5:40 p.m.
On 08/21/2015 11:02 PM, Juan Hernández wrote:
On 08/21/2015 12:22 PM, Sahina Bose wrote:
>
> On 08/21/2015 03:50 PM, Alon Bar-Lev wrote:
>> Interesting.
>>
>> Please execute manually:
>>
>> # /usr/share/ovirt-engine/bin/pki-enroll-openssh-cert.sh
--name=rhsdev9.lab.eng.blr.redhat.com-ssh --host --id=rhsdev9.lab.eng.blr.redhat.com
--principals=rhsdev9.lab.eng.blr.redhat.com --days=1825
>
> It returns immediately with:
> [root@dhcp43-86 ~]#
> /usr/share/ovirt-engine/bin/pki-enroll-openssh-cert.sh
> --name=rhsdev9.lab.eng.blr.redhat.com-ssh --host
> --id=rhsdev9.lab.eng.blr.redhat.com
> --principals=rhsdev9.lab.eng.blr.redhat.com --days=1825
> Signed host key
> /etc/pki/ovirt-engine/certs/rhsdev9.lab.eng.blr.redhat.com-ssh-cert.pub:
> id "rhsdev9.lab.eng.blr.redhat.com" serial 0 for
> rhsdev9.lab.eng.blr.redhat.com valid from 2015-08-21T02:51:27 to
> 2020-08-19T03:51:27
>
>
Check your SELinux log file. Most probably SELinux is blocking some
access to the generated files, and then ssh-keygen is asking
interactively, and thus blocking for ever.
Thanks, Juan. I do see some AVC denial errors, but am yet to try with
SELinux disabled. Will do so and report back.
/var/log/audit/audit.log:type=AVC msg=audit(1440108177.899:9542): avc:
denied { open } for pid=11827 comm="ssh-keygen"
path="/tmp/tmp.KlPjsec4X3" dev="dm-0" ino=102401913
scontext=system_u:system_r:ssh_keygen_t:s0
tcontext=system_u:object_r:init_tmp_t:s0 tclass=file
ovirt 11827 11821 0 Aug21 ? 00:00:00 ssh-keygen -s
/tmp/tmp.KlPjsec4X3 -I rhsdev9.lab.eng.blr.redhat.com -h -V -1h:+1825d
-n rhsdev9.lab.eng.blr.redhat.com
/etc/pki/ovirt-engine/certs/rhsdev9.lab.eng.blr.redhat.com-ssh.pub
>> let's see what happens.
>>
>> ----- Original Message -----
>>> From: "Sahina Bose" <sabose(a)redhat.com>
>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>> Cc: "users" <users(a)ovirt.org>
>>> Sent: Friday, August 21, 2015 1:15:03 PM
>>> Subject: Re: [ovirt-users] Stuck at "Enrolling serial console
certificate"
>>>
>>>
>>>
>>> On 08/21/2015 02:58 PM, Alon Bar-Lev wrote:
>>>> the only thing I can think of is that your engine is out of random, so
it
>>>> waits for more to be able to generate a new key.
>>>> please while this is happening, execute: "find /" or anything
that will
>>>> create some activity.
>>>> if that's not helping, please send me "ps -efa" output so
at least I see
>>>> what is running.
>>>> thanks!
>>> output of ps -efa
>>>
>>> http://fpaste.org/257513/44015204/
>>>
>>>
>>>> ----- Original Message -----
>>>>> From: "Sahina Bose" <sabose(a)redhat.com>
>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>>> Cc: "users" <users(a)ovirt.org>
>>>>> Sent: Friday, August 21, 2015 12:23:11 PM
>>>>> Subject: Re: [ovirt-users] Stuck at "Enrolling serial console
certificate"
>>>>>
>>>>> Attached engine.log and host-deploy.log
>>>>>
>>>>>
>>>>> On 08/21/2015 02:29 PM, Alon Bar-Lev wrote:
>>>>>> Log would be nice.
>>>>>>
>>>>>> ----- Original Message -----
>>>>>>> From: "Sahina Bose" <sabose(a)redhat.com>
>>>>>>> To: "users" <users(a)ovirt.org>
>>>>>>> Sent: Friday, August 21, 2015 11:27:56 AM
>>>>>>> Subject: [ovirt-users] Stuck at "Enrolling serial
console certificate"
>>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>> While installing a host to ovirt-3.6 engine, the host
installation is
>>>>>>> stuck at "Enrolling serial console certificate"
>>>>>>>
>>>>>>> I installed the engine from ovirt-release36, and answered No
to setting
>>>>>>> up WebConsole-proxy as well as VM Console proxy on the
engine.
>>>>>>>
>>>>>>> Does anyone know how to debug this?
>>>>>>>
>>>>>>> thanks
>>>>>>> sahina
>>>>>>> _______________________________________________
>>>>>>> Users mailing list
>>>>>>> Users(a)ovirt.org
>>>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>>>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>