7:33 a.m.
[
https://ovirt-jira.atlassian.net/browse/OVIRT-2809?page=com.atlassian.jir...
]
Evgheni Dereveanchin commented on OVIRT-2809:
---------------------------------------------
The error in engine.log seems to point to a certificate mismatch when engine connects to
the proxy:
2019-10-04 05:37:45,533-04 ERROR
\[org.ovirt.engine.core.bll.storage.disk.image.TransferDiskImageCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-48)
\[b643d084-99fb-4105-86c9-1e87b60349b6] Failed to add image ticket to ovirt-imageio-proxy:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path
building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
The following software versions are currently installed:
ovirt-engine-4.3.5.4-1.el7.noarch
ovirt-imageio-proxy-1.5.1-0.el7.noarch
/etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf contains the standard values:
use_ssl = true
ssl_key_file = /etc/pki/ovirt-engine/keys/imageio-proxy.key.nopass
ssl_cert_file = /etc/pki/ovirt-engine/certs/imageio-proxy.cer
engine_cert_file = /etc/pki/ovirt-engine/certs/engine.cer
engine_ca_cert_file = /etc/pki/ovirt-engine/ca.pem
verify_certificate = true
On engine side, /etc/ovirt-engine/engine.conf.d/10-setup-pki.conf also looks standard:
ENGINE_PKI="/etc/pki/ovirt-engine"
ENGINE_PKI_CA="/etc/pki/ovirt-engine/ca.pem"
ENGINE_PKI_ENGINE_CERT="/etc/pki/ovirt-engine/certs/engine.cer"
ENGINE_PKI_TRUST_STORE="/etc/pki/ovirt-engine/.truststore"
ENGINE_PKI_ENGINE_STORE="/etc/pki/ovirt-engine/keys/engine.p12"
{{I also see that /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf has the
following override:}}
{{ENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts"}}
We use Let’s Encrypt on the Apache front-end and this may be the reason as this step is
described in the docs:
[https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL.html|h...]
[https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/...]
I did have a certificate mismatch on the proxy itself so configuring {{ssl_key_file and
ssl_cert_file}} values according to the docs may help in this situation.
imageio not working in PHX
--------------------------
Key: OVIRT-2809
URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2809
Project: oVirt - virtualization made easy
Issue Type: Bug
Reporter: Evgheni Dereveanchin
Assignee: infra
I tried to import an image into the PHX oVirt instance and this fails with a "paused
by system" message in UI. Logging a ticket to see if it's a bug in oVirt or a
misconfiguration in our particular deployment
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100111)
1879
days inactive
1879
days old
0 comments
1 participants
participants (1)
-
Evgheni Dereveanchin (oVirt JIRA)