Thank you so much Alexander, everyhting works as expected now :)
Le 25/09/2015 16:14, Alexander Wels a écrit :
On Friday, September 25, 2015 11:27:11 AM Nathanaël Blanchet wrote:
> hi Yaniv,
>
> When using http request, ovirt tells me " I Failed to communicate with
>
> the external provider." and I get this on the foreman side:
> | Started GET "/api/v2" for 192.168.52.116 at 2015-09-25 11:18:32 +0200
>
> 2015-09-25 11:18:32 [app] [I] Processing by
> Api::V2::HomeController#index as JSON
> 2015-09-25 11:18:32 [app] [I] Parameters: {"apiv"=>"v2",
"home"=>{}}
> 2015-09-25 11:18:32 [app] [I] Redirected to
https://euphorbe.v3.abes.fr/api
> 2015-09-25 11:18:32 [app] [I] Filter chain halted as
> #<Proc:0x000000093503a0@/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-
> 3.2.8/lib/action_controller/metal/force_ssl.rb:28> rendered or redirected
> 2015-09-25 11:18:32 [app] [I] Completed 301 Moved Permanently in 1ms
> (ActiveRecord: 0.0ms)
>
> But no log comes using https on the foreman side and I get "Test Failed
> (unknown error)." with 5-09-25 11:25:31,181 ERROR
> [org.ovirt.engine.core.bll.GetProviderCertificateChainQuery]
> (ajp--127.0.0.1-8702-4) Error in encoding certificate. Error is {}
> java.io.IOException: Keystore was tampered with, or password was incorrect.
> I've just updated to 3.5.4 and otopi asked me for renewing the
> certificate. May it be the reason of the issue?
>
I actually just had a similar issue, basically if I tried to make a http
connection and clicked the test button. The foreman side would show me it is
doing a redirect (presumably to https), which the ovirt side doesn't handle
very well.
And if I tried to make a https request I would get the IOException Keystore
has been tampered with, or password was incorrect. For me it turned out the
/var/lib/ovirt-engine/external_truststore was corrupted. What normally will
happen when trying to make an https connection to foreman is it will receive
certificate from foreman, notice it is not trusted and ask the user to trust it
(and it will put it in the external_truststore, if the user trusts it). Since
it was corrupted it was unable to properly open the trust store and the
mentioned IOException would get logged.
Assuming your trust store is corrupted (Mine was only 32 bytes, it should be
much bigger), you can just rename it or delete it. And a new one will be
created when you try to make an HTTPS connection to foreman. Once I did both
(remove the corrupted trust store, and make an HTTPS connection). Everything
started working correctly for me.
> Le 25/09/2015 11:14, Yaniv Bronheim a écrit :
>> Hi Nathanael,
>>
>> This error means that the restAPI request to foreman returned an
>> error. Most of the time it is a communication issue.. but we can't
>> know much from this report.
>> Can you please share the production.log file from your foreman host?
>> Better to try to add the server as provider, get the error and then
>> check the production.log file - it will show us if engine request got
>> to foreman server, the internal fields and why foreman returned 5050.
>>
>> Greeting,
>> Yaniv Bronhaim.
>>
>> On Wed, Sep 23, 2015 at 5:31 PM, Nathanaël Blanchet <blanchet(a)abes.fr
>>
>> <mailto:blanchet@abes.fr>> wrote:
>> Hello,
>>
>> I have a working foreman 1.9.1 installed with katello 2.3.
>> ruby193-rubygem-ovirt_provision_plugin-1.0.1-1.el7 is also
>> installed on the same host.
>> But the issue is the same as below when testing in "add external
>> provider" from ovirt 3.5.4.
>> What can I do now?
>>
>> Le 06/11/2014 12:31, Oved Ourfali a écrit :
>> ----- Original Message -----
>>
>> From: "Daniel Helgenberger"
<daniel.helgenberger(a)m-box.de
>> <mailto:daniel.helgenberger@m-box.de>>
>> To: "Oved Ourfali" <oourfali(a)redhat.com
>> <mailto:oourfali@redhat.com>>
>> Cc: users(a)ovirt.org <mailto:users@ovirt.org>
>> Sent: Thursday, November 6, 2014 1:29:38 PM
>> Subject: Re: [ovirt-users] Foreman: Add external provider
>> (Failed with error PROVIDER_FAILURE and code 5050)
>>
>> On 06.11.2014 05:47, Oved Ourfali wrote:
>> These steps are also in the feature page
>>
>> Thanks Oved for pointing to the doc; my bad. I was using
>> the foreman
>> integration document [1]. Maybe the pages should be merged?
>>
>> Yaniv - you planned to merge them, right? That would be a good
>> time...
>>
>> , but it would be nice if you review them to see
>> nothing is missing.
>>
>>
http://www.ovirt.org/Features/AdvancedForemanIntegration
>>
>> With foreman 1.6 (at least) there is no need to enable the
>> nightly
>> builds any more as rb-ovirt is resolved by yum.
>>
>> Lastly, I think you need to enable foreman_discovery with
>> the foreman
>> installer to work and download images:
>>
>> # foreman-installer --enable-foreman-plugin-discovery
>> --foreman-plugin-discovery-install-images=true
>>
>> You have that already listed in the testing env setup; but
>> this needs to
>> be put in context with installing foreman-ovirt on the
>> foreman host.
>>
>> Yaniv - please add a note there too.
>>
>> Daniel - thanks for the review and the comments!
>>
>> Regards,
>> Oved
>>
>> Thanks
>> Oved
>>
>> [1]
http://www.ovirt.org/Features/ForemanIntegration
>>
>> On Nov 6, 2014 12:40 AM, Daniel Helgenberger
>> <daniel.helgenberger(a)m-box.de
>> <mailto:daniel.helgenberger@m-box.de>>
>>
>> wrote:
>> Answering my own question; and maybe a very
>> obvious cause for the
>> failing provider: the missiAnswering my own
>> question; and maybe a very
>> obvious cause for the
>>
>> failing provider: the missing provider plugin in forman!
>> So one needs to do:
>>
>> yum install ruby193-rubygem-ovirt_provision_plugin
>>
>> on the foreman host.
>>
>> After that, the connection test in the engine comes up
>> positive. Sadly,
>> this is not documented anywhere; only on the GitHub
>> repo readme [1].
>> This is also a little bit outdated, as the rbovirt
>> dependency is
>> resolved now automatically.
>>
>> Also, but I am not sure, the porvider lugin needs the
>> foreman_discovery
>> plugin to work:
>>
>> yum install ruby193-rubygem-foreman_discovery
>>
>> [1]
>>
https://github.com/theforeman/ovirt_provision_plugin/blob/
>> master/README.md
>>
>> On 29.10.2014 00:36, Daniel Helgenberger wrote:
>> Hello,
>>
>> did anyone actually get this working in oVirt 3.5
>> / EL6 - Engine? I am
>> trying this for two days now.
>>
>> Setup:
>> Engine; EL6.5
>> Foreman; EL6.5
>>
>> Foreman seems to do it's as I can use it to deploy
>> hosts and also smart
>> proxies are running fine.
>>
>> I have opened a BZ [1]; because this really can
>> not work out of the box
>> with EL6 plain vanilla packages. I wonder if this
>> was ever tested... ?
>> Java 7 used i n EL6 [4] does only support DH keys
>> up to 1024byte. This
>> is known issue in Foreman [2] as longer DH keys
>> are now used by default
>> in Foreman / PuppetCA.
>> A dirty fix confirmed working is adding default DH
>> parameters to the
>> foreman cert; effectively disabling it [3].
>>
>> So I got SSL working and I get beyond the
>> authentication (entering wrong
>> data gets me auth errors)- however, I am still not
>> able to add the
>> external provider. Pressing 'test' results in
>> (Failed with error PROVIDER_FAILURE and code 5050)
>>
>> Sample engine.log
>> 2014-10-28 23:49:40,860 ERROR
>> [org.ovirt.engine.core.bll.provider.TestProviderConnec
>> tivityCommand]
>> (ajp--127.0.0.1-8702-1) [6a3da4e7] Command
>> org.ovirt.engine.core.bll.provider.TestProviderConnect
>> ivityCommand
>> throw
>> Vdc Bll exception. With error message
>> VdcBLLException: PROVIDER_FAILURE
>> (Failed with error PROVIDER_FAILURE and code 5050)
>>
>> I can't find any more hints in oVirt; access logs
>> in Foreman are telling
>> me API queries by the engine. Did I miss a crucial
>> step in the foreman
>> setup? How can I debug this issue?
>>
>> I am willing to upgrade openjdk; provided this
>> does not break my engine...
>>
>> Thanks!
>>
>> [1]
>>
https://bugzilla.redhat.com/show_bug.cgi?id=1157749
>> [2]
https://tickets.puppetlabs.com/browse/SERVER-17
>> [3]
>>
http://httpd.apache.org/docs/current/ssl/ssl_faq.html#
>> javadh
>> [4] java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5.x86_64
>>
>> --
>> Daniel Helgenberger
>> m box bewegtbild GmbH
>>
>> P: +49/30/2408781-22
>> F: +49/30/2408781-10
>>
>> ACKERSTR. 19
>> D-10115 BERLIN
>>
>>
>>
www.m-box.de <
http://www.m-box.de> www.monkeymen.tv
>> <
http://www.monkeymen.tv>
>>
>> Geschäftsführer: Martin Retschitzegger / Michaela Göllner
>> Handeslregister: Amtsgericht Charlottenburg / HRB 112767
>>
>> _______________________________________________
>> Users mailing list
>> Users(a)ovirt.org <mailto:Users@ovirt.org>
>>
http://lists.ovirt.org/mailman/listinfo/users
>>
>> Supervision réseau
>> Pôle Infrastrutures Informatiques
>> 227 avenue Professeur-Jean-Louis-Viala
>> 34193 MONTPELLIER CEDEX 5
>> Tél. 33 (0)4 67 54 84 55
>> Fax 33 (0)4 67 54 84 14
>> blanchet(a)abes.fr <mailto:blanchet@abes.fr>
>>
>> _______________________________________________
>> Users mailing list
>> Users(a)ovirt.org <mailto:Users@ovirt.org>
>>
http://lists.ovirt.org/mailman/listinfo/users
--
Nathanaël Blanchet
Supervision réseau
Pôle Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
blanchet(a)abes.fr