2:36 p.m.
Hello everyone,
I am trying to add a new host with the "ovirt.infra" role and use the following
Ansible snippet for it.
hosts:
- name: delirium
address: delirium.home
cluster: Matrix
public_key: true
power_management_enabled: true
I am getting the following error.
msg: 'Error message: [''Host delirium installation failed. Certificate
enrollment failed.'', ''An error has occurred during installation of Host
delirium: Certificate enrollment failed.'']'
Any ideas? The error does not say what exactly is wrong.
The following are my SSL certs.
[skrzetuski@delirium ~]$ sudo ls -lR /etc/pki/ovirt-engine/
/etc/pki/ovirt-engine/:
total 68
lrwxrwxrwx. 1 root root 28 Jan 2 23:51 apache-ca.pem ->
/etc/pki/ovirt-engine/ca.pem
-rw-r--r--. 1 root root 384 Jan 2 23:51 cacert.conf
-rw-r--r--. 1 root root 384 Jan 2 23:51 cacert.template
-rw-r--r--. 1 root root 384 Nov 12 14:16 cacert.template.in
-rw-r--r--. 1 root root 1647 Jan 3 01:12 ca.pem
-rw-r--r--. 1 root root 1444 Jan 2 23:51 cert.conf
drwxr-xr-x. 2 ovirt ovirt 4096 Jan 2 23:52 certs
-rw-r--r--. 1 root root 1444 Jan 2 23:51 cert.template
-rw-r--r--. 1 root root 1156 Nov 12 14:16 cert.template.in
-rw-r--r--. 1 ovirt ovirt 800 Jan 2 23:52 database.txt
-rw-r--r--. 1 ovirt ovirt 20 Jan 2 23:52 database.txt.attr
-rw-r--r--. 1 ovirt ovirt 20 Jan 2 23:52 database.txt.attr.old
-rw-r--r--. 1 ovirt ovirt 733 Jan 2 23:52 database.txt.old
drwxr-xr-x. 2 root root 4096 Jan 2 23:52 keys
-rw-r--r--. 1 root root 550 Nov 12 14:16 openssl.conf
drwxr-x---. 2 ovirt ovirt 20 Jan 2 23:51 private
drwxr-xr-x. 2 ovirt ovirt 4096 Jan 3 12:22 requests
-rw-r--r--. 1 ovirt ovirt 5 Jan 2 23:52 serial.txt
-rw-r--r--. 1 ovirt ovirt 5 Jan 2 23:52 serial.txt.old
/etc/pki/ovirt-engine/certs:
total 244
-rw-r--r--. 1 root root 1310 Jan 2 23:51 1000.pem
-rw-r--r--. 1 root root 5109 Jan 2 23:51 1001.pem
-rw-r--r--. 1 root root 5109 Jan 2 23:51 1002.pem
-rw-r--r--. 1 root root 5109 Jan 2 23:51 1003.pem
-rw-r--r--. 1 root root 5109 Jan 2 23:51 1004.pem
-rw-r--r--. 1 root root 5109 Jan 2 23:51 1005.pem
-rw-r--r--. 1 root root 5109 Jan 2 23:51 1006.pem
-rw-r--r--. 1 root root 5109 Jan 2 23:51 1007.pem
-rw-r--r--. 1 root root 5109 Jan 2 23:51 1008.pem
-rw-r--r--. 1 root root 5109 Jan 2 23:51 1009.pem
-rw-r--r--. 1 root root 4925 Jan 2 23:52 100A.pem
-rw-r--r--. 1 root root 5011 Jan 2 23:52 100B.pem
-rw-r--r--. 1 root root 5011 Jan 2 23:52 100C.pem
-rw-r--r--. 1 root root 1968 Jan 3 01:12 apache.cer
-rw-r--r--. 1 root root 5109 Jan 2 23:51 apache.cer.20200102235148
-rw-r--r--. 1 root root 1310 Jan 2 23:51 ca.der
-rw-r--r--. 1 root root 5109 Jan 2 23:51 engine.cer
-rw-r--r--. 1 root root 1727 Jan 2 23:51 imageio-proxy.cer
-rw-r--r--. 1 root root 5109 Jan 2 23:51 imageio-proxy.cer.20200102235148
-rw-r--r--. 1 root root 5109 Jan 2 23:51 jboss.cer
-rw-r--r--. 1 root root 1727 Jan 2 23:51 ovirt-provider-ovn.cer
-rw-r--r--. 1 root root 5109 Jan 2 23:51 ovirt-provider-ovn.cer.20200102235149
-rw-r--r--. 1 root root 1727 Jan 2 23:51 ovn-ndb.cer
-rw-r--r--. 1 root root 5109 Jan 2 23:51 ovn-ndb.cer.20200102235148
-rw-r--r--. 1 root root 1727 Jan 2 23:51 ovn-sdb.cer
-rw-r--r--. 1 root root 5109 Jan 2 23:51 ovn-sdb.cer.20200102235149
-rw-r--r--. 1 root root 1727 Jan 2 23:51 reports.cer
-rw-r--r--. 1 root root 5109 Jan 2 23:51 reports.cer.20200102235148
-rw-r--r--. 1 root root 4925 Jan 2 23:52 vmconsole-proxy-helper.cer
-rw-r--r--. 1 root root 5011 Jan 2 23:52 vmconsole-proxy-host.cer
-rw-r--r--. 1 root root 1391 Jan 2 23:52 vmconsole-proxy-host-cert.pub
-rw-r--r--. 1 root root 381 Jan 2 23:52 vmconsole-proxy-host.pub
-rw-r--r--. 1 root root 5011 Jan 2 23:52 vmconsole-proxy-user.cer
-rw-r--r--. 1 root root 1423 Jan 2 23:52 vmconsole-proxy-user-cert.pub
-rw-r--r--. 1 root root 381 Jan 2 23:52 vmconsole-proxy-user.pub
-rw-r--r--. 1 root root 1727 Jan 2 23:51 websocket-proxy.cer
-rw-r--r--. 1 root root 5109 Jan 2 23:51 websocket-proxy.cer.20200102235148
/etc/pki/ovirt-engine/keys:
total 84
-rw-r-----. 1 root ovirt 1675 Jan 3 01:12 apache.key.nopass
-rw-------. 1 root root 2709 Jan 2 23:51 apache.p12
-rw-------. 1 ovirt ovirt 1828 Jan 2 23:51 engine_id_rsa
-rw-------. 1 ovirt root 2709 Jan 2 23:51 engine.p12
-rw-------. 1 root root 1828 Jan 2 23:51 imageio-proxy.key.nopass
-rw-------. 1 root root 2709 Jan 2 23:51 imageio-proxy.p12
-rw-------. 1 ovirt root 2709 Jan 2 23:51 jboss.p12
-rw-------. 1 root root 1828 Jan 2 23:51
ovirt-provider-ovn.key.nopass
-rw-------. 1 root root 2709 Jan 2 23:51 ovirt-provider-ovn.p12
-rw-------. 1 root root 1828 Jan 2 23:51 ovn-ndb.key.nopass
-rw-------. 1 root root 2709 Jan 2 23:51 ovn-ndb.p12
-rw-------. 1 root root 1832 Jan 2 23:51 ovn-sdb.key.nopass
-rw-------. 1 root root 2709 Jan 2 23:51 ovn-sdb.p12
-rw-------. 1 root root 1828 Jan 2 23:51 reports.key.nopass
-rw-------. 1 root root 2709 Jan 2 23:51 reports.p12
-rw-------. 1 ovirt-vmconsole ovirt-vmconsole 1832 Jan 2 23:52
vmconsole-proxy-helper.key.nopass
-rw-------. 1 root root 2677 Jan 2 23:52
vmconsole-proxy-helper.p12
-rw-------. 1 root root 2693 Jan 2 23:52 vmconsole-proxy-host.p12
-rw-------. 1 root root 2693 Jan 2 23:52 vmconsole-proxy-user.p12
-rw-------. 1 ovirt ovirt 1828 Jan 2 23:51
websocket-proxy.key.nopass
-rw-------. 1 ovirt root 2709 Jan 2 23:51 websocket-proxy.p12
/etc/pki/ovirt-engine/private:
total 4
-rw-r-----. 1 ovirt ovirt 1675 Jan 2 23:51 ca.pem
/etc/pki/ovirt-engine/requests:
total 64
-rw-r--r--. 1 ovirt ovirt 862 Jan 3 12:04 192.168.1.5.req
-rw-r--r--. 1 root root 863 Jan 2 23:51 apache.req
-rw-r--r--. 1 root root 863 Jan 2 23:51 ca.csr
-rw-r--r--. 1 root root 863 Jan 2 23:51 engine.req
-rw-r--r--. 1 root root 863 Jan 2 23:51 imageio-proxy.req
-rw-r--r--. 1 root root 863 Jan 2 23:51 jboss.req
-rw-r--r--. 1 ovirt ovirt 862 Jan 3 12:11 delirium.home.req
-rw-r--r--. 1 ovirt ovirt 862 Jan 3 12:22 delirium.mysecretdomain.ch.req
-rw-r--r--. 1 root root 863 Jan 2 23:51 ovirt-provider-ovn.req
-rw-r--r--. 1 root root 863 Jan 2 23:51 ovn-ndb.req
-rw-r--r--. 1 root root 863 Jan 2 23:51 ovn-sdb.req
-rw-r--r--. 1 root root 863 Jan 2 23:51 reports.req
-rw-r--r--. 1 root root 863 Jan 2 23:52 vmconsole-proxy-helper.req
-rw-r--r--. 1 root root 863 Jan 2 23:52 vmconsole-proxy-host.req
-rw-r--r--. 1 root root 863 Jan 2 23:52 vmconsole-proxy-user.req
-rw-r--r--. 1 root root 863 Jan 2 23:51 websocket-proxy.req
Kind regards
skrzetuski
3:16 p.m.
New subject: Can't add host with "Certificate enrollment failed". Any ideas?
OK, reading logs helps. I accidently destroyed the CA file.
020-01-03 13:06:00,806+01 ERROR [org.ovirt.engine.core.utils.hostinstall.OpenSslCAWrapper]
(VdsDeploy) [3ef678c] Sign Certificate request failed with exit code 1
2020-01-03 13:06:00,806+01 ERROR
[org.ovirt.engine.core.utils.hostinstall.OpenSslCAWrapper] (VdsDeploy) [3ef678c] Sign
Certificate request script errors:
Using configuration from openssl.conf
CA certificate and CA private key do not match
140008583800720:error:0B080074:x509 certificate routines:X509_check_private_key:key values
mismatch:x509_cmp.c:341:
Cannot sign certificate
1785
days inactive
1785
days old
1 comments
1 participants
participants (1)
-
m.skrzetuski@gmail.com