7:29 a.m.
On Thu, Oct 22, 2015 at 2:15 PM, Simone Tiraboschi <stirabos(a)redhat.com>
wrote:
> 2015-10-21 17:36:33 DEBUG otopi.plugins.otopi.dialog.machine
> dialog.__logString:219 DIALOG:SEND ### Please input VDSM certificate
> chain that matches certificate request, top is issuer
> 2015-10-21 17:36:33 DEBUG otopi.plugins.otopi.dialog.machine
> dialog.__logString:219 DIALOG:SEND ###
> 2015-10-21 17:36:33 DEBUG otopi.plugins.otopi.dialog.machine
> dialog.__logString:219 DIALOG:SEND ### type
> '--=451b80dc-996f-432e-9e4f-2b29ef6d1141=--' in own line to mark end,
> '--=451b80dc-996f-ABORT-9e4f-2b29ef6d1141=--' aborts
> 2015-10-21 17:36:33 DEBUG otopi.context context._executeMethod:156 method
> exception
> Traceback (most recent call last):
> File "/tmp/ovirt-xP0lq4KMou/pythonlib/otopi/context.py", line 146, in
> _executeMethod
> method['method']()
> File
> "/tmp/ovirt-xP0lq4KMou/otopi-plugins/ovirt-host-common/vdsm/pki.py", line
> 319, in _misc
> '\n\nPlease input VDSM certificate chain that '
> File "/tmp/ovirt-xP0lq4KMou/otopi-plugins/otopi/dialog/machine.py",
> line 207, in queryMultiString
> v = self._readline()
> File "/tmp/ovirt-xP0lq4KMou/pythonlib/otopi/dialog.py", line 263, in
> _readline
> raise IOError(_('End of file'))
> IOError: End of file
> 2015-10-21 17:36:33 ERROR otopi.context context._executeMethod:165 Failed
> to execute stage 'Misc configuration': End of file
> 2015-10-21 17:36:33 DEBUG otopi.transaction transaction.abort:134
> aborting 'Yum Transaction'
> 2015-10-21 17:36:33 INFO otopi.plugins.otopi.packagers.yumpackager
> yumpackager.info:95 Yum Performing yum transaction rollback
> Loaded plugins: fastestmirror, langpacks
>
The issue seams to be there:
we have an input request on host-deploy to have somebody explicitly
trusting the VDSM cert chain but of course, being an automated process,
nobody will respond and so it failed.
Did you manually changed the engine cert or some others CA cert?
No.
The only thing is that I first ran
hosted-engine --deploy
without putting the hostname of engine inside /etc/hosts of hypervisor and
it failed (see my first mail of the thread), I think without doing anything
(at least at engine VM level, I don't know if it created a cert...), but
generating an answer file.
And then I ran, as you suggested (with the warning you noted)
hosted-engine --deploy --config-append=answer_file
Inside log of first run
(ovirt-hosted-engine-setup-20151021151938-j4hy5g.log) I see
2015-10-21 15:20:13 DEBUG
otopi.plugins.ovirt_hosted_engine_setup.pki.vdsmpki plugin.execute:936
execut
e-output: ('/bin/openssl', 'x509', '-noout', '-text',
'-in',
'/etc/pki/vdsm/libvirt-spice/server-cert.p
em') stdout:
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=EN, L=Test, O=Test, CN=TestCA
Validity
Not Before: Oct 21 13:20:13 2015 GMT
Not After : Oct 20 13:20:13 2018 GMT
Subject: C=EN, L=Test, O=Test, CN=Test
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:bd:f8:d4:a0:87:9e:20:7f:71:12:8d:8e:90:e0:
...
Inside the run with answer file
(ovirt-hosted-engine-setup-20151021170822-p1iv3y.log) I see
2015-10-21 17:08:22 DEBUG
otopi.plugins.ovirt_hosted_engine_setup.pki.vdsmpki plugin.execute:936
execute-output: ('/bin/openssl', 'x509', '-noout',
'-text', '-in',
'/etc/pki/vdsm/libvirt-spice/server-cert.pem') stdout:
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=EN, L=Test, O=Test, CN=TestCA
Validity
Not Before: Oct 21 13:20:13 2015 GMT
Not After : Oct 20 13:20:13 2018 GMT
Subject: C=EN, L=Test, O=Test, CN=Test
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:bd:f8:d4:a0:87:9e:20:7f:71:12:8d:8e:90:e0:
Any particular file or section in log files to cross check?
I can also start from scratch in case.... just to be sure that I don't get
into same problem, so that it can be useful to find it before...
Thanks,
Gianluca