[ovirt-users] Re: Failed to synchronize networks of Provider ovirt-provider-ovn

--reconfigure-optional-components not helps. And the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf not exists after setup. [root@engine ~]# rm /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf [root@engine ~]# engine-setup --reconfigure-optional-components [ INFO ] Stage: Initializing [ INFO ] Stage: Environment setup Configuration files: ['/etc/ovirt-engine-setup.conf.d/10-packaging-jboss.conf', '/etc/ovirt-engine-setup.conf.d/10-packaging.conf', '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf'] Log file: /var/log/ovirt-engine/setup/ovirt-engine-setup-20191002131904-4iwth0.log Version: otopi-1.8.3 (otopi-1.8.3-1.el7) [ INFO ] Stage: Environment packages setup [ INFO ] Stage: Programs detection [ INFO ] Stage: Environment setup (late) [ INFO ] Stage: Environment customization --== PRODUCT OPTIONS ==-- Set up Cinderlib integration (Currently in tech preview) (Yes, No) [No]: [ INFO ] ovirt-provider-ovn already installed, skipping.

--== PACKAGES ==-- [ INFO ] Checking for product updates... [ INFO ] No product updates found --== NETWORK CONFIGURATION ==-- Setup can automatically configure the firewall on this system. Note: automatic configuration of the firewall may overwrite current settings. NOTICE: iptables is deprecated and will be removed in future releases Do you want Setup to configure the firewall? (Yes, No) [Yes]: [ INFO ] firewalld will be configured as firewall manager. --== DATABASE CONFIGURATION ==-- The detected DWH database size is 111 MB. Setup can backup the existing database. The time and space required for the database backup depend on its size. This process takes time, and in some cases (for instance, when the size is few GBs) may take several hours to complete. If you choose to not back up the database, and Setup later fails for some reason, it will not be able to restore the database and all DWH data will be lost. Would you like to backup the existing database before upgrading it? (Yes, No) [Yes]: Perform full vacuum on the oVirt engine history database ovirt_engine_history@localhost? This operation may take a while depending on this setup health and the configuration of the db vacuum process. See https://www.postgresql.org/docs/10/sql-vacuum.html (Yes, No) [No]: --== OVIRT ENGINE CONFIGURATION ==-- Perform full vacuum on the engine database engine@localhost? This operation may take a while depending on this setup health and the configuration of the db vacuum process. See https://www.postgresql.org/docs/10/sql-vacuum.html (Yes, No) [No]: --== STORAGE CONFIGURATION ==-- --== PKI CONFIGURATION ==-- [WARNING] Failed to read or parse '/etc/pki/ovirt-engine/keys/apache.p12' Perhaps it was changed since last Setup. Error was: Mac verify error: invalid password? --== APACHE CONFIGURATION ==-- --== SYSTEM CONFIGURATION ==-- --== MISC CONFIGURATION ==-- --== END OF CONFIGURATION ==-- [ INFO ] Stage: Setup validation During execution engine service will be stopped (OK, Cancel) [OK]: [ INFO ] Hosted Engine HA is in Global Maintenance mode. [WARNING] Less than 16384MB of memory is available [ INFO ] Cleaning stale zombie tasks and commands --== CONFIGURATION PREVIEW ==-- Default SAN wipe after delete : False Firewall manager : firewalld Update Firewall : True Host FQDN : engine.set.local Set up Cinderlib integration : False Engine database secured connection : False Engine database user name : engine Engine database name : engine Engine database host : localhost Engine database port : 5432 Engine database host name validation : False Engine installation : True PKI organization : set.local Set up ovirt-provider-ovn : True Configure WebSocket Proxy : True DWH installation : True DWH database secured connection : False DWH database host : localhost DWH database user name : ovirt_engine_history DWH database name : ovirt_engine_history Backup DWH database : True DWH database port : 5432 DWH database host name validation : False Configure Image I/O Proxy : True Configure VMConsole Proxy : True Please confirm installation settings (OK, Cancel) [OK]: [ INFO ] Cleaning async tasks and compensations [ INFO ] Unlocking existing entities [ INFO ] Checking the Engine database consistency [ INFO ] Stage: Transaction setup [ INFO ] Stopping engine service [ INFO ] Stopping ovirt-fence-kdump-listener service [ INFO ] Stopping dwh service [ INFO ] Stopping Image I/O Proxy service [ INFO ] Stopping vmconsole-proxy service [ INFO ] Stopping websocket-proxy service [ INFO ] Stage: Misc configuration (early) [ INFO ] Stage: Package installation [ INFO ] Stage: Misc configuration [ INFO ] Upgrading CA [ INFO ] Updating /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf to use apache key and certificate [ INFO ] Backing up database localhost:ovirt_engine_history to '/var/lib/ovirt-engine-dwh/backups/dwh-20191002132135.4DV89M.dump'. [ INFO ] Creating/refreshing DWH database schema [ INFO ] Configuring Image I/O Proxy [ INFO ] Configuring WebSocket Proxy [ INFO ] Backing up database localhost:engine to '/var/lib/ovirt-engine/backups/engine-20191002132145.CzmG31.dump'. [ INFO ] Creating/refreshing Engine database schema [ INFO ] Creating/refreshing Engine 'internal' domain database schema Unregistering existing client registration info. [ INFO ] Generating post install configuration file '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf' [ INFO ] Stage: Transaction commit [ INFO ] Stage: Closing up [ INFO ] Starting engine service [ INFO ] Starting dwh service [ INFO ] Restarting ovirt-vmconsole proxy service --== SUMMARY ==-- [ INFO ] Restarting httpd Web access is enabled at: http://engine.set.local:80/ovirt-engine https://engine.set.local:443/ovirt-engine Internal CA 98:A1:43:62:A6:0E:FE:4E:13:FA:0E:3F:F8:68:0C:62:01:31:16:BA SSH fingerprint: SHA256:NrIqDX9x7XrqE7CXpm/D9xpqnF9J162+42xiFiR5m1s [WARNING] Less than 16384MB of memory is available --== END OF SUMMARY ==-- [ INFO ] Stage: Clean up Log file is located at /var/log/ovirt-engine/setup/ovirt-engine-setup-20191002131904-4iwth0.log [ INFO ] Generating answer file '/var/lib/ovirt-engine/setup/answers/20191002132222-setup.conf' [ INFO ] Stage: Pre-termination [ INFO ] Stage: Termination [ INFO ] Execution of setup completed successfully [root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log error = stream.connect() File "/usr/lib64/python2.7/site-packages/ovs/stream.py", line 802, in connect self.socket.do_handshake() File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1716, in do_handshake self._raise_ssl_error(self._ssl, result) File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1456, in _raise_ssl_error _raise_current_error() File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue raise exception_type(errors) Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed’)] [root@engine ~]# ls -la /etc/ovirt-provider-ovn/conf.d/ итого 4 drwxr-xr-x. 2 root root 20 окт 2 13:19 . drwxr-xr-x. 3 root root 70 окт 2 01:14 .. -rw-r--r--. 1 root root 194 май 9 14:44 README 2 окт. 2019 г., в 10:11, Dominik Holler <dholler(a)redhat.com&gt; написал(а): On Wed, Oct 2, 2019 at 12:13 AM Mail SET Inc. Group <mail(a)set-pro.net&gt; wrote: > Few hours later i'm fixed SSL error, > Would you share how you fixed the error? This might also help to understand the next issue. > but get a new error > > 2019-10-02 01:02:38,369 root Starting server > 2019-10-02 01:02:38,369 root Version: 1.2.22-1 > 2019-10-02 01:02:38,369 root Build date: 20190509114402 > 2019-10-02 01:02:38,369 root Githash: 38acbde > 2019-10-02 01:02:46,471 root From: ::ffff:172.19.0.10:33644 Request: > POST /v2.0/tokens > 2019-10-02 01:02:46,471 root Request body: > {"auth": {"passwordCredentials": {"username": "admin@internal", > "password": "<PASSWORD_HIDDEN>"}}} > 2019-10-02 01:02:46,472 root Error during SSO authentication > invalid_request : Missing parameter: 'client_secret' > Traceback (most recent call last): > File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line > 138, in _handle_request > method, path_parts, content > File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", > line 175, in handle_request > return self.call_response_handler(handler, content, parameters) > File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in > call_response_handler > return response_handler(content, parameters) > File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", > line 69, in post_tokens > if not auth.validate_token(token): > File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 31, > in validate_token > return auth.core.plugin.validate_token(token) > File > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", > line 36, in validate_token > return self._is_user_name(token, _admin_user_name()) > File > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", > line 47, in _is_user_name > timeout=AuthorizationByUserName._timeout()) > File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line > 131, in get_token_info > timeout=timeout > File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line > 55, in wrapper > _check_for_error(response) > File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line > 181, in _check_for_error > result['error'], details)) > Unauthorized: Error during SSO authentication invalid_request : Missing > parameter: 'client_secret' > > > looks like the /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf does not fit to engine's db. Maybe most easy would be to move the current /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf away from /etc/ovirt-provider-ovn/conf.d/ and re-trigger the configuration by using the parameter '--reconfigure-optional-components' of engine-setup. Was the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf modified outside engine-setup? > 1 окт. 2019 г., в 22:53, Mail SET Inc. Group <mail(a)set-pro.net&gt; > написал(а): > > Hello! > Get problems with clean installation 4.3.6.6-1.el7 and OVN > > When i try to test OVN get notification: > «Import provider certificate» > Do you approve trusting self signed certificate subject CN=Certificate > Authority, O=SET.LOCAL, SHA-1 fingerprint > a9d9b91160bb306667a521e6f2c66037ddc437cb? > > When i’m press «Yes», see old problem: > Failed to communicate with the external provider, see log for additional > details. > > [root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log > timeout=self._timeout()) > File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line > 75, in create_token > username, password, engine_url, ca_file, timeout) > File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line > 91, in _get_sso_token > timeout=timeout > File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line > 54, in wrapper > response = func(*args, **kwargs) > File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line > 47, in wrapper > raise BadGateway(e) > BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed > (_ssl.c:618) > > [root@engine ~]# cat > /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf > # This file is automatically generated by engine-setup. Please do not > edit manually > [OVN REMOTE] > ovn-remote=ssl:127.0.0.1:6641 > [SSL] > https-enabled=true > ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem > ssl-cert-file=/etc/pki/ovirt-engine/certs/apache.cer > ssl-key-file=/etc/pki/ovirt-engine/keys/apache.key.nopass > [OVIRT] > ovirt-sso-client-id=ovirt-provider-ovn > ovirt-ca-file=/etc/pki/ovirt-engine/certs/engine.cer > ovirt-host=https://engine.set.local:443/ovirt-engine/ > <https://engine.set.local/ovirt-engine/> > ovirt-sso-client-secret=vy80-QmCNNv6wP7JFvN9GWhPmYvo0lBNl5J8hpiGRa4 > [NETWORK] > port-security-enabled-default=True > [PROVIDER] > provider-host=engine.set.local > > [root@engine ~]# python -c "import requests; \ > print requests.get('https://engine.set.local', \ > verify='/etc/pki/ovirt-engine/apache-ca.pem')" > <Response [200]> > > What’s wrong ? > > > _______________________________________________ > Users mailing list -- users(a)ovirt.org > To unsubscribe send an email to users-leave(a)ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/IDUB3LOJHLR...