--reconfigure-optional-components not helps. And  the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf not exists after setup. 

[root@engine ~]# rm /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf 


[root@engine ~]# engine-setup --reconfigure-optional-components
[ INFO  ] Stage: Initializing
[ INFO  ] Stage: Environment setup
          Configuration files: ['/etc/ovirt-engine-setup.conf.d/10-packaging-jboss.conf', '/etc/ovirt-engine-setup.conf.d/10-packaging.conf', '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf']
          Log file: /var/log/ovirt-engine/setup/ovirt-engine-setup-20191002131904-4iwth0.log
          Version: otopi-1.8.3 (otopi-1.8.3-1.el7)
[ INFO  ] Stage: Environment packages setup
[ INFO  ] Stage: Programs detection
[ INFO  ] Stage: Environment setup (late)
[ INFO  ] Stage: Environment customization

         

          --== PRODUCT OPTIONS ==--

         

          Set up Cinderlib integration
          (Currently in tech preview)
          (Yes, No) [No]: 
[ INFO  ] ovirt-provider-ovn already installed, skipping.

         

          --== PACKAGES ==--

         

[ INFO  ] Checking for product updates...
[ INFO  ] No product updates found

         

          --== NETWORK CONFIGURATION ==--

         

          Setup can automatically configure the firewall on this system.
          Note: automatic configuration of the firewall may overwrite current settings.
          NOTICE: iptables is deprecated and will be removed in future releases
          Do you want Setup to configure the firewall? (Yes, No) [Yes]: 
[ INFO  ] firewalld will be configured as firewall manager.

         

          --== DATABASE CONFIGURATION ==--

         

          The detected DWH database size is 111 MB.
          Setup can backup the existing database. The time and space required for the database backup depend on its size. This process takes time, and in some cases (for instance, when the size is few GBs) may take several hours to complete.
          If you choose to not back up the database, and Setup later fails for some reason, it will not be able to restore the database and all DWH data will be lost.
          Would you like to backup the existing database before upgrading it? (Yes, No) [Yes]: 
          Perform full vacuum on the oVirt engine history
          database ovirt_engine_history@localhost?
          This operation may take a while depending on this setup health and the
          configuration of the db vacuum process.
          See https://www.postgresql.org/docs/10/sql-vacuum.html
          (Yes, No) [No]: 

         

          --== OVIRT ENGINE CONFIGURATION ==--

         

          Perform full vacuum on the engine database engine@localhost?
          This operation may take a while depending on this setup health and the
          configuration of the db vacuum process.
          See https://www.postgresql.org/docs/10/sql-vacuum.html
          (Yes, No) [No]: 

         

          --== STORAGE CONFIGURATION ==--

         

         

          --== PKI CONFIGURATION ==--

         

[WARNING] Failed to read or parse '/etc/pki/ovirt-engine/keys/apache.p12'
          Perhaps it was changed since last Setup.
          Error was:
          Mac verify error: invalid password?

         

         

          --== APACHE CONFIGURATION ==--

         

         

          --== SYSTEM CONFIGURATION ==--

         

         

          --== MISC CONFIGURATION ==--

         

         

          --== END OF CONFIGURATION ==--

         

[ INFO  ] Stage: Setup validation
          During execution engine service will be stopped (OK, Cancel) [OK]: 
[ INFO  ] Hosted Engine HA is in Global Maintenance mode.
[WARNING] Less than 16384MB of memory is available
[ INFO  ] Cleaning stale zombie tasks and commands

         

          --== CONFIGURATION PREVIEW ==--

         

          Default SAN wipe after delete           : False
          Firewall manager                        : firewalld
          Update Firewall                         : True
          Host FQDN                               : engine.set.local
          Set up Cinderlib integration            : False
          Engine database secured connection      : False
          Engine database user name               : engine
          Engine database name                    : engine
          Engine database host                    : localhost
          Engine database port                    : 5432
          Engine database host name validation    : False
          Engine installation                     : True
          PKI organization                        : set.local
          Set up ovirt-provider-ovn               : True
          Configure WebSocket Proxy               : True
          DWH installation                        : True
          DWH database secured connection         : False
          DWH database host                       : localhost
          DWH database user name                  : ovirt_engine_history
          DWH database name                       : ovirt_engine_history
          Backup DWH database                     : True
          DWH database port                       : 5432
          DWH database host name validation       : False
          Configure Image I/O Proxy               : True
          Configure VMConsole Proxy               : True

         

          Please confirm installation settings (OK, Cancel) [OK]: 
[ INFO  ] Cleaning async tasks and compensations
[ INFO  ] Unlocking existing entities
[ INFO  ] Checking the Engine database consistency
[ INFO  ] Stage: Transaction setup
[ INFO  ] Stopping engine service
[ INFO  ] Stopping ovirt-fence-kdump-listener service
[ INFO  ] Stopping dwh service
[ INFO  ] Stopping Image I/O Proxy service
[ INFO  ] Stopping vmconsole-proxy service
[ INFO  ] Stopping websocket-proxy service
[ INFO  ] Stage: Misc configuration (early)
[ INFO  ] Stage: Package installation
[ INFO  ] Stage: Misc configuration
[ INFO  ] Upgrading CA
[ INFO  ] Updating /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf to use apache key and certificate
[ INFO  ] Backing up database localhost:ovirt_engine_history to '/var/lib/ovirt-engine-dwh/backups/dwh-20191002132135.4DV89M.dump'.
[ INFO  ] Creating/refreshing DWH database schema
[ INFO  ] Configuring Image I/O Proxy
[ INFO  ] Configuring WebSocket Proxy
[ INFO  ] Backing up database localhost:engine to '/var/lib/ovirt-engine/backups/engine-20191002132145.CzmG31.dump'.
[ INFO  ] Creating/refreshing Engine database schema
[ INFO  ] Creating/refreshing Engine 'internal' domain database schema
          Unregistering existing client registration info.
[ INFO  ] Generating post install configuration file '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf'
[ INFO  ] Stage: Transaction commit
[ INFO  ] Stage: Closing up
[ INFO  ] Starting engine service
[ INFO  ] Starting dwh service
[ INFO  ] Restarting ovirt-vmconsole proxy service

         

          --== SUMMARY ==--

         

[ INFO  ] Restarting httpd
          Web access is enabled at:
              http://engine.set.local:80/ovirt-engine
              https://engine.set.local:443/ovirt-engine
          Internal CA 98:A1:43:62:A6:0E:FE:4E:13:FA:0E:3F:F8:68:0C:62:01:31:16:BA
          SSH fingerprint: SHA256:NrIqDX9x7XrqE7CXpm/D9xpqnF9J162+42xiFiR5m1s
[WARNING] Less than 16384MB of memory is available

         

          --== END OF SUMMARY ==--

         

[ INFO  ] Stage: Clean up
          Log file is located at /var/log/ovirt-engine/setup/ovirt-engine-setup-20191002131904-4iwth0.log
[ INFO  ] Generating answer file '/var/lib/ovirt-engine/setup/answers/20191002132222-setup.conf'
[ INFO  ] Stage: Pre-termination
[ INFO  ] Stage: Termination
[ INFO  ] Execution of setup completed successfully


[root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log 
    error = stream.connect()
  File "/usr/lib64/python2.7/site-packages/ovs/stream.py", line 802, in connect
    self.socket.do_handshake()
  File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1716, in do_handshake
    self._raise_ssl_error(self._ssl, result)
  File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1456, in _raise_ssl_error
    _raise_current_error()
  File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
    raise exception_type(errors)
Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed’)]


[root@engine ~]# ls -la /etc/ovirt-provider-ovn/conf.d/
итого 4
drwxr-xr-x. 2 root root  20 окт  2 13:19 .
drwxr-xr-x. 3 root root  70 окт  2 01:14 ..
-rw-r--r--. 1 root root 194 май  9 14:44 README



2 окт. 2019 г., в 10:11, Dominik Holler <dholler@redhat.com> написал(а):



On Wed, Oct 2, 2019 at 12:13 AM Mail SET Inc. Group <mail@set-pro.net> wrote:
Few hours later i'm fixed SSL error, 

Would you share how you fixed the error?
This might also help to understand the next issue.

 
but get a new error

2019-10-02 01:02:38,369 root Starting server
2019-10-02 01:02:38,369 root Version: 1.2.22-1
2019-10-02 01:02:38,369 root Build date: 20190509114402
2019-10-02 01:02:38,369 root Githash: 38acbde
2019-10-02 01:02:46,471 root From: ::ffff:172.19.0.10:33644 Request: POST /v2.0/tokens
2019-10-02 01:02:46,471 root Request body:
{"auth": {"passwordCredentials": {"username": "admin@internal", "password": "<PASSWORD_HIDDEN>"}}}
2019-10-02 01:02:46,472 root Error during SSO authentication invalid_request : Missing parameter: 'client_secret'
Traceback (most recent call last):
  File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 138, in _handle_request
    method, path_parts, content
  File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, in handle_request
    return self.call_response_handler(handler, content, parameters)
  File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in call_response_handler
    return response_handler(content, parameters)
  File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line 69, in post_tokens
    if not auth.validate_token(token):
  File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 31, in validate_token
    return auth.core.plugin.validate_token(token)
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", line 36, in validate_token
    return self._is_user_name(token, _admin_user_name())
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", line 47, in _is_user_name
    timeout=AuthorizationByUserName._timeout())
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 131, in get_token_info
    timeout=timeout
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 55, in wrapper
    _check_for_error(response)
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 181, in _check_for_error
    result['error'], details))
Unauthorized: Error during SSO authentication invalid_request : Missing parameter: 'client_secret'




looks like the 
/etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
does not fit to engine's db.

Maybe most easy would be to move the current
/etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
away from /etc/ovirt-provider-ovn/conf.d/ and re-trigger the configuration by using the
parameter '--reconfigure-optional-components' of engine-setup.

Was the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf modified outside engine-setup?
 
1 окт. 2019 г., в 22:53, Mail SET Inc. Group <mail@set-pro.net> написал(а):

Hello!
Get problems with clean installation  4.3.6.6-1.el7 and OVN

When i try to test OVN get notification:
«Import provider certificate»
 Do you approve trusting self signed certificate subject CN=Certificate Authority, O=SET.LOCAL, SHA-1 fingerprint a9d9b91160bb306667a521e6f2c66037ddc437cb?

 When i’m press «Yes», see old problem:
Failed to communicate with the external provider, see log for additional details.

[root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log 
    timeout=self._timeout())
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, in create_token
    username, password, engine_url, ca_file, timeout)
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91, in _get_sso_token
    timeout=timeout
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, in wrapper
    response = func(*args, **kwargs)
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, in wrapper
    raise BadGateway(e)
BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)

[root@engine ~]# cat /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
# This file is automatically generated by engine-setup. Please do not edit manually
[OVN REMOTE]
ovn-remote=ssl:127.0.0.1:6641
[SSL]
https-enabled=true
ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem
ssl-cert-file=/etc/pki/ovirt-engine/certs/apache.cer
ssl-key-file=/etc/pki/ovirt-engine/keys/apache.key.nopass
[OVIRT]
ovirt-sso-client-id=ovirt-provider-ovn
ovirt-ca-file=/etc/pki/ovirt-engine/certs/engine.cer
ovirt-sso-client-secret=vy80-QmCNNv6wP7JFvN9GWhPmYvo0lBNl5J8hpiGRa4
[NETWORK]
port-security-enabled-default=True
[PROVIDER]
provider-host=engine.set.local

[root@engine ~]# python -c "import requests; \
print requests.get('https://engine.set.local', \
verify='/etc/pki/ovirt-engine/apache-ca.pem')"
<Response [200]>

What’s wrong ?

_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/IDUB3LOJHLRQVC2EFLSCN3MKYDEPZIRZ/