Reverting back to the original cert would take me past that error but would just continue to spam the message until timeout

[ INFO ] Still waiting for VDSM host to become operational...

Logs seem to just repeat

2014-01-29 17:44:53 DEBUG otopi.plugins.ovirt_hosted_engine_setup.engine.add_host add_host._wait_host_ready:229 VDSM host in state

2014-01-29 17:44:54 DEBUG otopi.plugins.ovirt_hosted_engine_setup.engine.add_host add_host._wait_host_ready:213 Error fetching host state: 'NoneType' object has no attribute 'status'

2014-01-29 17:44:54 DEBUG otopi.plugins.ovirt_hosted_engine_setup.engine.add_host add_host._wait_host_ready:229 VDSM host in state

2014-01-29 17:44:55 DEBUG otopi.plugins.ovirt_hosted_engine_setup.engine.add_host add_host._wait_host_ready:213 Error fetching host state: 'NoneType' object has no attribute 'status'

2014-01-29 17:44:55 DEBUG otopi.plugins.ovirt_hosted_engine_setup.engine.add_host add_host._wait_host_ready:229 VDSM host in state

2014-01-29 17:44:56 DEBUG otopi.plugins.ovirt_hosted_engine_setup.engine.add_host add_host._wait_host_ready:213 Error fetching host state: 'NoneType' object has no attribute 'status'

2014-01-29 17:44:56 DEBUG otopi.plugins.ovirt_hosted_engine_setup.engine.add_host add_host._wait_host_ready:229 VDSM host in state

On Wed, Jan 29, 2014 at 5:38 PM, Andrew Lau <andrew@andrewklau.com> wrote:

Hi,

After running through the new patch posted in BZ 1055153 I'm adding a second host to the hosted-engine cluster but it seems to fail right before the finish:

[ ERROR ] Failed to execute stage 'Closing up': [ERROR]::oVirt API connection failure, [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Couple Extra Notes:
Engine has a custom SSL cert but the CA has been trusted by the new host. When I temporarily return the engine's SSL back to the default generated one the install will succeed.

Setup logs: http://www.fpaste.org/72624/13909770/

What confuses me is:

curl https://engine.example.net with the custom SSL cert will succeed but with the original self-signed gives the expected "insecure" message. What criteria need to be met so the install will pass?

Thanks,
Andrew