Re: [Users] error using cli on ovirt 3.1

On Wed, Feb 6, 2013 at 10:18 AM, Jim Kinney <jim.kinney(a)gmail.com&gt; wrote: > progress. Restored pki files from backup. Still had to reset > AdminPassword. Able to login to the gui. All hosts are "unresponsive". The > SPM host is just totally locked (but fine from it's console - idle). > > Tried to reinstall one of the hosts and got a new error message: > > Error: > > vmhost5: > > - size must be between 0 and 50 > > vmhost2 is locked as SPM host and nothing seems to allow it to be reset. Found the following in engine.log: 2013-02-06 10:42:51,809 ERROR [org.ovirt.engine.core.vdsbroker.vdsbroker.VdsBrokerCommand] (QuartzScheduler_Worker-64) XML RPC error in command GetCapabilitiesVDS ( Vds: vmhost2 ), the error was: java.util.concurrent.ExecutionException: java.lang.reflect.InvocationTargetException, SunCertPathBuilderException: unable to find valid certification path to requested target 2013-02-06 10:42:51,818 ERROR [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] (QuartzScheduler_Worker-57) Failed to decryptData must start with zero 2013-02-06 10:42:52,513 ERROR [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] (QuartzScheduler_Worker-62) Failed to decryptData must start with zero 2013-02-06 10:42:53,245 ERROR [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] (QuartzScheduler_Worker-60) Failed to decryptData must start with zero This repeats every few seconds. None of the vmhosts have the usual vdsm running profiles. They all have: 19343 ? S< 0:00 /bin/bash -e /usr/share/vdsm/respawn --minlifetime 10 --daemon --masterpid /var/run/vdsm/respawn.pid /usr/share/vdsm/vdsm 19346 ? S<l 0:02 /usr/bin/python /usr/share/vdsm/vdsm 19366 ? S< 0:00 /usr/bin/sudo -n /usr/bin/python /usr/share/vdsm/supervdsmServer.py 414b69cd-383b-48af-a82a-7f1d042608e3 19346 19367 ? S<l 0:00 /usr/bin/python /usr/share/vdsm/supervdsmServer.py 414b69cd-383b-48af-a82a-7f1d042608e3 19346 Expected to see may [vdsmd] entries in ps ax output. > > > On Wed, Feb 6, 2013 at 9:42 AM, Juan Hernandez <jhernand(a)redhat.com&gt;wrote: > >> On 02/06/2013 03:32 PM, Jim Kinney wrote: >> >>> The pki folder is likely to be a problem but the backups folder is >>> populated. Is there a way to remove client certs from hosts to restore >>> access with a host add process? >>> >> >> If you don't have the pki folder you have two problems. First is that >> some data in the database is encrypted, namely the AdminPassword. That you >> can solve with "engine-config -s AdminPassword=interactive". Second is the >> certificates of the hosts, the easy way to solve that is to re-install them >> (from the ovirt-engine GUI, no need to re-install the operating system) >> that will generate new certificates. >> >> >>> On Feb 6, 2013 9:24 AM, "Juan Hernandez" <jhernand(a)redhat.com >>> <mailto:jhernand@redhat.com>> wrote: >>> >>> On 02/06/2013 03:02 PM, Jim Kinney wrote: >>> >>> as things stand now: >>> >>> I manually reinstalled 3.1, then dropped the engine database and >>> restored from the backup. There were some errors at the end. >>> Even though >>> I used all the same passwords, the admin@internal account was >>> not >>> working. Used engine-config -s LocalAdminPassword='*****' to >>> fix. On log >>> in, everything is down, offline, unreachable. No hosts can be >>> contacted. >>> No storage is connected. Can't add a new host. >>> >>> crud. >>> >>> I copied the database backup and removed all the db creation >>> part >>> leaving just the data "copy into..." section (that was fun). Ran >>> engine-cleanup then engine-setup then tried to restore just the >>> data. >>> >>> no joy there either. >>> >>> The system is CentOS 6.3 as are the hosts. This ran wonderfully >>> until I >>> goofed trying to get the cli and sdk updated. Without the >>> database >>> working, I have no way to know what vm is what in the ISCSI LVM >>> storage >>> system to even export to another platform. >>> >>> So I'm assuming my next step is panic (or total reinstall from >>> bare >>> iron?). I'm setting this up at work and today is my last day as >>> I'm >>> moving to a new job at a totally different organization. I'd >>> hate to >>> walk out and lose all the windows VMs and templates that were >>> built over >>> the last 2 months. >>> >>> >>> Do you still have the original backup of the database and the >>> contents of the original /etc/pki/ovirt-engine directory? With those >>> two things it is possible to recover. >>> >>> I would suggest the following procedure: >>> >>> 1. Make a clean installation of 3.1, exactly the same version that >>> you had before trying to update (make a backup of the database and >>> of the /etc/pki/ovirt-engine directory before, just in case). During >>> this installation use the answers that you used during the initial >>> installation (specially the passwords). >>> >>> 2. Stop the engine, then drop and recover the database as you >>> already did. >>> >>> 3. Restore the contents of the /etc/pki/ovirt-engine directory. >>> >>> 4. Start the engine. >>> >>> You should be able to log in with the same credentials that you used >>> in the original installation. >>> >>> >>> On Wed, Feb 6, 2013 at 8:43 AM, Jim Kinney < >>> jim.kinney(a)gmail.com >>> <mailto:jim.kinney@gmail.com> >>> <mailto:jim.kinney@gmail.com <mailto:jim.kinney@gmail.com>>**> >>> wrote: >>> >>> added 3.2 lines to dre ovirt yum repo (and disabled 3.1 - >>> probably >>> not good) and did engine-upgrade. >>> >>> Process choked at opening the CA cert and proceeded to >>> "rollback". >>> Didn't actually roll back as 3.1 repo was disabled. >>> >>> System still has 3.2 installed. Did yum update to pull in >>> the >>> cli/sdk 3.2 (wish I had done that first!). >>> >>> Engine starts but fails to open CA to run gui. found >>> following in log: >>> >>> 2013-02-05 14:02:40,825 ERROR [org.ovirt.engine.core. >>> engineencryptutils.__**EncryptionUtils] (MSC service >>> thread >>> 1-16) Can't >>> load keystore from file "/etc/pki/ovirt-engine/.__** >>> keystore". >>> >>> IOException: DerInputStream.getLength(): lengthTag=109, too >>> big. >>> 2013-02-05 14:02:40,826 ERROR >>> >>> [org.ovirt.engine.core.__**engineencryptutils.__**EncryptionUtils] >>> (MSC >>> >>> service thread 1-16) Failed to decrypt java.io.IOException: >>> DerInputStream.getLength(): lengthTag=109, too big. >>> 2013-02-05 14:02:40,827 ERROR >>> >>> [org.ovirt.engine.core.dal.__**dbbroker.generic.__**DBConfigUtils] >>> (MSC >>> >>> service thread 1-16) Failed to decrypt value for property >>> TruststorePass will be used encrypted value >>> 2013-02-05 14:02:40,829 WARN >>> [org.ovirt.engine.core.utils._**_ConfigUtilsBase] (MSC >>> >>> service thread >>> 1-16) Could not find enum value for option: >>> CertificatePassword >>> 2013-02-05 14:02:40,830 ERROR >>> >>> [org.ovirt.engine.core.__**engineencryptutils.__**EncryptionUtils] >>> (MSC >>> >>> service thread 1-16) Can't load keystore from file >>> "/etc/pki/ovirt-engine/.__**keystore". IOException: >>> >>> DerInputStream.getLength(): lengthTag=109, too big. >>> 2013-02-05 14:02:40,830 ERROR >>> >>> [org.ovirt.engine.core.__**engineencryptutils.__**EncryptionUtils] >>> (MSC >>> >>> service thread 1-16) Failed to decrypt java.io.IOException: >>> DerInputStream.getLength(): lengthTag=109, too big. >>> 2013-02-05 14:02:40,831 ERROR >>> >>> [org.ovirt.engine.core.dal.__**dbbroker.generic.__**DBConfigUtils] >>> (MSC >>> >>> service thread 1-16) Failed to decrypt value for property >>> LocalAdminPassword will be used encrypted value >>> 2013-02-05 14:02:40,833 ERROR >>> >>> [org.ovirt.engine.core.__**engineencryptutils.__**EncryptionUtils] >>> (MSC >>> >>> service thread 1-16) Can't load keystore from file >>> "/etc/pki/ovirt-engine/.__**keystore". IOException: >>> >>> DerInputStream.getLength(): lengthTag=109, too big. >>> 2013-02-05 14:02:40,834 ERROR >>> >>> [org.ovirt.engine.core.__**engineencryptutils.__**EncryptionUtils] >>> (MSC >>> >>> service thread 1-16) Failed to decrypt java.io.IOException: >>> DerInputStream.getLength(): lengthTag=109, too big. >>> >>> >>> On Tue, Feb 5, 2013 at 6:11 AM, Michael Pasternak >>> <mpastern(a)redhat.com <mailto:mpastern@redhat.com> >>> <mailto:mpastern@redhat.com <mailto:mpastern@redhat.com>>> >>> wrote: >>> >>> >>> Hi Jim, >>> >>> On 02/04/2013 08:33 PM, Jim Kinney wrote: >>> > I'm trying to setup a way to restart a large group >>> of windows >>> vms on a schedule. I'm getting a connection failure >>> that seems >>> related to the use of https but I'm not sure. >>> > >>> > error: __init__() got an unexpected keyword argument >>> 'source_address' >>> >>> This error is caused by running ovirt-sdk on a older >>> version of >>> python (less then python27), >>> please upgrade your sdk/cli with one shipped in 3.2 >>> (it's >>> backward compatible to 3.1). >>> >>> > >>> > I ran: >>> > ovirt-shell -A <path to server cert/certfile >>> exported from >>> browser> -c >>> > >>> > and my .ovirtshellrc is: >>> > >>> > [ovirt-shell] >>> > username = "admin@internal" >>> > url = https://my.internal.url/api >>> > #insecure = False >>> > #filter = False >>> > #timeout = -1 >>> > password = ********************** >>> > >>> > >>> > I tried putting the ca_cert = <path to cert> but >>> that clearly >>> was not allowed in .ovirtshellrc >>> >>> not related, but supported in 3.2 cli. >>> >>> > >>> > ideas? >>> > -- >>> > -- >>> > James P. Kinney III >>> > //// >>> > ////Every time you stop a school, you will have to >>> build a >>> jail. What you gain at one end you lose at the other. >>> It's like >>> feeding a dog on his own tail. It won't fatten >>> > the dog. >>> > - Speech 11/23/1900 Mark Twain >>> > //// >>> > http://electjimkinney.org >>> > http://heretothereideas.__blog**spot.com/<http://blogspot.com/> >>> <http://heretothereideas.**blogspot.com/<http://heretothereideas.blogsp... >>> > >>> > //// >>> > >>> > >>> > >>> > ______________________________**___________________ >>> >>> > Users mailing list >>> > Users(a)ovirt.org <mailto:Users@ovirt.org> >>> <mailto:Users@ovirt.org <mailto:Users@ovirt.org>> >>> > http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.o... >>> >>> <http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org... >>> > >>> >>> >>> -- >>> >>> Michael Pasternak >>> RedHat, ENG-Virtualization R&D >>> >>> >>> >>> >>> -- >>> -- >>> James P. Kinney III >>> //// >>> ////Every time you stop a school, you will have to build a >>> jail. >>> What you gain at one end you lose at the other. It's like >>> feeding a >>> dog on his own tail. It won't fatten the dog. >>> - Speech 11/23/1900 Mark Twain >>> //// >>> http://electjimkinney.org >>> http://heretothereideas.__blog**spot.com/<http://blogspot.com/> >>> >>> <http://heretothereideas.**blogspot.com/<http://heretothereideas.blogsp... >>> > >>> //// >>> >>> >>> >>> >>> -- >>> -- >>> James P. Kinney III >>> //// >>> ////Every time you stop a school, you will have to build a jail. >>> What >>> you gain at one end you lose at the other. It's like feeding a >>> dog on >>> his own tail. It won't fatten the dog. >>> - Speech 11/23/1900 Mark Twain >>> //// >>> http://electjimkinney.org >>> http://heretothereideas.__blog**spot.com/<http://blogspot.com/> >>> <http://heretothereideas.**blogspot.com/<http://heretothereideas.blogsp... >>> > >>> //// >>> >>> >>> ______________________________**___________________ >>> >>> Users mailing list >>> Users(a)ovirt.org <mailto:Users@ovirt.org> >>> http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.o... >>> >>> <http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org... >>> > >>> >>> >>> >>> -- >>> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, >>> planta 3ºD, 28016 Madrid, Spain >>> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat >>> S.L. >>> >>> >>> >>> ______________________________**_________________ >>> Users mailing list >>> Users(a)ovirt.org >>> http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org... >>> >>> >> >> -- >> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta >> 3ºD, 28016 Madrid, Spain >> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L. >> > > > > -- > -- > James P. Kinney III > * > *Every time you stop a school, you will have to build a jail. What you > gain at one end you lose at the other. It's like feeding a dog on his own > tail. It won't fatten the dog. > - Speech 11/23/1900 Mark Twain > * > http://electjimkinney.org > http://heretothereideas.blogspot.com/ > * -- -- James P. Kinney III * *Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain * http://electjimkinney.org http://heretothereideas.blogspot.com/ *