You should also make sure the host can ssh to itself and accept keys 

On Thu, Oct 25, 2018, 8:42 AM Jayme, <jaymef@gmail.com> wrote:

Darn autocorrect, sshd config rather 

On Thu, Oct 25, 2018, 7:29 AM Jarosław Prokopowski, <jprokopowski@gmail.com> wrote:

Hi,

Please help! :-) I couldn't find any solution via google.

I followed this document to create oVirt hyperconverged on 3 hosts using cockpit wizard:

https://ovirt.org/blog/2018/02/up-and-running-with-ovirt-4-2-and-gluster-storage/

System: CentOS Linux release 7.5.1804

All hosts can resolve each other names via DNS, ssh keys are exchanged and working. 

I added firewall rules based on oVirt installation guide. SSH is possible between all hosts using keys.

I cannot create the configuration and the error I get in the last step is:

------------------------------------------------------------------------------------------------------

PLAY [gluster_servers] *********************************************************

TASK [Run a shell script] ******************************************************

failed: [bq817storage.example.com] (item=/usr/share/gdeploy/scripts/grafton-sanity-check.sh -d sdb -h bq817storage.example.com, bq735storage.example.com, bq813storage.example.com) => {"item": "/usr/share/gdeploy/scripts/grafton-sanity-check.sh -d sdb -h bq817storage.example.com, bq735storage.example.com, bq813storage.example.com", "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", "unreachable": true}

fatal: [bq817storage.example.com]: UNREACHABLE! => {"changed": false, "msg": "All items completed", "results": [{"_ansible_ignore_errors": null, "_ansible_item_label": "/usr/share/gdeploy/scripts/grafton-sanity-check.sh -d sdb -h bq817storage.example.com, bq735storage.example.com, bq813storage.example.com", "_ansible_item_result": true, "item": "/usr/share/gdeploy/scripts/grafton-sanity-check.sh -d sdb -h bq817storage.example.com, bq735storage.example.com, bq813storage.example.com", "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", "unreachable": true}]}

to retry, use: --limit @/tmp/tmpYLHDCP/run-script.retry

PLAY RECAP *********************************************************************

bq817storage.example.com : ok=0    changed=0    unreachable=1    failed=0

Firewall rules:

oVirt engine host:

#firewall-cmd --list-all

public (active)

  target: default

  icmp-block-inversion: no

  interfaces: enp134s0f0 enp134s0f1

  sources:

  services: ssh dhcpv6-client cockpit glusterfs http https dns

  ports: 2222/tcp 6100/tcp 7410/udp 54323/tcp 2223/tcp 161/udp 111/tcp 5900-6923/tcp 5989/tcp 9090/tcp 16514/tcp 49152-49216/tcp 54321/tcp 54322/tcp 6081/udp

  protocols:

  masquerade: no

  forward-ports:

  source-ports:

  icmp-blocks:

  rich rules:

  

oVirt nodes:

#firewall-cmd --list-all

public (active)

  target: default

  icmp-block-inversion: no

  interfaces: enp134s0f0 enp134s0f1

  sources:

  services: ssh dhcpv6-client cockpit glusterfs dns

  ports: 2223/tcp 161/udp 111/tcp 5900-6923/tcp 5989/tcp 9090/tcp 16514/tcp 49152-49216/tcp 54321/tcp 54322/tcp 6081/udp

  protocols:

  masquerade: no

  forward-ports:

  source-ports:

  icmp-blocks:

---------------------------------------------------------------------------------

Thanks in advance

Jarson

_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/4KKTG4VVPG7WKRNBDJV6JWGOKPBMM2LB/