[root@engine ~]# rm /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf

[root@engine ~]# engine-setup --reconfigure-optional-components

[ INFO ] Stage: Initializing

[ INFO ] Stage: Environment setup

Configuration files: ['/etc/ovirt-engine-setup.conf.d/10-packaging-jboss.conf', '/etc/ovirt-engine-setup.conf.d/10-packaging.conf', '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf']

Log file: /var/log/ovirt-engine/setup/ovirt-engine-setup-20191002131904-4iwth0.log

Version: otopi-1.8.3 (otopi-1.8.3-1.el7)

[ INFO ] Stage: Environment packages setup

[ INFO ] Stage: Programs detection

[ INFO ] Stage: Environment setup (late)

[ INFO ] Stage: Environment customization

--== PRODUCT OPTIONS ==--

Set up Cinderlib integration

(Currently in tech preview)

(Yes, No) [No]:

[ INFO ] ovirt-provider-ovn already installed, skipping.

--== PACKAGES ==--

[ INFO ] Checking for product updates...

[ INFO ] No product updates found

--== NETWORK CONFIGURATION ==--

Setup can automatically configure the firewall on this system.

Note: automatic configuration of the firewall may overwrite current settings.

NOTICE: iptables is deprecated and will be removed in future releases

Do you want Setup to configure the firewall? (Yes, No) [Yes]:

[ INFO ] firewalld will be configured as firewall manager.

--== DATABASE CONFIGURATION ==--

The detected DWH database size is 111 MB.

Setup can backup the existing database. The time and space required for the database backup depend on its size. This process takes time, and in some cases (for instance, when the size is few GBs) may take several hours to complete.

If you choose to not back up the database, and Setup later fails for some reason, it will not be able to restore the database and all DWH data will be lost.

Would you like to backup the existing database before upgrading it? (Yes, No) [Yes]:

Perform full vacuum on the oVirt engine history

database ovirt_engine_history@localhost?

This operation may take a while depending on this setup health and the

configuration of the db vacuum process.

See https://www.postgresql.org/docs/10/sql-vacuum.html

(Yes, No) [No]:

--== OVIRT ENGINE CONFIGURATION ==--

Perform full vacuum on the engine database engine@localhost?

This operation may take a while depending on this setup health and the

configuration of the db vacuum process.

See https://www.postgresql.org/docs/10/sql-vacuum.html

(Yes, No) [No]:

--== STORAGE CONFIGURATION ==--

--== PKI CONFIGURATION ==--

[WARNING] Failed to read or parse '/etc/pki/ovirt-engine/keys/apache.p12'

Perhaps it was changed since last Setup.

Error was:

Mac verify error: invalid password?

--== APACHE CONFIGURATION ==--

--== SYSTEM CONFIGURATION ==--

--== MISC CONFIGURATION ==--

--== END OF CONFIGURATION ==--

[ INFO ] Stage: Setup validation

During execution engine service will be stopped (OK, Cancel) [OK]:

[ INFO ] Hosted Engine HA is in Global Maintenance mode.

[WARNING] Less than 16384MB of memory is available

[ INFO ] Cleaning stale zombie tasks and commands

--== CONFIGURATION PREVIEW ==--

Default SAN wipe after delete : False

Firewall manager : firewalld

Update Firewall : True

Host FQDN : engine.set.local

Set up Cinderlib integration : False

Engine database secured connection : False

Engine database user name : engine

Engine database name : engine

Engine database host : localhost

Engine database port : 5432

Engine database host name validation : False

Engine installation : True

PKI organization : set.local

Set up ovirt-provider-ovn : True

Configure WebSocket Proxy : True

DWH installation : True

DWH database secured connection : False

DWH database host : localhost

DWH database user name : ovirt_engine_history

DWH database name : ovirt_engine_history

Backup DWH database : True

DWH database port : 5432

DWH database host name validation : False

Configure Image I/O Proxy : True

Configure VMConsole Proxy : True

Please confirm installation settings (OK, Cancel) [OK]:

[ INFO ] Cleaning async tasks and compensations

[ INFO ] Unlocking existing entities

[ INFO ] Checking the Engine database consistency

[ INFO ] Stage: Transaction setup

[ INFO ] Stopping engine service

[ INFO ] Stopping ovirt-fence-kdump-listener service

[ INFO ] Stopping dwh service

[ INFO ] Stopping Image I/O Proxy service

[ INFO ] Stopping vmconsole-proxy service

[ INFO ] Stopping websocket-proxy service

[ INFO ] Stage: Misc configuration (early)

[ INFO ] Stage: Package installation

[ INFO ] Stage: Misc configuration

[ INFO ] Upgrading CA

[ INFO ] Updating /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf to use apache key and certificate

[ INFO ] Backing up database localhost:ovirt_engine_history to '/var/lib/ovirt-engine-dwh/backups/dwh-20191002132135.4DV89M.dump'.

[ INFO ] Creating/refreshing DWH database schema

[ INFO ] Configuring Image I/O Proxy

[ INFO ] Configuring WebSocket Proxy

[ INFO ] Backing up database localhost:engine to '/var/lib/ovirt-engine/backups/engine-20191002132145.CzmG31.dump'.

[ INFO ] Creating/refreshing Engine database schema

[ INFO ] Creating/refreshing Engine 'internal' domain database schema

Unregistering existing client registration info.

[ INFO ] Generating post install configuration file '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf'

[ INFO ] Stage: Transaction commit

[ INFO ] Stage: Closing up

[ INFO ] Starting engine service

[ INFO ] Starting dwh service

[ INFO ] Restarting ovirt-vmconsole proxy service

--== SUMMARY ==--

[ INFO ] Restarting httpd

Web access is enabled at:

http://engine.set.local:80/ovirt-engine

https://engine.set.local:443/ovirt-engine

Internal CA 98:A1:43:62:A6:0E:FE:4E:13:FA:0E:3F:F8:68:0C:62:01:31:16:BA

SSH fingerprint: SHA256:NrIqDX9x7XrqE7CXpm/D9xpqnF9J162+42xiFiR5m1s

[WARNING] Less than 16384MB of memory is available

--== END OF SUMMARY ==--

[ INFO ] Stage: Clean up

Log file is located at /var/log/ovirt-engine/setup/ovirt-engine-setup-20191002131904-4iwth0.log

[ INFO ] Generating answer file '/var/lib/ovirt-engine/setup/answers/20191002132222-setup.conf'

[ INFO ] Stage: Pre-termination

[ INFO ] Stage: Termination

[ INFO ] Execution of setup completed successfully

[root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log

error = stream.connect()

File "/usr/lib64/python2.7/site-packages/ovs/stream.py", line 802, in connect

self.socket.do_handshake()

File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1716, in do_handshake

self._raise_ssl_error(self._ssl, result)

File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1456, in _raise_ssl_error

_raise_current_error()

File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue

raise exception_type(errors)

Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed’)]

2 окт. 2019 г., в 10:11, Dominik Holler <dholler@redhat.com> написал(а):

On Wed, Oct 2, 2019 at 12:13 AM Mail SET Inc. Group <mail@set-pro.net> wrote:
Few hours later i'm fixed SSL error,

Would you share how you fixed the error?
This might also help to understand the next issue.

but get a new error

2019-10-02 01:02:38,369 root Starting server
2019-10-02 01:02:38,369 root Version: 1.2.22-1
2019-10-02 01:02:38,369 root Build date: 20190509114402
2019-10-02 01:02:38,369 root Githash: 38acbde
2019-10-02 01:02:46,471 root From: ::ffff:172.19.0.10:33644 Request: POST /v2.0/tokens
2019-10-02 01:02:46,471 root Request body:
{"auth": {"passwordCredentials": {"username": "admin@internal", "password": "<PASSWORD_HIDDEN>"}}}
2019-10-02 01:02:46,472 root Error during SSO authentication invalid_request : Missing parameter: 'client_secret'
Traceback (most recent call last):
  File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 138, in _handle_request
  method, path_parts, content
  File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, in handle_request
  return self.call_response_handler(handler, content, parameters)
  File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in call_response_handler
  return response_handler(content, parameters)
  File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line 69, in post_tokens
  if not auth.validate_token(token):
  File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 31, in validate_token
  return auth.core.plugin.validate_token(token)
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", line 36, in validate_token
  return self._is_user_name(token, _admin_user_name())
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", line 47, in _is_user_name
  timeout=AuthorizationByUserName._timeout())
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 131, in get_token_info
  timeout=timeout
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 55, in wrapper
  _check_for_error(response)
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 181, in _check_for_error
  result['error'], details))
Unauthorized: Error during SSO authentication invalid_request : Missing parameter: 'client_secret'

looks like the
/etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
does not fit to engine's db.

Maybe most easy would be to move the current
/etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
away from /etc/ovirt-provider-ovn/conf.d/ and re-trigger the configuration by using the
parameter '--reconfigure-optional-components' of engine-setup.

Was the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf modified outside engine-setup?

1 окт. 2019 г., в 22:53, Mail SET Inc. Group <mail@set-pro.net> написал(а):

Hello!
Get problems with clean installation  4.3.6.6-1.el7 and OVN

When i try to test OVN get notification:
«Import provider certificate»
Do you approve trusting self signed certificate subject CN=Certificate Authority, O=SET.LOCAL, SHA-1 fingerprint a9d9b91160bb306667a521e6f2c66037ddc437cb?

When i’m press «Yes», see old problem:
Failed to communicate with the external provider, see log for additional details.

[root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log
  timeout=self._timeout())
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, in create_token
  username, password, engine_url, ca_file, timeout)
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91, in _get_sso_token
  timeout=timeout
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, in wrapper
  response = func(*args, **kwargs)
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, in wrapper
  raise BadGateway(e)
BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)

[root@engine ~]# cat /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
# This file is automatically generated by engine-setup. Please do not edit manually
[OVN REMOTE]
ovn-remote=ssl:127.0.0.1:6641
[SSL]
https-enabled=true
ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem
ssl-cert-file=/etc/pki/ovirt-engine/certs/apache.cer
ssl-key-file=/etc/pki/ovirt-engine/keys/apache.key.nopass
[OVIRT]
ovirt-sso-client-id=ovirt-provider-ovn
ovirt-ca-file=/etc/pki/ovirt-engine/certs/engine.cer
ovirt-host=https://engine.set.local:443/ovirt-engine/
ovirt-sso-client-secret=vy80-QmCNNv6wP7JFvN9GWhPmYvo0lBNl5J8hpiGRa4
[NETWORK]
port-security-enabled-default=True
[PROVIDER]
provider-host=engine.set.local

[root@engine ~]# python -c "import requests; \
print requests.get('https://engine.set.local', \
verify='/etc/pki/ovirt-engine/apache-ca.pem')"
<Response [200]>

What’s wrong ?

_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/IDUB3LOJHLRQVC2EFLSCN3MKYDEPZIRZ/