[ovirt-users] Re: Failed to synchronize networks of Provider ovirt-provider-ovn

On Wed, Oct 2, 2019 at 12:29 PM Mail SET Inc. Group <mail(a)set-pro.net&gt; wrote: > --reconfigure-optional-components not helps. And the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf > not exists after setup. > > [root@engine ~]# rm > /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf > > > [root@engine ~]# engine-setup --reconfigure-optional-components > [ INFO ] Stage: Initializing > [ INFO ] Stage: Environment setup > Configuration files: > ['/etc/ovirt-engine-setup.conf.d/10-packaging-jboss.conf', > '/etc/ovirt-engine-setup.conf.d/10-packaging.conf', > '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf'] > Log file: > /var/log/ovirt-engine/setup/ovirt-engine-setup-20191002131904-4iwth0.log > Version: otopi-1.8.3 (otopi-1.8.3-1.el7) > [ INFO ] Stage: Environment packages setup > [ INFO ] Stage: Programs detection > [ INFO ] Stage: Environment setup (late) > [ INFO ] Stage: Environment customization > > > --== PRODUCT OPTIONS ==-- > > > Set up Cinderlib integration > (Currently in tech preview) > (Yes, No) [No]: > [ INFO ] ovirt-provider-ovn already installed, skipping. > > > The old installation is still detected. 1. backup /etc/ovirt-provider-ovn/ 2. restore the original /etc/ovirt-provider-ovn/ovirt-provider-ovn.conf, e.g. to https://github.com/oVirt/ovirt-provider-ovn/blob/master/provider/ovirt-pr... 3. /backup etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf, 4. rename ovirt-provider-ovn external provider entity in oVirt webadmin, 5. comment OVESETUP_OVN/ovirtProviderOvnId in /etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf 6. engine-setup --reconfigure-optional-components 7. If modifications of the certificates are required, please create a new file in /etc/ovirt-provider-ovn/conf.d/ , e.g. 50-ssl-modifications Do these steps solve the problem for you? Dec 18 21:01:02 <dholler> password should be the usual admin@interal password > > --== PACKAGES ==-- > > > [ INFO ] Checking for product updates... > [ INFO ] No product updates found > > > --== NETWORK CONFIGURATION ==-- > > > Setup can automatically configure the firewall on this system. > Note: automatic configuration of the firewall may overwrite > current settings. > NOTICE: iptables is deprecated and will be removed in future > releases > Do you want Setup to configure the firewall? (Yes, No) [Yes]: > [ INFO ] firewalld will be configured as firewall manager. > > > --== DATABASE CONFIGURATION ==-- > > > The detected DWH database size is 111 MB. > Setup can backup the existing database. The time and space > required for the database backup depend on its size. This process takes > time, and in some cases (for instance, when the size is few GBs) may take > several hours to complete. > If you choose to not back up the database, and Setup later fails > for some reason, it will not be able to restore the database and all DWH > data will be lost. > Would you like to backup the existing database before upgrading > it? (Yes, No) [Yes]: > Perform full vacuum on the oVirt engine history > database ovirt_engine_history@localhost? > This operation may take a while depending on this setup health > and the > configuration of the db vacuum process. > See https://www.postgresql.org/docs/10/sql-vacuum.html > (Yes, No) [No]: > > > --== OVIRT ENGINE CONFIGURATION ==-- > > > Perform full vacuum on the engine database engine@localhost? > This operation may take a while depending on this setup health > and the > configuration of the db vacuum process. > See https://www.postgresql.org/docs/10/sql-vacuum.html > (Yes, No) [No]: > > > --== STORAGE CONFIGURATION ==-- > > > > > --== PKI CONFIGURATION ==-- > > > [WARNING] Failed to read or parse '/etc/pki/ovirt-engine/keys/apache.p12' > Perhaps it was changed since last Setup. > Error was: > Mac verify error: invalid password? > > > > > --== APACHE CONFIGURATION ==-- > > > > > --== SYSTEM CONFIGURATION ==-- > > > > > --== MISC CONFIGURATION ==-- > > > > > --== END OF CONFIGURATION ==-- > > > [ INFO ] Stage: Setup validation > During execution engine service will be stopped (OK, Cancel) > [OK]: > [ INFO ] Hosted Engine HA is in Global Maintenance mode. > [WARNING] Less than 16384MB of memory is available > [ INFO ] Cleaning stale zombie tasks and commands > > > --== CONFIGURATION PREVIEW ==-- > > > Default SAN wipe after delete : False > Firewall manager : firewalld > Update Firewall : True > Host FQDN : engine.set.local > Set up Cinderlib integration : False > Engine database secured connection : False > Engine database user name : engine > Engine database name : engine > Engine database host : localhost > Engine database port : 5432 > Engine database host name validation : False > Engine installation : True > PKI organization : set.local > Set up ovirt-provider-ovn : True > Configure WebSocket Proxy : True > DWH installation : True > DWH database secured connection : False > DWH database host : localhost > DWH database user name : ovirt_engine_history > DWH database name : ovirt_engine_history > Backup DWH database : True > DWH database port : 5432 > DWH database host name validation : False > Configure Image I/O Proxy : True > Configure VMConsole Proxy : True > > > Please confirm installation settings (OK, Cancel) [OK]: > [ INFO ] Cleaning async tasks and compensations > [ INFO ] Unlocking existing entities > [ INFO ] Checking the Engine database consistency > [ INFO ] Stage: Transaction setup > [ INFO ] Stopping engine service > [ INFO ] Stopping ovirt-fence-kdump-listener service > [ INFO ] Stopping dwh service > [ INFO ] Stopping Image I/O Proxy service > [ INFO ] Stopping vmconsole-proxy service > [ INFO ] Stopping websocket-proxy service > [ INFO ] Stage: Misc configuration (early) > [ INFO ] Stage: Package installation > [ INFO ] Stage: Misc configuration > [ INFO ] Upgrading CA > [ INFO ] Updating /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf to > use apache key and certificate > [ INFO ] Backing up database localhost:ovirt_engine_history to > '/var/lib/ovirt-engine-dwh/backups/dwh-20191002132135.4DV89M.dump'. > [ INFO ] Creating/refreshing DWH database schema > [ INFO ] Configuring Image I/O Proxy > [ INFO ] Configuring WebSocket Proxy > [ INFO ] Backing up database localhost:engine to > '/var/lib/ovirt-engine/backups/engine-20191002132145.CzmG31.dump'. > [ INFO ] Creating/refreshing Engine database schema > [ INFO ] Creating/refreshing Engine 'internal' domain database schema > Unregistering existing client registration info. > [ INFO ] Generating post install configuration file > '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf' > [ INFO ] Stage: Transaction commit > [ INFO ] Stage: Closing up > [ INFO ] Starting engine service > [ INFO ] Starting dwh service > [ INFO ] Restarting ovirt-vmconsole proxy service > > > --== SUMMARY ==-- > > > [ INFO ] Restarting httpd > Web access is enabled at: > http://engine.set.local:80/ovirt-engine > https://engine.set.local:443/ovirt-engine > Internal CA > 98:A1:43:62:A6:0E:FE:4E:13:FA:0E:3F:F8:68:0C:62:01:31:16:BA > SSH fingerprint: > SHA256:NrIqDX9x7XrqE7CXpm/D9xpqnF9J162+42xiFiR5m1s > [WARNING] Less than 16384MB of memory is available > > > --== END OF SUMMARY ==-- > > > [ INFO ] Stage: Clean up > Log file is located at > /var/log/ovirt-engine/setup/ovirt-engine-setup-20191002131904-4iwth0.log > [ INFO ] Generating answer file > '/var/lib/ovirt-engine/setup/answers/20191002132222-setup.conf' > [ INFO ] Stage: Pre-termination > [ INFO ] Stage: Termination > [ INFO ] Execution of setup completed successfully > > > [root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log > error = stream.connect() > File "/usr/lib64/python2.7/site-packages/ovs/stream.py", line 802, in > connect > self.socket.do_handshake() > File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1716, in > do_handshake > self._raise_ssl_error(self._ssl, result) > File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1456, in > _raise_ssl_error > _raise_current_error() > File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in > exception_from_error_queue > raise exception_type(errors) > Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate > verify failed’)] > > > [root@engine ~]# ls -la /etc/ovirt-provider-ovn/conf.d/ > итого 4 > drwxr-xr-x. 2 root root 20 окт 2 13:19 . > drwxr-xr-x. 3 root root 70 окт 2 01:14 .. > -rw-r--r--. 1 root root 194 май 9 14:44 README > > > > 2 окт. 2019 г., в 10:11, Dominik Holler <dholler(a)redhat.com&gt; написал(а): > > > > On Wed, Oct 2, 2019 at 12:13 AM Mail SET Inc. Group <mail(a)set-pro.net&gt; > wrote: > >> Few hours later i'm fixed SSL error, >> > > Would you share how you fixed the error? > This might also help to understand the next issue. > > > >> but get a new error >> >> 2019-10-02 01:02:38,369 root Starting server >> 2019-10-02 01:02:38,369 root Version: 1.2.22-1 >> 2019-10-02 01:02:38,369 root Build date: 20190509114402 >> 2019-10-02 01:02:38,369 root Githash: 38acbde >> 2019-10-02 01:02:46,471 root From: ::ffff:172.19.0.10:33644 Request: >> POST /v2.0/tokens >> 2019-10-02 01:02:46,471 root Request body: >> {"auth": {"passwordCredentials": {"username": "admin@internal", >> "password": "<PASSWORD_HIDDEN>"}}} >> 2019-10-02 01:02:46,472 root Error during SSO authentication >> invalid_request : Missing parameter: 'client_secret' >> Traceback (most recent call last): >> File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line >> 138, in _handle_request >> method, path_parts, content >> File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", >> line 175, in handle_request >> return self.call_response_handler(handler, content, parameters) >> File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in >> call_response_handler >> return response_handler(content, parameters) >> File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", >> line 69, in post_tokens >> if not auth.validate_token(token): >> File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 31, >> in validate_token >> return auth.core.plugin.validate_token(token) >> File >> "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", >> line 36, in validate_token >> return self._is_user_name(token, _admin_user_name()) >> File >> "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", >> line 47, in _is_user_name >> timeout=AuthorizationByUserName._timeout()) >> File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line >> 131, in get_token_info >> timeout=timeout >> File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line >> 55, in wrapper >> _check_for_error(response) >> File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line >> 181, in _check_for_error >> result['error'], details)) >> Unauthorized: Error during SSO authentication invalid_request : Missing >> parameter: 'client_secret' >> >> >> > > looks like the > /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf > does not fit to engine's db. > > Maybe most easy would be to move the current > /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf > away from /etc/ovirt-provider-ovn/conf.d/ and re-trigger the > configuration by using the > parameter '--reconfigure-optional-components' of engine-setup. > > Was the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf > modified outside engine-setup? > > >> 1 окт. 2019 г., в 22:53, Mail SET Inc. Group <mail(a)set-pro.net&gt; >> написал(а): >> >> Hello! >> Get problems with clean installation 4.3.6.6-1.el7 and OVN >> >> When i try to test OVN get notification: >> «Import provider certificate» >> Do you approve trusting self signed certificate subject CN=Certificate >> Authority, O=SET.LOCAL, SHA-1 fingerprint >> a9d9b91160bb306667a521e6f2c66037ddc437cb? >> >> When i’m press «Yes», see old problem: >> Failed to communicate with the external provider, see log for additional >> details. >> >> [root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log >> timeout=self._timeout()) >> File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line >> 75, in create_token >> username, password, engine_url, ca_file, timeout) >> File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line >> 91, in _get_sso_token >> timeout=timeout >> File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line >> 54, in wrapper >> response = func(*args, **kwargs) >> File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line >> 47, in wrapper >> raise BadGateway(e) >> BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed >> (_ssl.c:618) >> >> [root@engine ~]# cat >> /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf >> # This file is automatically generated by engine-setup. Please do not >> edit manually >> [OVN REMOTE] >> ovn-remote=ssl:127.0.0.1:6641 >> [SSL] >> https-enabled=true >> ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem >> ssl-cert-file=/etc/pki/ovirt-engine/certs/apache.cer >> ssl-key-file=/etc/pki/ovirt-engine/keys/apache.key.nopass >> [OVIRT] >> ovirt-sso-client-id=ovirt-provider-ovn >> ovirt-ca-file=/etc/pki/ovirt-engine/certs/engine.cer >> ovirt-host=https://engine.set.local:443/ovirt-engine/ >> <https://engine.set.local/ovirt-engine/> >> ovirt-sso-client-secret=vy80-QmCNNv6wP7JFvN9GWhPmYvo0lBNl5J8hpiGRa4 >> [NETWORK] >> port-security-enabled-default=True >> [PROVIDER] >> provider-host=engine.set.local >> >> [root@engine ~]# python -c "import requests; \ >> print requests.get('https://engine.set.local', \ >> verify='/etc/pki/ovirt-engine/apache-ca.pem')" >> <Response [200]> >> >> What’s wrong ? >> >> >> _______________________________________________ >> Users mailing list -- users(a)ovirt.org >> To unsubscribe send an email to users-leave(a)ovirt.org >> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >> oVirt Code of Conduct: >> https://www.ovirt.org/community/about/community-guidelines/ >> List Archives: >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/IDUB3LOJHLR... > > >