Hello, We try to use ovirt-imageio-proxy to upload ISO image to a node. Some errors appear and the upload do not work. We use ovirt-engine 4.3.6 and our engine is configured to use a SSL/TLS certificate validated by Digicert (documented in https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL.html ) Our configuration file |/etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf is :| |/[proxy]// //# Listening port// //port = 54323// // //# Listening addresses (empty for all)// //host = infra-eple.ac-guadeloupe.fr// // //# Wrap incoming connections with SSL// //use_ssl = true// // //# Key file for SSL connections// //ssl_key_file = /etc/pki/ovirt-engine/keys/apache.key.nopass// // //# Certificate file for SSL connections// //ssl_cert_file = /etc/pki/ovirt-engine/certs/apache.cer// // //# Certificate file used when decoding signed token// //engine_cert_file = /etc/pki/ovirt-engine/certs/engine.cer// // //# CA certificate file used to verify signed token// //engine_ca_cert_file = /etc/pki/ovirt-engine/ca.pem// // //# Verify the certificate used to decode the signed token// //verify_certificate = true// // //# Server shutdown request polling interval, in seconds// //# poll_interval = 1.0// // //# Signed proxy ticket; false for plain-text JSON// //# signed_proxy_ticket = true// // //# Allowed time drift between signed ticket issuer and proxy// //# host, considered when checking ticket validity// //# allowed_skew_seconds = 0// // //# Seconds to wait while connecting to the ovirt-imageio-daemon// //# imaged_connection_timeout_sec = 10// // //# Seconds to wait while reading from the ovirt-imageio-daemon// //# imaged_read_timeout_sec = 30/ | | | *|To upload the image ISO, we use the web portal, select the host's storage Domains, select Disks and Upload|**|--> Start.|**||**| |** **|When the upload||starts, the message on the web page is "Transferring via Brower" then after sometimes it changes to "Paused by System".|** *|*In the /var/log/ovirt-imageio-proxy/image-proxy.log file we can read :* | /|(Thread-6 ) INFO 2019-10-14 14:38:17,186 auth:197:auth2:(add_signed_ticket) Adding new ticket: <Ticket id=u'e633a89d-4dd8-4155-85ef-0eb6375e4117', transfer_id=u'11a1fb8b-22b7-4182-ac7f-b897830fffc3', url=u'https://eple-rectorat-proto1.ac-guadeloupe.fr:54322' timeout=35999.813010931015 at 0x7f793bc720d0>|/ *|So, it seems good, but in /var/log/ovirt-engine/engine.log some errors are presents :|* /|2019-10-14 14:41:13,279-04 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.GetImageTicketVDSCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-75) [af987639-b3f7-4907-a11f-d2ffde5a6de8] START, GetImageTicketVDSCommand(HostName = eple-rectorat-proto1, GetImageTicketVDSCommandParameters:{hostId='56c658ea-148c-4a55-af65-e9c89ec1a984', ticketId='e633a89d-4dd8-4155-85ef-0eb6375e4117', timeout='null'}), log id: 728b11ad 2019-10-14 14:41:13,286-04 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.GetImageTicketVDSCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-75) [af987639-b3f7-4907-a11f-d2ffde5a6de8] FINISH, GetImageTicketVDSCommand, return: org.ovirt.engine.core.common.businessentities.storage.ImageTicketInformation@8bc98ba3, log id: 728b11ad 2019-10-14 14:41:15,136-04 INFO [org.ovirt.engine.core.bll.storage.disk.image.TransferImageStatusCommand] (default task-23) [98c1bb29-7c86-433c-b8f7-40cc4815b083] Running command: TransferImageStatusCommand internal: false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group CREATE_DISK with role type USER 2019-10-14 14:41:16,487-04 WARN [org.ovirt.vdsm.jsonrpc.client.utils.retry.Retryable] (SSL Stomp Reactor) [] Retry failed 2019-10-14 14:41:16,487-04 ERROR [org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (EE-ManagedThreadFactory-engineScheduled-Thread-89) [] Exception during connection 2019-10-14 14:41:16,487-04 ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (EE-ManagedThreadFactory-engineScheduled-Thread-89) [] Unable to RefreshCapabilities: ConnectException: Connection timeout 2019-10-14 14:41:16,487-04 ERROR [org.ovirt.engine.core.vdsbroker.vdsbroker.GetCapabilitiesAsyncVDSCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-89) [] Command 'GetCapabilitiesAsyncVDSCommand(HostName = lgt-faustinfleret, VdsIdAndVdsVDSCommandParametersBase:{hostId='8dfa9c9d-d7ac-4184-ae61-1c80fbbf487b', vds='Host[lgt-faustinfleret,8dfa9c9d-d7ac-4184-ae61-1c80fbbf487b]'})' execution failed: java.rmi.ConnectException: Connection timeout 2019-10-14 14:41:16,488-04 INFO [org.ovirt.engine.core.bll.storage.disk.image.TransferImageStatusCommand] (default task-23) [bd47f950-d4f9-42d7-980a-7e99465079dd] Running command: TransferImageStatusCommand internal: false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group CREATE_DISK with role type USER 2019-10-14 14:41:16,489-04 INFO [org.ovirt.engine.core.bll.storage.disk.image.ImageTransferUpdater] (default task-23) [bd47f950-d4f9-42d7-980a-7e99465079dd] Updating image transfer 11a1fb8b-22b7-4182-ac7f-b897830fffc3 (image def85ea0-5eb4-463f-83fb-afd788e77379) phase to Paused by System (message: 'Sent 0MB') 2019-10-14 14:41:16,495-04 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-23) [bd47f950-d4f9-42d7-980a-7e99465079dd] EVENT_ID: UPLOAD_IMAGE_NETWORK_ERROR(1,062), Unable to upload image to disk def85ea0-5eb4-463f-83fb-afd788e77379 due to a network error. Ensure that ovirt-imageio-proxy service is installed and configured and that ovirt-engine's CA certificate is registered as a trusted CA in the browser. The certificate can be fetched from https://infra-eple.ac-guadeloupe.fr/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA |/ /| |/ *|The certificate seems to be correctely configured :|* |//etc/pki/ovirt-engine/keys/apache.key.nopass : key of our certificate/| |||//etc/pki/ovirt-engine/certs/apache.cer : our certifcate validated by Digicert/| |||//etc/pki/ovirt-engine/ca.pem : the CA from /|/|fetched from https://infra-eple.ac-guadeloupe.fr/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA|/ ||/||/ ||//etc/pki/ovirt-engine/certs/engine.cer : the original file producted bye the ovirt engine/|| ||/There is no network paquet going out of the engine when the upload begins, the ovirt engine seems to block before. /|| ||/ /|| *||/Where do you think I make a mistake ?/||* *||/ /||* *||/Sincerely,/||* ||*/Fabrice SOLER/*/ /|| --
