVEsXKnH7qOriop0uWAobKATsX2VK23hDVnwSkJaO9iP5gB LCalnXJTnqqi3OXybk7uR+kxR3FHo4CFjGhQtQcUm92zefk7KtUkcVV0o8lGrxG0U5FVck+awu7Y 4O8LU12HNNW8hxljYhlj/rQBfN1TRKgzsEL2Dn8EBV+rWf3vHPJVZnnx221PKw== -----END CERTIFICATE----- [root@node2 ~]# [root@node2 ~]# systemctl status vdsmd.service -l .... May 19 12:55:30 node2.ovirt-dev vdsm[15226]: ERROR uncaptured python exception, closing channel <yajsonrpc.betterAsyncore.Dispatcher connected ('::ffff:192.168.144.50', 41998, 0, 0) at 0x7fa31fc6e950> (<class 'ssl.SSLError'>:unknown error (_ssl.c:2825) [/usr/lib64/python2.7/asyncore.py|readwrite|110] [/usr/lib64/python2.7/asyncore.py|handle_write_event|468] [/usr/lib/python2.7/site-packages/yajsonrpc/betterAsyncore.py|handle_write|74] [/usr/lib/python2.7/site-packages/yajsonrpc/betterAsyncore.py|_delegate_call|168] [/usr/lib/python2.7/site-packages/vdsm/sslutils.py|handle_write|185] [/usr/lib/python2.7/site-packages/vdsm/sslutils.py|_handle_io|189] [/usr/lib/python2.7/site-packages/vdsm/sslutils.py|_set_up_socket|149]) best regards, radek On Tue, May 19, 2020 at 9:16 AM Vojtech Juranek <vjuranek(a)redhat.com&gt; wrote: > > > Sorry, my bad. `systemctl restart ansible-runner-service.service` > > this seems to fix the issue. cacert.pem now looks good (with line breaks) and > host is successfully connected. > > Thanks a lot for a quick help! > > > And just to be sure please also share `cat > > /etc/ansible-runner-service/config.yaml` > > > > On Tue, May 19, 2020 at 8:52 AM Vojtech Juranek <vjuranek(a)redhat.com&gt; wrote: > > > > Does the certificate look the same? > > > > > > yes > > > > > > > Maybe try to `systemctl restart httpd ` > > > > > > I'm running engine in developer mode, there's no httpd running, only > > > wildfly > > > on port 8080 > > > > > > > Before the certificate looked okay. (Strange that it ends with > > > > whitespace > > > > and not new line) > > > > > > > > On Tue, May 19, 2020 at 8:31 AM Vojtech Juranek <vjuranek(a)redhat.com&gt; > > > > > > wrote: > > > > > > I do have this patch in engine build, but checking the patch, > > > > > > ansible > > > > > > > > > > runner > > > > > > > > > > > on engine is not up-to-date, so maybe this is the cause? Trying to > > > > > > update > > > > > > now. > > > > > > > > > > now I have on engine machine > > > > > > > > > > # rpm -qa "*ansible-runner*" > > > > > python3-ansible-runner-1.4.5-1.fc30.noarch > > > > > ansible-runner-service-dev-1.0.2-1.fc30.noarch > > > > > > > > > > but it didn't help, still same issue > > _______________________________________________ > Devel mailing list -- devel(a)ovirt.org > To unsubscribe send an email to devel-leave(a)ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ > List Archives: https://lists.ovirt.org/archives/list/devel@ovirt.org/message/UIXXVCNZZCT...