On 16/03/18 15:21, Dominik Holler wrote:
On Fri, 16 Mar 2018 12:46:13 +0200 Kapetanakis Giannis <bilias@edu.physics.uoc.gr> wrote:
Hi,
After upgrading to 4.2.1 I have problems with ovn provider. I'm getting "Failed to synchronize networks of Provider ovirt-provider-ovn."
I use custom SSL certificate in apache and I guess this is the reason.
I've tried to update ovirt-provider-ovn.conf with [OVIRT] #ovirt-ca-file=/etc/pki/ovirt-engine/ca.pem ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem
but still no go
Would you share the lines in engine.log produced by clicking the "Test" button in the "Edit Provider" dialog? On Clicking the test button, are you asked about "Import provider certificate"?
I get ok in test: Test succeeded, managed to access provider. 2018-03-16 17:35:20,024+02 INFO [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default task-28) [9920f622-b878-45e1-a421-e76c0ab23470] Running command: TestProviderConnectivityCommand internal: false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group CREATE_STORAGE_POOL with role type ADMIN However a little bit later: ovirt-provider-ovn.log: 2018-03-16 17:37:27,827 requests.packages.urllib3.connectionpool Starting new HTTPS connection (1): engine-host 2018-03-16 17:37:27,827 requests.packages.urllib3.connectionpool Starting new HTTPS connection (1): engine-host 2018-03-16 17:37:27,832 root [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579) Traceback (most recent call last): File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 131, in _handle_request method, path_parts, content) File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, in handle_request return self.call_response_handler(handler, content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in call_response_handler return response_handler(content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line 62, in post_tokens user_password=user_password) File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 26, in create_token return auth.core.plugin.create_token(user_at_domain, user_password) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/plugin.py", line 48, in create_token timeout=self._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, in create_token username, password, engine_url, ca_file, timeout) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91, in _get_sso_token timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, in wrapper response = func(*args, **kwargs) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, in wrapper raise BadGateway(e) BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579) and in engine log: 2018-03-16 17:37:27,834+02 ERROR [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-27) [621c2b23] Command 'org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand' failed: EngineException: (Failed with error PROVIDER_FAILURE and code 5050) 2018-03-16 17:37:27,850+02 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engineScheduled-Thread-27) [621c2b23] EVENT_ID: PROVIDER_SYNCHRONIZED_FAILED(216), Failed to synchronize networks of Provider ovirt-provider-ovn. So the engine can talk with ovn but not the other way around as I understand. I think it might have to do with [SSL] settings of ovirt-provider-ovn.conf G