This is a multi-part message in MIME format. --------------020700040008040105000200 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable hi Yaniv, When using http request, ovirt tells me " I Failed to communicate with=20 the external provider." and I get this on the foreman side: | Started GET "/api/v2" for 192.168.52.116 at 2015-09-25 11:18:32 +0200 2015-09-25 11:18:32 [app] [I] Processing by=20 Api::V2::HomeController#index as JSON 2015-09-25 11:18:32 [app] [I] Parameters: {"apiv"=3D>"v2", "home"=3D>{}= } 2015-09-25 11:18:32 [app] [I] Redirected to https://euphorbe.v3.abes.fr/a= pi 2015-09-25 11:18:32 [app] [I] Filter chain halted as=20 #<Proc:0x000000093503a0@/opt/rh/ruby193/root/usr/share/gems/gems/actionpa= ck-3.2.8/lib/action_controller/metal/force_ssl.rb:28>=20 rendered or redirected 2015-09-25 11:18:32 [app] [I] Completed 301 Moved Permanently in 1ms=20 (ActiveRecord: 0.0ms) But no log comes using https on the foreman side and I get "Test Failed=20 (unknown error)." with 5-09-25 11:25:31,181 ERROR=20 [org.ovirt.engine.core.bll.GetProviderCertificateChainQuery]=20 (ajp--127.0.0.1-8702-4) Error in encoding certificate. Error is {}=20 java.io.IOException: Keystore was tampered with, or password was incorrec= t. I've just updated to 3.5.4 and otopi asked me for renewing the=20 certificate. May it be the reason of the issue? Le 25/09/2015 11:14, Yaniv Bronheim a =C3=A9crit :
Hi Nathanael,
This error means that the restAPI request to foreman returned an=20 error. Most of the time it is a communication issue.. but we can't=20 know much from this report. Can you please share the production.log file from your foreman host? Better to try to add the server as provider, get the error and then=20 check the production.log file - it will show us if engine request got=20 to foreman server, the internal fields and why foreman returned 5050.
Greeting, Yaniv Bronhaim.
On Wed, Sep 23, 2015 at 5:31 PM, Nathana=C3=ABl Blanchet <blanchet@abes= .fr=20 <mailto:blanchet@abes.fr>> wrote:
Hello,
I have a working foreman 1.9.1 installed with katello 2.3. ruby193-rubygem-ovirt_provision_plugin-1.0.1-1.el7 is also installed on the same host. But the issue is the same as below when testing in "add external provider" from ovirt 3.5.4. What can I do now?
Le 06/11/2014 12:31, Oved Ourfali a =C3=A9crit :
----- Original Message -----
From: "Daniel Helgenberger" <daniel.helgenberger@m-box.de <mailto:daniel.helgenberger@m-box.de>> To: "Oved Ourfali" <oourfali@redhat.com <mailto:oourfali@redhat.com>> Cc: users@ovirt.org <mailto:users@ovirt.org> Sent: Thursday, November 6, 2014 1:29:38 PM Subject: Re: [ovirt-users] Foreman: Add external provider (Failed with error PROVIDER_FAILURE and code 5050)
On 06.11.2014 05:47, Oved Ourfali wrote:
These steps are also in the feature page
Thanks Oved for pointing to the doc; my bad. I was using the foreman integration document [1]. Maybe the pages should be merged?
Yaniv - you planned to merge them, right? That would be a good time...
, but it would be nice if you review them to see nothing is missing.
http://www.ovirt.org/Features/AdvancedForemanIntegratio= n
With foreman 1.6 (at least) there is no need to enable the nightly builds any more as rb-ovirt is resolved by yum.
Lastly, I think you need to enable foreman_discovery with the foreman installer to work and download images:
# foreman-installer --enable-foreman-plugin-discovery --foreman-plugin-discovery-install-images=3Dtrue
You have that already listed in the testing env setup; but this needs to be put in context with installing foreman-ovirt on the foreman host.
Yaniv - please add a note there too.
Daniel - thanks for the review and the comments!
Regards, Oved
Thanks Oved
[1] http://www.ovirt.org/Features/ForemanIntegration
On Nov 6, 2014 12:40 AM, Daniel Helgenberger <daniel.helgenberger@m-box.de <mailto:daniel.helgenberger@m-box.de>> wrote:
Answering my own question; and maybe a very obvious cause for the failing provider: the missiAnswering my own question; and maybe a very obvious cause for the
failing provider: the missing provider plugin in forman= ! So one needs to do:
yum install ruby193-rubygem-ovirt_provision_plugin
on the foreman host.
After that, the connection test in the engine comes up positive. Sadly, this is not documented anywhere; only on the GitHub repo readme [1]. This is also a little bit outdated, as the rbovirt dependency is resolved now automatically.
Also, but I am not sure, the porvider lugin needs the foreman_discovery plugin to work:
yum install ruby193-rubygem-foreman_discovery
[1] https://github.com/theforeman/ovirt_provision_plugin/bl= ob/master/README.md
On 29.10.2014 00:36, Daniel Helgenberger wrote:
Hello,
did anyone actually get this working in oVirt 3.5 / EL6 - Engine? I am trying this for two days now.
Setup: Engine; EL6.5 Foreman; EL6.5
Foreman seems to do it's as I can use it to deploy hosts and also smart proxies are running fine.
I have opened a BZ [1]; because this really can not work out of the box with EL6 plain vanilla packages. I wonder if this was ever tested... ? Java 7 used i n EL6 [4] does only support DH keys up to 1024byte. This is known issue in Foreman [2] as longer DH keys are now used by default in Foreman / PuppetCA. A dirty fix confirmed working is adding default DH parameters to the foreman cert; effectively disabling it [3].
So I got SSL working and I get beyond the authentication (entering wrong data gets me auth errors)- however, I am still not able to add the external provider. Pressing 'test' results in (Failed with error PROVIDER_FAILURE and code 5050)
Sample engine.log 2014-10-28 23:49:40,860 ERROR [org.ovirt.engine.core.bll.provider.TestProviderCon= nectivityCommand] (ajp--127.0.0.1-8702-1) [6a3da4e7] Command org.ovirt.engine.core.bll.provider.TestProviderConn= ectivityCommand throw Vdc Bll exception. With error message VdcBLLException: PROVIDER_FAILURE (Failed with error PROVIDER_FAILURE and code 5050)
I can't find any more hints in oVirt; access logs in Foreman are telling me API queries by the engine. Did I miss a crucial step in the foreman setup? How can I debug this issue?
I am willing to upgrade openjdk; provided this does not break my engine...
Thanks!
[1] https://bugzilla.redhat.com/show_bug.cgi?id=3D11577= 49 [2] https://tickets.puppetlabs.com/browse/SERVER-17 [3] http://httpd.apache.org/docs/current/ssl/ssl_faq.ht= ml#javadh [4] java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5.x86_6= 4
-- Daniel Helgenberger m box bewegtbild GmbH
P: +49/30/2408781-22 F: +49/30/2408781-10
ACKERSTR. 19 D-10115 BERLIN
www.m-box.de <http://www.m-box.de> www.monkeymen.tv <http://www.monkeymen.tv>
Gesch=C3=A4ftsf=C3=BChrer: Martin Retschitzegger / Michaela= G=C3=B6llner Handeslregister: Amtsgericht Charlottenburg / HRB 112767
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
--=20 Nathana=C3=ABl Blanchet
Supervision r=C3=A9seau P=C3=B4le Infrastrutures Informatiques 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 T=C3=A9l. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanchet@abes.fr <mailto:blanchet@abes.fr>
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
--=20 *Yaniv Bronhaim.*
--=20 Nathana=C3=ABl Blanchet Supervision r=C3=A9seau P=C3=B4le Infrastrutures Informatiques 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 =09 T=C3=A9l. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanchet@abes.fr --------------020700040008040105000200 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html> <head> <meta content=3D"text/html; charset=3Dutf-8" http-equiv=3D"Content-Ty= pe"> </head> <body bgcolor=3D"#FFFFFF" text=3D"#000000"> hi Yaniv,<br> <br> When using http request, ovirt tells me " I Failed to communicate with the external provider." and I get this on the foreman side:<br> =C2=A0| Started GET "/api/v2" for 192.168.52.116 at 2015-09-25 11:18:= 32 +0200<br> 2015-09-25 11:18:32 [app] [I] Processing by Api::V2::HomeController#index as JSON<br> 2015-09-25 11:18:32 [app] [I]=C2=A0=C2=A0 Parameters: {"apiv"=3D>"= v2", "home"=3D>{}}<br> 2015-09-25 11:18:32 [app] [I] Redirected to <a class=3D"moz-txt-link-freetext" href=3D"https://euphorbe.v3.abes.f= r/api">https://euphorbe.v3.abes.fr/api</a><br> 2015-09-25 11:18:32 [app] [I] Filter chain halted as #<a class=3D"moz-txt-link-rfc2396E" href=3D"mailto:Proc:0x00000009350= 3a0@/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_= controller/metal/force_ssl.rb:28"><Proc:0x000000093503a0@/opt/rh/ruby1= 93/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_controller/metal/= force_ssl.rb:28></a> rendered or redirected<br> 2015-09-25 11:18:32 [app] [I] Completed 301 Moved Permanently in 1ms (ActiveRecord: 0.0ms)<br> <br> But no log comes using https on the foreman side and I get "Test Failed (unknown error)." with 5-09-25 11:25:31,181 ERROR [org.ovirt.engine.core.bll.GetProviderCertificateChainQuery] (ajp--127.0.0.1-8702-4) Error in encoding certificate. Error is {} java.io.IOException: Keystore was tampered with, or password was incorrect. <br> I've just updated to 3.5.4 and otopi asked me for renewing the certificate. May it be the reason of the issue?<br> <br> <div class=3D"moz-cite-prefix">Le 25/09/2015 11:14, Yaniv Bronheim a =C3=A9crit=C2=A0:<br> </div> <blockquote cite=3D"mid:CANi4b2UqEh5LpbzJi7cYRZnTzNPCD1CAo870tsn+TJ4t5WkTBw@mail.gmai= l.com" type=3D"cite"> <div dir=3D"ltr"> <div>Hi Nathanael,</div> <div><br> </div> This error means that the restAPI request to foreman returned an error. Most of the time it is a communication issue.. but we can't know much from this report. <div>Can you please share the production.log file from your foreman host?=C2=A0</div> <div>Better to try to add the server as provider, get the error and then check the production.log file - it will show us if engine request got to foreman server, the internal fields and why foreman returned 5050.</div> <div><br> </div> <div>Greeting,</div> <div>Yaniv Bronhaim.</div> </div> <div class=3D"gmail_extra"><br> <div class=3D"gmail_quote">On Wed, Sep 23, 2015 at 5:31 PM, Nathana=C3=ABl Blanchet <span dir=3D"ltr"><<a moz-do-not-send=3D"true" href=3D"mailto:blanchet@abes.fr" target=3D"_blank"><a class=3D"moz-txt-link-abbreviated" hre= f=3D"mailto:blanchet@abes.fr">blanchet@abes.fr</a></a>></span> wrote:<= br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br> <br> I have a working foreman 1.9.1 installed with katello 2.3.<br=
ruby193-rubygem-ovirt_provision_plugin-1.0.1-1.el7 is also installed on the same host.<br> But the issue is the same as below when testing=C2=A0 in "add external provider" from ovirt 3.5.4.<br> What can I do now?<br> <br> Le 06/11/2014 12:31, Oved Ourfali a =C3=A9crit :<br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <br> ----- Original Message -----<br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Daniel Helgenberger" <<a moz-do-not-send=3D"true" href=3D"mailto:daniel.helgenberger@m-box.de" target=3D"_blank"><a class=3D"moz-txt-link-abbreviated"= href=3D"mailto:daniel.helgenberger@m-box.de">daniel.helgenberger@m-box.d= e</a></a>><br> To: "Oved Ourfali" <<a moz-do-not-send=3D"true" href=3D"mailto:oourfali@redhat.com" target=3D"_blank">o= ourfali@redhat.com</a>><br> Cc: <a moz-do-not-send=3D"true" href=3D"mailto:users@ovirt.org" target=3D"_blank">users= @ovirt.org</a><br> Sent: Thursday, November 6, 2014 1:29:38 PM<br> Subject: Re: [ovirt-users] Foreman: Add external provider (Failed with error PROVIDER_FAILURE and code 5050)<br> <br> <br> <br> On 06.11.2014 05:47, Oved Ourfali wrote:<br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> These steps are also in the feature page<br> </blockquote> Thanks Oved for pointing to the doc; my bad. I was using the foreman<br> integration document [1]. Maybe the pages should be merged?<br> <br> </blockquote> Yaniv - you planned to merge them, right? That would be a good time...<br> <br> <br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> , but it would be nice if you review them to see nothing is missing.<br> <br> <a moz-do-not-send=3D"true" href=3D"http://www.ovirt.org/Features/AdvancedForeman= Integration" rel=3D"noreferrer" target=3D"_blank">http://www.ovirt= .org/Features/AdvancedForemanIntegration</a><br> </blockquote> With foreman 1.6 (at least) there is no need to enable the nightly<br> builds any more as rb-ovirt is resolved by yum.<br> <br> Lastly, I think you need to enable foreman_discovery with the foreman<br> installer to work and download images:<br> <br> # foreman-installer --enable-foreman-plugin-discovery<br> --foreman-plugin-discovery-install-images=3Dtrue<br> <br> You have that already listed in the testing env setup; but this needs to<br> be put in context with installing foreman-ovirt on the foreman host.<br> </blockquote> Yaniv - please add a note there too.<br> <br> Daniel - thanks for the review and the comments!<br> <br> Regards,<br> Oved<br> <br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Thanks<br> Oved<br> <br> </blockquote> [1] <a moz-do-not-send=3D"true" href=3D"http://www.ovirt.org/Features/ForemanIntegratio= n" rel=3D"noreferrer" target=3D"_blank">http://www.ovirt.o= rg/Features/ForemanIntegration</a><br> <br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> On Nov 6, 2014 12:40 AM, Daniel Helgenberger <<a moz-do-not-send=3D"true" href=3D"mailto:daniel.helgenberger@m-box.de" target=3D"_blank"><a class=3D"moz-txt-link-abbreviate= d" href=3D"mailto:daniel.helgenberger@m-box.de">daniel.helgenberger@m-box= .de</a></a>><br> wrote:<br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Answering my own question; and maybe a very obvious cause for the<br> failing provider: the missiAnswering my own question; and maybe a very<br> obvious cause for the<br> </blockquote> failing provider: the missing provider plugin in forman!<br> So one needs to do:<br> <br> yum install ruby193-rubygem-ovirt_provision_plugin<br> <br> on the foreman host.<br> <br> After that, the connection test in the engine comes up positive. Sadly,<br> this is not documented anywhere; only on the GitHub repo readme [1].<br> This is also a little bit outdated, as the rbovirt dependency is<br> resolved now automatically.<br> <br> Also, but I am not sure, the porvider lugin needs the foreman_discovery<br> plugin to work:<br> <br> yum install ruby193-rubygem-foreman_discovery<br> <br> [1]<br> <a moz-do-not-send=3D"true" href=3D"https://github.com/theforeman/ovirt_provision_plugin/blob/master/= README.md" rel=3D"noreferrer" target=3D"_blank">https://github.c= om/theforeman/ovirt_provision_plugin/blob/master/README.md</a><br> <br> On 29.10.2014 00:36, Daniel Helgenberger wrote:<br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Hello,<br> <br> did anyone actually get this working in oVirt 3.5 / EL6 - Engine? I am<br> trying this for two days now.<br> <br> Setup:<br> Engine; EL6.5<br> Foreman; EL6.5<br> <br> Foreman seems to do it's as I can use it to deploy hosts and also smart<br> proxies are running fine.<br> <br> I have opened a BZ [1]; because this really can not work out of the box<br> with EL6 plain vanilla packages. I wonder if this was ever tested... ?<br> Java 7 used i n EL6 [4] does only support DH keys up to 1024byte. This<br> is known issue in Foreman [2] as longer DH keys are now used by default<br> in Foreman / PuppetCA.<br> A dirty fix confirmed working is adding default DH parameters to the<br> foreman cert; effectively disabling it [3].<br> <br> So I got SSL working and I get beyond the authentication (entering wrong<br> data gets me auth errors)- however, I am still not able to add the<br> external provider. Pressing 'test' results in<br> (Failed with error PROVIDER_FAILURE and code 5050)<br=
<br> Sample engine.log<br> 2014-10-28 23:49:40,860 ERROR<br> [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand]<br> (ajp--127.0.0.1-8702-1) [6a3da4e7] Command<br> org.ovirt.engine.core.bll.provider.TestProviderConnec= tivityCommand throw<br> Vdc Bll exception. With error message VdcBLLException: PROVIDER_FAILURE<br> (Failed with error PROVIDER_FAILURE and code 5050)<br=
<br> I can't find any more hints in oVirt; access logs in Foreman are telling<br> me API queries by the engine. Did I miss a crucial step in the foreman<br> setup? How can I debug this issue?<br> <br> I am willing to upgrade openjdk; provided this does not break my engine...<br> <br> Thanks!<br> <br> [1] <a moz-do-not-send=3D"true" href=3D"https://bugzilla.redhat.com/show_bug.cgi?id= =3D1157749" rel=3D"noreferrer" target=3D"_blank">https://bugzil= la.redhat.com/show_bug.cgi?id=3D1157749</a><br> [2] <a moz-do-not-send=3D"true" href=3D"https://tickets.puppetlabs.com/browse/SERVE= R-17" rel=3D"noreferrer" target=3D"_blank">https://ticket= s.puppetlabs.com/browse/SERVER-17</a><br> [3] <a moz-do-not-send=3D"true" href=3D"http://httpd.apache.org/docs/current/ssl/ss= l_faq.html#javadh" rel=3D"noreferrer" target=3D"_blank">http://httpd.a= pache.org/docs/current/ssl/ssl_faq.html#javadh</a><br> [4] java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5.x86_64<= br> <br> </blockquote> </blockquote> --<br> Daniel Helgenberger<br> m box bewegtbild GmbH<br> <br> P: +49/30/2408781-22<br> F: +49/30/2408781-10<br> <br> ACKERSTR. 19<br> D-10115 BERLIN<br> <br> <br> <a moz-do-not-send=3D"true" href=3D"http://www.m-box.de" rel=3D"noreferrer" target=3D"_blank">www.m-box.de</a>=C2= =A0 <a moz-do-not-send=3D"true" href=3D"http://www.monkeymen.t= v" rel=3D"noreferrer" target=3D"_blank"><a class=3D"moz-tx= t-link-abbreviated" href=3D"http://www.monkeymen.tv">www.monkeymen.tv</a>= </a><br> <br> Gesch=C3=A4ftsf=C3=BChrer: Martin Retschitzegger / Michae= la G=C3=B6llner<br> Handeslregister: Amtsgericht Charlottenburg / HRB 112767<= br> <br> </blockquote> _______________________________________________<br> Users mailing list<br> <a moz-do-not-send=3D"true" href=3D"mailto:Users@ovirt.org" target=3D"_blank">Users@ovirt.org</a><br> <a moz-do-not-send=3D"true" href=3D"http://lists.ovirt.org/mailman/listinfo/users" rel=3D"noreferrer" target=3D"_blank">http://lists.ovirt.o= rg/mailman/listinfo/users</a><br> </blockquote> <br> -- <br> Nathana=C3=ABl Blanchet<br> <br> Supervision r=C3=A9seau<br> P=C3=B4le Infrastrutures Informatiques<br> 227 avenue Professeur-Jean-Louis-Viala<br> 34193 MONTPELLIER CEDEX 5=C2=A0 =C2=A0 =C2=A0 =C2=A0<br> T=C3=A9l. 33 (0)4 67 54 84 55<br> Fax=C2=A0 33 (0)4 67 54 84 14<br> <a moz-do-not-send=3D"true" href=3D"mailto:blanchet@abes.fr" target=3D"_blank">blanchet@abes.fr</a><br> <br> _______________________________________________<br> Users mailing list<br> <a moz-do-not-send=3D"true" href=3D"mailto:Users@ovirt.org" target=3D"_blank">Users@ovirt.org</a><br> <a moz-do-not-send=3D"true" href=3D"http://lists.ovirt.org/mailman/listinfo/users" rel=3D"noreferrer" target=3D"_blank">http://lists.ovirt.org= /mailman/listinfo/users</a><br> </blockquote> </div> <br> <br clear=3D"all"> <div><br> </div> -- <br> <div class=3D"gmail_signature"> <div dir=3D"ltr"> <div> <div dir=3D"ltr"> <div><span style=3D"font-size:12.8px"><b>Yaniv Bronhaim.<= /b></span><br> </div> </div> </div> </div> </div> </div> </blockquote> <br> <pre class=3D"moz-signature" cols=3D"72">--=20 Nathana=C3=ABl Blanchet Supervision r=C3=A9seau P=C3=B4le Infrastrutures Informatiques 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 =09 T=C3=A9l. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:blanchet@abes.fr">bl= anchet@abes.fr</a> </pre> </body> </html> --------------020700040008040105000200--