Hello,
We try to use ovirt-imageio-proxy to upload ISO image to a node. Some errors appear and the upload do not work./etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf
is :
[proxy]
# Listening port
port = 54323
# Listening addresses (empty for all)
host = infra-eple.ac-guadeloupe.fr
# Wrap incoming connections with SSL
use_ssl = true
# Key file for SSL connections
ssl_key_file =
/etc/pki/ovirt-engine/keys/apache.key.nopass
# Certificate file for SSL connections
ssl_cert_file = /etc/pki/ovirt-engine/certs/apache.cer
# Certificate file used when decoding signed token
engine_cert_file =
/etc/pki/ovirt-engine/certs/engine.cer
# CA certificate file used to verify signed token
engine_ca_cert_file = /etc/pki/ovirt-engine/ca.pem
# Verify the certificate used to decode the signed
token
verify_certificate = true
# Server shutdown request polling interval, in seconds
# poll_interval = 1.0
# Signed proxy ticket; false for plain-text JSON
# signed_proxy_ticket = true
# Allowed time drift between signed ticket issuer and
proxy
# host, considered when checking ticket validity
# allowed_skew_seconds = 0
# Seconds to wait while connecting to the
ovirt-imageio-daemon
# imaged_connection_timeout_sec = 10
# Seconds to wait while reading from the
ovirt-imageio-daemon
# imaged_read_timeout_sec = 30
To upload the
image ISO, we use the web portal, select the host's storage
Domains, select Disks and Upload --> Start.
When the upload starts, the message on the web page
is "Transferring via Brower" then after sometimes it changes to
"Paused by System".In the /var/log/ovirt-imageio-proxy/image-proxy.log
file we can read :
(Thread-6 ) INFO 2019-10-14 14:38:17,186
auth:197:auth2:(add_signed_ticket) Adding new ticket:
<Ticket id=u'e633a89d-4dd8-4155-85ef-0eb6375e4117',
transfer_id=u'11a1fb8b-22b7-4182-ac7f-b897830fffc3',
url=u'https://eple-rectorat-proto1.ac-guadeloupe.fr:54322'
timeout=35999.813010931015 at 0x7f793bc720d0>
So, it seems good, but in
/var/log/ovirt-engine/engine.log some errors are presents :
2019-10-14 14:41:13,279-04 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.GetImageTicketVDSCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-75)
[af987639-b3f7-4907-a11f-d2ffde5a6de8] START,
GetImageTicketVDSCommand(HostName = eple-rectorat-proto1,
GetImageTicketVDSCommandParameters:{hostId='56c658ea-148c-4a55-af65-e9c89ec1a984',
ticketId='e633a89d-4dd8-4155-85ef-0eb6375e4117',
timeout='null'}), log id: 728b11ad
2019-10-14 14:41:13,286-04 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.GetImageTicketVDSCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-75)
[af987639-b3f7-4907-a11f-d2ffde5a6de8] FINISH,
GetImageTicketVDSCommand, return:
org.ovirt.engine.core.common.businessentities.storage.ImageTicketInformation@8bc98ba3,
log id: 728b11ad
2019-10-14 14:41:15,136-04 INFO
[org.ovirt.engine.core.bll.storage.disk.image.TransferImageStatusCommand]
(default task-23) [98c1bb29-7c86-433c-b8f7-40cc4815b083]
Running command: TransferImageStatusCommand internal: false.
Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa
Type: SystemAction group CREATE_DISK with role type USER
2019-10-14 14:41:16,487-04 WARN
[org.ovirt.vdsm.jsonrpc.client.utils.retry.Retryable] (SSL
Stomp Reactor) [] Retry failed
2019-10-14 14:41:16,487-04 ERROR
[org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient]
(EE-ManagedThreadFactory-engineScheduled-Thread-89) []
Exception during connection
2019-10-14 14:41:16,487-04 ERROR
[org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring]
(EE-ManagedThreadFactory-engineScheduled-Thread-89) [] Unable
to RefreshCapabilities: ConnectException: Connection timeout
2019-10-14 14:41:16,487-04 ERROR
[org.ovirt.engine.core.vdsbroker.vdsbroker.GetCapabilitiesAsyncVDSCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-89) [] Command
'GetCapabilitiesAsyncVDSCommand(HostName = lgt-faustinfleret,
VdsIdAndVdsVDSCommandParametersBase:{hostId='8dfa9c9d-d7ac-4184-ae61-1c80fbbf487b',
vds='Host[lgt-faustinfleret,8dfa9c9d-d7ac-4184-ae61-1c80fbbf487b]'})'
execution failed: java.rmi.ConnectException: Connection
timeout
2019-10-14 14:41:16,488-04 INFO
[org.ovirt.engine.core.bll.storage.disk.image.TransferImageStatusCommand]
(default task-23) [bd47f950-d4f9-42d7-980a-7e99465079dd]
Running command: TransferImageStatusCommand internal: false.
Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa
Type: SystemAction group CREATE_DISK with role type USER
2019-10-14 14:41:16,489-04 INFO
[org.ovirt.engine.core.bll.storage.disk.image.ImageTransferUpdater]
(default task-23) [bd47f950-d4f9-42d7-980a-7e99465079dd]
Updating image transfer 11a1fb8b-22b7-4182-ac7f-b897830fffc3
(image def85ea0-5eb4-463f-83fb-afd788e77379) phase to Paused
by System (message: 'Sent 0MB')
2019-10-14 14:41:16,495-04 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-23) [bd47f950-d4f9-42d7-980a-7e99465079dd]
EVENT_ID: UPLOAD_IMAGE_NETWORK_ERROR(1,062), Unable to upload
image to disk def85ea0-5eb4-463f-83fb-afd788e77379 due to a
network error. Ensure that ovirt-imageio-proxy service is
installed and configured and that ovirt-engine's CA
certificate is registered as a trusted CA in the browser. The
certificate can be fetched from
https://infra-eple.ac-guadeloupe.fr/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA
The certificate seems to be correctely configured :
/etc/pki/ovirt-engine/keys/apache.key.nopass
: key of our certificate
/etc/pki/ovirt-engine/certs/apache.cer
: our certifcate validated by Digicert
/etc/pki/ovirt-engine/ca.pem
: the CA from fetched from
https://infra-eple.ac-guadeloupe.fr/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA
/etc/pki/ovirt-engine/certs/engine.cer
: the original file producted bye the ovirt engine
There is no network paquet going
out of the engine when the upload begins, the ovirt engine
seems to block before.
Where do you think I make a mistake ?
Sincerely,
Fabrice SOLER