6:40 p.m.
On 16/03/18 15:21, Dominik Holler wrote:
On Fri, 16 Mar 2018 12:46:13 +0200
Kapetanakis Giannis <bilias(a)edu.physics.uoc.gr> wrote:
> Hi,
>
> After upgrading to 4.2.1 I have problems with ovn provider.
> I'm getting "Failed to synchronize networks of Provider
> ovirt-provider-ovn."
>
> I use custom SSL certificate in apache and I guess this is the reason.
>
> I've tried to update ovirt-provider-ovn.conf with
> [OVIRT]
> #ovirt-ca-file=/etc/pki/ovirt-engine/ca.pem
> ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem
>
> but still no go
Would you share the lines in engine.log produced by clicking the "Test"
button in the "Edit Provider" dialog?
On Clicking the test button, are you asked about "Import provider
certificate"?
I get ok in test:
Test succeeded, managed to access provider.
2018-03-16 17:35:20,024+02 INFO
[org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default task-28)
[9920f622-b878-45e1-a421-e76c0ab23470] Running command: TestProviderConnectivityCommand
internal: false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type:
SystemAction group CREATE_STORAGE_POOL with role type ADMIN
However a little bit later:
ovirt-provider-ovn.log:
2018-03-16 17:37:27,827 requests.packages.urllib3.connectionpool Starting new HTTPS
connection (1): engine-host
2018-03-16 17:37:27,827 requests.packages.urllib3.connectionpool Starting new HTTPS
connection (1): engine-host
2018-03-16 17:37:27,832 root [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:579)
Traceback (most recent call last):
File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 131, in
_handle_request
method, path_parts, content)
File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175,
in handle_request
return self.call_response_handler(handler, content, parameters)
File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in
call_response_handler
return response_handler(content, parameters)
File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line 62,
in post_tokens
user_password=user_password)
File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 26, in
create_token
return auth.core.plugin.create_token(user_at_domain, user_password)
File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/plugin.py", line 48, in
create_token
timeout=self._timeout())
File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, in
create_token
username, password, engine_url, ca_file, timeout)
File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91, in
_get_sso_token
timeout=timeout
File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, in
wrapper
response = func(*args, **kwargs)
File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, in
wrapper
raise BadGateway(e)
BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
and in engine log:
2018-03-16 17:37:27,834+02 ERROR
[org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-27) [621c2b23] Command
'org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand' failed:
EngineException: (Failed with error PROVIDER_FAILURE and code 5050)
2018-03-16 17:37:27,850+02 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(EE-ManagedThreadFactory-engineScheduled-Thread-27) [621c2b23] EVENT_ID:
PROVIDER_SYNCHRONIZED_FAILED(216), Failed to synchronize networks of Provider
ovirt-provider-ovn.
So the engine can talk with ovn but not the other way around as I understand.
I think it might have to do with [SSL] settings of ovirt-provider-ovn.conf
G