On 08/21/2015 11:02 PM, Juan Hernández wrote:
On 08/21/2015 12:22 PM, Sahina Bose wrote:
On 08/21/2015 03:50 PM, Alon Bar-Lev wrote:
Interesting.
Please execute manually:
# /usr/share/ovirt-engine/bin/pki-enroll-openssh-cert.sh --name=rhsdev9.lab.eng.blr.redhat.com-ssh --host --id=rhsdev9.lab.eng.blr.redhat.com --principals=rhsdev9.lab.eng.blr.redhat.com --days=1825
It returns immediately with: [root@dhcp43-86 ~]# /usr/share/ovirt-engine/bin/pki-enroll-openssh-cert.sh --name=rhsdev9.lab.eng.blr.redhat.com-ssh --host --id=rhsdev9.lab.eng.blr.redhat.com --principals=rhsdev9.lab.eng.blr.redhat.com --days=1825 Signed host key /etc/pki/ovirt-engine/certs/rhsdev9.lab.eng.blr.redhat.com-ssh-cert.pub: id "rhsdev9.lab.eng.blr.redhat.com" serial 0 for rhsdev9.lab.eng.blr.redhat.com valid from 2015-08-21T02:51:27 to 2020-08-19T03:51:27
Check your SELinux log file. Most probably SELinux is blocking some access to the generated files, and then ssh-keygen is asking interactively, and thus blocking for ever.
Thanks, Juan. I do see some AVC denial errors, but am yet to try with SELinux disabled. Will do so and report back. /var/log/audit/audit.log:type=AVC msg=audit(1440108177.899:9542): avc: denied { open } for pid=11827 comm="ssh-keygen" path="/tmp/tmp.KlPjsec4X3" dev="dm-0" ino=102401913 scontext=system_u:system_r:ssh_keygen_t:s0 tcontext=system_u:object_r:init_tmp_t:s0 tclass=file ovirt 11827 11821 0 Aug21 ? 00:00:00 ssh-keygen -s /tmp/tmp.KlPjsec4X3 -I rhsdev9.lab.eng.blr.redhat.com -h -V -1h:+1825d -n rhsdev9.lab.eng.blr.redhat.com /etc/pki/ovirt-engine/certs/rhsdev9.lab.eng.blr.redhat.com-ssh.pub
let's see what happens.
----- Original Message -----
From: "Sahina Bose" <sabose@redhat.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "users" <users@ovirt.org> Sent: Friday, August 21, 2015 1:15:03 PM Subject: Re: [ovirt-users] Stuck at "Enrolling serial console certificate"
On 08/21/2015 02:58 PM, Alon Bar-Lev wrote:
the only thing I can think of is that your engine is out of random, so it waits for more to be able to generate a new key. please while this is happening, execute: "find /" or anything that will create some activity. if that's not helping, please send me "ps -efa" output so at least I see what is running. thanks! output of ps -efa
http://fpaste.org/257513/44015204/
----- Original Message -----
From: "Sahina Bose" <sabose@redhat.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "users" <users@ovirt.org> Sent: Friday, August 21, 2015 12:23:11 PM Subject: Re: [ovirt-users] Stuck at "Enrolling serial console certificate"
Attached engine.log and host-deploy.log
On 08/21/2015 02:29 PM, Alon Bar-Lev wrote: > Log would be nice. > > ----- Original Message ----- >> From: "Sahina Bose" <sabose@redhat.com> >> To: "users" <users@ovirt.org> >> Sent: Friday, August 21, 2015 11:27:56 AM >> Subject: [ovirt-users] Stuck at "Enrolling serial console certificate" >> >> Hi all, >> >> While installing a host to ovirt-3.6 engine, the host installation is >> stuck at "Enrolling serial console certificate" >> >> I installed the engine from ovirt-release36, and answered No to setting >> up WebConsole-proxy as well as VM Console proxy on the engine. >> >> Does anyone know how to debug this? >> >> thanks >> sahina >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >>
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users