The issue is the "Drop vdsm config statements" task from
/usr/share/ansible/roles/ovirt.hosted_engine_setup/tasks/initial_clean.yml
I'm not sure how those config statements got there in the first place...
maybe a scriptlet from a vdsm rpm install? Either way, the task removes the
following section from the bottom of /etc/libvirt/libvirtd.conf, causing it
to look for the default ca_file, /etc/pki/CA/cacert.pem.
## beginning of configuration section by vdsm-4.40.0
auth_unix_rw="sasl"
ca_file="/etc/pki/vdsm/certs/cacert.pem"
cert_file="/etc/pki/vdsm/certs/vdsmcert.pem"
host_uuid="9def7285-9ed9-4a94-8a7d-ed1f05a9a224"
keepalive_interval=-1
key_file="/etc/pki/vdsm/keys/vdsmkey.pem"
## end of configuration section by vdsm-4.40.0
If I re-add this section to my bootstrap node's libvirtd.conf, I can start
the libvirtd service again. I'll try to comment out the "Drop vdsm config
statements" task from the playbook and see if I can proceed.
On Fri, May 22, 2020 at 11:59 AM Stephen Panicho <s.panicho(a)gmail.com>
wrote:
Hey Marcin. There aren't any logs for those services as they
haven't been
started yet. This failure happens very early in the deploy, just after the
page where you configure the engine VM settings.
Unfortunately, I can't try a redeploy on the same node because libvirtd is
now in a bad state and can't come up at all. I now get the following error
once we get past the Gluster Wizard and move on the the Hosted Engine
Deploy:
"libvirt is not running! Please ensure it is running before starting the
wizard, so system capabilities can be queried."
I'll sift through the ansible to see what it changed and report back. But
I'd still like to get past this /etc/pki/CA/cacert.pem issue.
On Fri, May 22, 2020 at 4:45 AM Marcin Sobczyk <msobczyk(a)redhat.com>
wrote:
> Hi,
>
> On 5/22/20 7:06 AM, Stephen Panicho wrote:
>
> Hi all! I'm using Cockpit to perform an HCI install, and it fails at the
> hosted engine deploy. Libvirtd can't restart because of a missing
> /etc/pki/CA/cacert.pem file.
>
> The log (tasks seemingly from
> /usr/share/ansible/roles/ovirt.hosted_engine_setup/tasks/initial_clean.yml):
> [ INFO ] TASK [ovirt.hosted_engine_setup : Stop libvirt service]
> [ INFO ] changed: [localhost]
> [ INFO ] TASK [ovirt.hosted_engine_setup : Drop vdsm config statements]
> [ INFO ] changed: [localhost]
> [ INFO ] TASK [ovirt.hosted_engine_setup : Restore initial abrt config
> files]
> [ INFO ] changed: [localhost]
> [ INFO ] TASK [ovirt.hosted_engine_setup : Restart abrtd service]
> [ INFO ] changed: [localhost]
> [ INFO ] TASK [ovirt.hosted_engine_setup : Drop libvirt sasl2
> configuration by vdsm]
> [ INFO ] changed: [localhost]
> [ INFO ] TASK [ovirt.hosted_engine_setup : Stop and disable services]
> [ INFO ] ok: [localhost]
> [ INFO ] TASK [ovirt.hosted_engine_setup : Restore initial libvirt
> default network configuration]
> [ INFO ] changed: [localhost]
> [ INFO ] TASK [ovirt.hosted_engine_setup : Start libvirt]
> [ ERROR ] fatal: [localhost]: FAILED! => {"changed": false,
"msg":
> "Unable to start service libvirtd: Job for libvirtd.service failed because
> the control process exited with error code.\nSee \"systemctl status
> libvirtd.service\" and \"journalctl -xe\" for details.\n"}
>
> journalctl -u libvirtd:
> May 22 04:33:25 node1 libvirtd[26392]: libvirt version: 5.6.0, package:
> 10.el8 (CBS <cbs(a)centos.org>, 2020-02-27-01:09:46, )
> May 22 04:33:25 node1 libvirtd[26392]: hostname: node1
> May 22 04:33:25 node1 libvirtd[26392]: Cannot read CA certificate
> '/etc/pki/CA/cacert.pem': No such file or directory
> May 22 04:33:25 node1 systemd[1]: libvirtd.service: Main process exited,
> code=exited, status=6/NOTCONFIGURED
> May 22 04:33:25 node1 systemd[1]: libvirtd.service: Failed with result
> 'exit-code'.
> May 22 04:33:25 node1 systemd[1]: Failed to start Virtualization daemon.
>
> Can you please share journalctl logs for vdsmd and supervdsmd?
>
> Regards, Marcin
>
>
> From a fresh CentOS 8.1 minimal install, I've installed the following:
> - The 4.4 repo
> - cockpit
> - ovirt-cockpit-dashboard
> - vdsm-gluster (providing glusterfs-server and allowing the Gluster
> Wizard to complete)
> - gluster-ansible-roles (only on the bootstrap host)
>
> I'm not exactly sure what that initial bit of the playbook does.
> Comparing the bootstrap node with another that has yet to be touched, both
> /etc/libvirt/libvirtd.conf and /etc/sysconfig/libvirtd are the same on both
> hosts. Yet the bootstrap host can no longer start libvirtd while the other
> host can. Neither host has the /etc/pki/CA/cacert.pem file.
>
> Please let me know if I can provide any more information. Thanks!
>
> _______________________________________________
> Users mailing list -- users(a)ovirt.org
> To unsubscribe send an email to users-leave(a)ovirt.org
> Privacy Statement:
https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XNW4HWUQUTN...
>
>
>