On Tue, Oct 12, 2021 at 8:55 AM dhanaraj.ramesh--- via Users <users@ovirt.org> wrote:
Hi Team
in one of the cluster infra, we are unable to upload the images or disks via gui. up on checking the /var/log/ovirt-imageio/daemon.log found that throwing ssl connection failure, help us to check what are we missing..
Which version? If you are on ovirt 4.4, please share output of: ovirt-imageio --show-config on engine.
We are using thirdparty CA approved SSL for web GUI..
2021-10-11 22:45:42,812 INFO (Thread-6) [http] OPEN connection=6 client=127.0.0.1 2021-10-11 22:45:42,812 INFO (Thread-6) [tickets] [127.0.0.1] REMOVE ticket=f18cff91-1fc4-43b6-91ea-ca2a11d409a6 2021-10-11 22:45:42,813 INFO (Thread-6) [http] CLOSE connection=6 client=127.0.0.1 [connection 1 ops, 0.000539 s] [dispatch 1 ops, 0.000216 s] 2021-10-11 22:45:43,621 INFO (Thread-4) [images] [::ffff:10.12.23.212] OPTIONS ticket=53ff98f9-f429-4880-abe6-06c6c01473de 2021-10-11 22:45:43,621 INFO (Thread-4) [backends.http] Open backend netloc='renlovkvma01.test.lab:54322' path='/images/53ff98f9-f429-4880-abe6-06c6c01473de' cafile='/etc/pki/ovirt-engine/ca.pem' secure=True
Looks like the host is configured correctly - the http backend is using the right CA file to access the host.
2021-10-11 22:45:43,626 ERROR (Thread-4) [http] Server error ... self._sslobj.do_handshake() ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)
The CA file on engine side (/etc/pki/ovirt-engine/ca.pem) does not match the CA file on the host (/etc/pki/vdsm/certs/cacert.pem). Which files did you change when we added the thirdparty CA approved SSL? Nir