Hi, the issue has been fixed on master, it seems that you are using old ovirt-engine and/or old ansible-runner-service. Please upgrade to latest released ovirt-engine with ansible-runner-service-1.0.2 and python3-ansible-runner-1.4.5 Regards, Martin On Wed, May 6, 2020 at 6:50 AM Sakari Poussa <spoussa(a)gmail.com&gt; wrote: > Hi, > > I am using 4.4 beta4 and not able to add new hosts to the datacenter. > Also "Enroll Certificate" fails. > > On nodes, I get the following error message: > > libvirtd[20399]: Unable to import CA certificate list > /etc/pki/vdsm/certs/cacert.pem > > The root cause is the malformed cert: > > $ cat /etc/pki/vdsm/certs/cacert.pem > -----BEGIN CERTIFICATE-----\nMIID XXX > > That, is the .pem file is just one long line with \n characters instead > of real newlines. If I convert the \n to real newlines libvirtd starts but > that is not the end solution since other issues surfaces. > > The malforming happens when the engine copies (via ansible) the CA cert > to the node(s). > > Any ideas what is going on? > > Thanks, Sakari > > > > > _______________________________________________ > Users mailing list -- users(a)ovirt.org > To unsubscribe send an email to users-leave(a)ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/TZ6EA3X257Y... > -- Martin Perina Manager, Software Engineering Red Hat Czech s.r.o.

Hi Martin, Seems that I am running the correct versions. Can you elaborate what the issue is/was and where is the fix? I can then dive deeper with my debugging.

Thanks, Sakari $ dnf info python3-ansible-runner ansible-runner-service Last metadata expiration check: 0:02:12 ago on Wed 06 May 2020 09:51:37 AM EEST. Installed Packages Name : ansible-runner-service Version : 1.0.2 Release : 1.el8 Architecture : noarch Size : 252 k Source : ansible-runner-service-1.0.2-1.el8.src.rpm Repository : @System From repo : ovirt-4.4-centos-ovirt44 Summary : RESTful API for ansible/ansible_runner execution License : ASL 2.0 Description : This package provides the Ansible Runner Service source files. Ansible runner service exposes a REST API interface on top of the functionality provided by ansible and : ansible_runner. : : The Ansible Runner Service provided in this packages is intended to be used as uwgsi app exposed by Nginx in a Container. : Dependencies, and configuration tasks must be performed in the container. : : Ansible Runner Service listens on https://localhost:5001 by default for playbook or ansible inventory requests. For developers interested in using the API, all the available : endpoints are documented at https://localhost:5001/api. : : In addition to the API endpoints, the daemon also provides a /metrics endpoint for prometheus integration. A sample Grafana dashboard is provided within : /usr/share/doc/ansible-runner-service Name : python3-ansible-runner Version : 1.4.5 Release : 1.el8 Architecture : noarch Size : 340 k Source : ansible-runner-1.4.5-1.el8.src.rpm Repository : @System From repo : ovirt-4.4-centos-ovirt44 Summary : A tool and python library to interface with Ansible URL : https://github.com/ansible/ansible-runner License : ASL 2.0 Description : Ansible Runner is a tool and python library that helps when interfacing with : Ansible from other systems whether through a container image interface, as a : standalone tool, or imported into a python project. On Wed, May 6, 2020 at 9:27 AM Martin Perina <mperina(a)redhat.com&gt; wrote: > Hi, > > the issue has been fixed on master, it seems that you are using old > ovirt-engine and/or old ansible-runner-service. Please upgrade to latest > released ovirt-engine with ansible-runner-service-1.0.2 and > python3-ansible-runner-1.4.5 > > Regards, > Martin > > > On Wed, May 6, 2020 at 6:50 AM Sakari Poussa <spoussa(a)gmail.com&gt; wrote: > >> Hi, >> >> I am using 4.4 beta4 and not able to add new hosts to the datacenter. >> Also "Enroll Certificate" fails. >> >> On nodes, I get the following error message: >> >> libvirtd[20399]: Unable to import CA certificate list >> /etc/pki/vdsm/certs/cacert.pem >> >> The root cause is the malformed cert: >> >> $ cat /etc/pki/vdsm/certs/cacert.pem >> -----BEGIN CERTIFICATE-----\nMIID XXX >> >> That, is the .pem file is just one long line with \n characters instead >> of real newlines. If I convert the \n to real newlines libvirtd starts but >> that is not the end solution since other issues surfaces. >> >> The malforming happens when the engine copies (via ansible) the CA cert >> to the node(s). >> >> Any ideas what is going on? >> >> Thanks, Sakari >> >> >> >> >> _______________________________________________ >> Users mailing list -- users(a)ovirt.org >> To unsubscribe send an email to users-leave(a)ovirt.org >> Privacy Statement: https://www.ovirt.org/privacy-policy.html >> oVirt Code of Conduct: >> https://www.ovirt.org/community/about/community-guidelines/ >> List Archives: >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/TZ6EA3X257Y... >> > > > -- > Martin Perina > Manager, Software Engineering > Red Hat Czech s.r.o. > -- Sakari Poussa 040 348 2970

Thanks for the clarification. I would really like to avoid starting to build engine myself. Do you have a public CI that builds master so I can pick up the engine rpm from there? When do you plan to release beta5? Thanks, Sakari On Wed, May 6, 2020 at 11:52 AM Martin Perina <mperina(a)redhat.com&gt; wrote: > > On Wed, May 6, 2020 at 9:00 AM Sakari Poussa <spoussa(a)gmail.com&gt; wrote: > >> Hi Martin, >> >> Seems that I am running the correct versions. Can you elaborate what the >> issue is/was and where is the fix? I can then dive deeper with my debugging. >> > > We have changed the way how parameters are passed from engine through > ansible-runner-service to ansible-runner to eliminate parameter escaping > and still allowing parallel playbooks execution. So you also need to have > patch https://gerrit.ovirt.org/108532 included in your ovirt-engine, > which removes the additional escaping. > >> >> Thanks, Sakari >> >> $ dnf info python3-ansible-runner ansible-runner-service >> Last metadata expiration check: 0:02:12 ago on Wed 06 May 2020 09:51:37 >> AM EEST. >> Installed Packages >> Name : ansible-runner-service >> Version : 1.0.2 >> Release : 1.el8 >> Architecture : noarch >> Size : 252 k >> Source : ansible-runner-service-1.0.2-1.el8.src.rpm >> Repository : @System >> From repo : ovirt-4.4-centos-ovirt44 >> Summary : RESTful API for ansible/ansible_runner execution >> License : ASL 2.0 >> Description : This package provides the Ansible Runner Service source >> files. Ansible runner service exposes a REST API interface on top of the >> functionality provided by ansible and >> : ansible_runner. >> : >> : The Ansible Runner Service provided in this packages is >> intended to be used as uwgsi app exposed by Nginx in a Container. >> : Dependencies, and configuration tasks must be performed >> in the container. >> : >> : Ansible Runner Service listens on https://localhost:5001 >> by default for playbook or ansible inventory requests. For developers >> interested in using the API, all the available >> : endpoints are documented at https://localhost:5001/api. >> : >> : In addition to the API endpoints, the daemon also >> provides a /metrics endpoint for prometheus integration. A sample Grafana >> dashboard is provided within >> : /usr/share/doc/ansible-runner-service >> >> Name : python3-ansible-runner >> Version : 1.4.5 >> Release : 1.el8 >> Architecture : noarch >> Size : 340 k >> Source : ansible-runner-1.4.5-1.el8.src.rpm >> Repository : @System >> From repo : ovirt-4.4-centos-ovirt44 >> Summary : A tool and python library to interface with Ansible >> URL : https://github.com/ansible/ansible-runner >> License : ASL 2.0 >> Description : Ansible Runner is a tool and python library that helps >> when interfacing with >> : Ansible from other systems whether through a container >> image interface, as a >> : standalone tool, or imported into a python project. >> >> >> On Wed, May 6, 2020 at 9:27 AM Martin Perina <mperina(a)redhat.com&gt; wrote: >> >>> Hi, >>> >>> the issue has been fixed on master, it seems that you are using old >>> ovirt-engine and/or old ansible-runner-service. Please upgrade to latest >>> released ovirt-engine with ansible-runner-service-1.0.2 and >>> python3-ansible-runner-1.4.5 >>> >>> Regards, >>> Martin >>> >>> >>> On Wed, May 6, 2020 at 6:50 AM Sakari Poussa <spoussa(a)gmail.com&gt; wrote: >>> >>>> Hi, >>>> >>>> I am using 4.4 beta4 and not able to add new hosts to the datacenter. >>>> Also "Enroll Certificate" fails. >>>> >>>> On nodes, I get the following error message: >>>> >>>> libvirtd[20399]: Unable to import CA certificate list >>>> /etc/pki/vdsm/certs/cacert.pem >>>> >>>> The root cause is the malformed cert: >>>> >>>> $ cat /etc/pki/vdsm/certs/cacert.pem >>>> -----BEGIN CERTIFICATE-----\nMIID XXX >>>> >>>> That, is the .pem file is just one long line with \n characters >>>> instead of real newlines. If I convert the \n to real newlines libvirtd >>>> starts but that is not the end solution since other issues surfaces. >>>> >>>> The malforming happens when the engine copies (via ansible) the CA >>>> cert to the node(s). >>>> >>>> Any ideas what is going on? >>>> >>>> Thanks, Sakari >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Users mailing list -- users(a)ovirt.org >>>> To unsubscribe send an email to users-leave(a)ovirt.org >>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html >>>> oVirt Code of Conduct: >>>> https://www.ovirt.org/community/about/community-guidelines/ >>>> List Archives: >>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/TZ6EA3X257Y... >>>> >>> >>> >>> -- >>> Martin Perina >>> Manager, Software Engineering >>> Red Hat Czech s.r.o. >>> >> >> >> -- >> Sakari Poussa >> 040 348 2970 >> > > > -- > Martin Perina > Manager, Software Engineering > Red Hat Czech s.r.o. > -- Sakari Poussa 040 348 2970