progress. Restored pki files from backup. Still had to reset AdminPassword. Able to login to the gui. All hosts are "unresponsive". The SPM host is just totally locked (but fine from it's console - idle).
Tried to reinstall one of the hosts and got a new error message:
Error:
vmhost5:
- size must be between 0 and 50
On Wed, Feb 6, 2013 at 9:42 AM, Juan Hernandez <jhernand@redhat.com> wrote:
On 02/06/2013 03:32 PM, Jim Kinney wrote:If you don't have the pki folder you have two problems. First is that some data in the database is encrypted, namely the AdminPassword. That you can solve with "engine-config -s AdminPassword=interactive". Second is the certificates of the hosts, the easy way to solve that is to re-install them (from the ovirt-engine GUI, no need to re-install the operating system) that will generate new certificates.
The pki folder is likely to be a problem but the backups folder is
populated. Is there a way to remove client certs from hosts to restore
access with a host add process?
<mailto:jhernand@redhat.com>> wrote:
On 02/06/2013 03:02 PM, Jim Kinney wrote:
as things stand now:
I manually reinstalled 3.1, then dropped the engine database and
restored from the backup. There were some errors at the end.
Even though
I used all the same passwords, the admin@internal account was not
working. Used engine-config -s LocalAdminPassword='*****' to
fix. On log
in, everything is down, offline, unreachable. No hosts can be
contacted.
No storage is connected. Can't add a new host.
crud.
I copied the database backup and removed all the db creation part
leaving just the data "copy into..." section (that was fun). Ran
engine-cleanup then engine-setup then tried to restore just the
data.
no joy there either.
The system is CentOS 6.3 as are the hosts. This ran wonderfully
until I
goofed trying to get the cli and sdk updated. Without the database
working, I have no way to know what vm is what in the ISCSI LVM
storage
system to even export to another platform.
So I'm assuming my next step is panic (or total reinstall from bare
iron?). I'm setting this up at work and today is my last day as I'm
moving to a new job at a totally different organization. I'd hate to
walk out and lose all the windows VMs and templates that were
built over
the last 2 months.
Do you still have the original backup of the database and the
contents of the original /etc/pki/ovirt-engine directory? With those
two things it is possible to recover.
I would suggest the following procedure:
1. Make a clean installation of 3.1, exactly the same version that
you had before trying to update (make a backup of the database and
of the /etc/pki/ovirt-engine directory before, just in case). During
this installation use the answers that you used during the initial
installation (specially the passwords).
2. Stop the engine, then drop and recover the database as you
already did.
3. Restore the contents of the /etc/pki/ovirt-engine directory.
4. Start the engine.
You should be able to log in with the same credentials that you used
in the original installation.
On Wed, Feb 6, 2013 at 8:43 AM, Jim Kinney <jim.kinney@gmail.com
<mailto:jim.kinney@gmail.com><mailto:jim.kinney@gmail.com <mailto:jim.kinney@gmail.com>>> wrote:engineencryptutils.__EncryptionUtils] (MSC service thread
added 3.2 lines to dre ovirt yum repo (and disabled 3.1 -
probably
not good) and did engine-upgrade.
Process choked at opening the CA cert and proceeded to
"rollback".
Didn't actually roll back as 3.1 repo was disabled.
System still has 3.2 installed. Did yum update to pull in the
cli/sdk 3.2 (wish I had done that first!).
Engine starts but fails to open CA to run gui. found
following in log:
2013-02-05 14:02:40,825 ERROR [org.ovirt.engine.core.
1-16) Can't
load keystore from file "/etc/pki/ovirt-engine/.__keystore".[org.ovirt.engine.core.__engineencryptutils.__EncryptionUtils] (MSC
IOException: DerInputStream.getLength(): lengthTag=109, too
big.
2013-02-05 14:02:40,826 ERROR
[org.ovirt.engine.core.dal.__dbbroker.generic.__DBConfigUtils] (MSC
service thread 1-16) Failed to decrypt java.io.IOException:
DerInputStream.getLength(): lengthTag=109, too big.
2013-02-05 14:02:40,827 ERROR
[org.ovirt.engine.core.utils.__ConfigUtilsBase] (MSC
service thread 1-16) Failed to decrypt value for property
TruststorePass will be used encrypted value
2013-02-05 14:02:40,829 WARN[org.ovirt.engine.core.__engineencryptutils.__EncryptionUtils] (MSC
service thread
1-16) Could not find enum value for option: CertificatePassword
2013-02-05 14:02:40,830 ERROR
"/etc/pki/ovirt-engine/.__keystore". IOException:
service thread 1-16) Can't load keystore from file[org.ovirt.engine.core.__engineencryptutils.__EncryptionUtils] (MSC
DerInputStream.getLength(): lengthTag=109, too big.
2013-02-05 14:02:40,830 ERROR
[org.ovirt.engine.core.dal.__dbbroker.generic.__DBConfigUtils] (MSC
service thread 1-16) Failed to decrypt java.io.IOException:
DerInputStream.getLength(): lengthTag=109, too big.
2013-02-05 14:02:40,831 ERROR
[org.ovirt.engine.core.__engineencryptutils.__EncryptionUtils] (MSC
service thread 1-16) Failed to decrypt value for property
LocalAdminPassword will be used encrypted value
2013-02-05 14:02:40,833 ERROR
"/etc/pki/ovirt-engine/.__keystore". IOException:
service thread 1-16) Can't load keystore from file[org.ovirt.engine.core.__engineencryptutils.__EncryptionUtils] (MSC
DerInputStream.getLength(): lengthTag=109, too big.
2013-02-05 14:02:40,834 ERROR
service thread 1-16) Failed to decrypt java.io.IOException:
DerInputStream.getLength(): lengthTag=109, too big.
On Tue, Feb 5, 2013 at 6:11 AM, Michael Pasternak
<mpastern@redhat.com <mailto:mpastern@redhat.com>> http://heretothereideas.__blogspot.com/<mailto:mpastern@redhat.com <mailto:mpastern@redhat.com>>> wrote:
Hi Jim,
On 02/04/2013 08:33 PM, Jim Kinney wrote:
> I'm trying to setup a way to restart a large group
of windows
vms on a schedule. I'm getting a connection failure
that seems
related to the use of https but I'm not sure.
>
> error: __init__() got an unexpected keyword argument
'source_address'
This error is caused by running ovirt-sdk on a older
version of
python (less then python27),
please upgrade your sdk/cli with one shipped in 3.2 (it's
backward compatible to 3.1).
>
> I ran:
> ovirt-shell -A <path to server cert/certfile
exported from
browser> -c
>
> and my .ovirtshellrc is:
>
> [ovirt-shell]
> username = "admin@internal"
> url = https://my.internal.url/api
> #insecure = False
> #filter = False
> #timeout = -1
> password = **********************
>
>
> I tried putting the ca_cert = <path to cert> but
that clearly
was not allowed in .ovirtshellrc
not related, but supported in 3.2 cli.
>
> ideas?
> --
> --
> James P. Kinney III
> ////
> ////Every time you stop a school, you will have to
build a
jail. What you gain at one end you lose at the other.
It's like
feeding a dog on his own tail. It won't fatten
> the dog.
> - Speech 11/23/1900 Mark Twain
> ////
> http://electjimkinney.org
<http://heretothereideas.blogspot.com/>
> ////
>
>
>
> _________________________________________________ <mailto:Users@ovirt.org <mailto:Users@ovirt.org>>
> http://lists.ovirt.org/__mailman/listinfo/usershttp://heretothereideas.__blogspot.com/
<http://lists.ovirt.org/mailman/listinfo/users>
--
Michael Pasternak
RedHat, ENG-Virtualization R&D
--
--
James P. Kinney III
////
////Every time you stop a school, you will have to build a
jail.
What you gain at one end you lose at the other. It's like
feeding a
dog on his own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
////
http://electjimkinney.orghttp://heretothereideas.__blogspot.com/
<http://heretothereideas.blogspot.com/>
////
--
--
James P. Kinney III
////
////Every time you stop a school, you will have to build a jail.
What
you gain at one end you lose at the other. It's like feeding a
dog on
his own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
////
http://electjimkinney.org
<http://heretothereideas.blogspot.com/>
////
_________________________________________________ http://lists.ovirt.org/__mailman/listinfo/users
<http://lists.ovirt.org/mailman/listinfo/users>
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3,
planta 3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat
S.L.
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
--
--
James P. Kinney III
Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
http://electjimkinney.org
http://heretothereideas.blogspot.com/