On Fri, Feb 1, 2019 at 10:18 PM Dominik Holler <dholler@redhat.com> wrote:
On Fri, 1 Feb 2019 14:37:10 +0100 Gianluca Cecchi <gianluca.cecchi@gmail.com> wrote:
Hello, at this moment (about two days ago) I have updated only engine (external, not self hosted) from 4.2.7.5 to 4.2.8.2
As soon as I'm starting for the first time a VM with an ovn based nic I get what below in ovirt-provider-ovn.log
In admin gui, if I try for example to start via "run once" I get: " Error while executing action Run VM once: Failed to communicate with the external provider, see log for additional details. " Any clue?
The ovirt-provider-ovn fails during checking the credentials at engine's sso because of a networking problem.
That would be odd - after all we're using the loopback interface From: ::ffff:127.0.0.1:49582 Request: GET /v2.0/ports but please try the url.
Can you please check if the url of the config value ovirt-host in /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf can be reached from engine's host? If this does not explain the problem, can you please increase the logging of the ovirt-provider-ovn by sudo sed -i.$(date +%F-%H-%M) 's/INFO/DEBUG/gi' /etc/ovirt-provider-ovn/logger.conf systemctl restart ovirt-provider-ovn and share a new detailed error in ovirt-provider-ovn.log? Thanks.
Dominik, could it possibly be related to our hardening TLS ciphers? If it is, setting (an insecure) ssl-ciphers-string=DEFAULT in /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf would help.
Thanks, Gianluca
2019-01-29 17:23:20,554 root Starting server 2019-01-29 17:23:20,554 root Version: 1.2.18-1 2019-01-29 17:23:20,555 root Build date: 20190114151850 2019-01-29 17:23:20,555 root Githash: dae4c1d 2019-01-29 18:04:15,575 root Starting server 2019-01-29 18:04:15,576 root Version: 1.2.18-1 2019-01-29 18:04:15,576 root Build date: 20190114151850 2019-01-29 18:04:15,576 root Githash: dae4c1d 2019-02-01 14:26:58,316 root From: ::ffff:127.0.0.1:49582 Request: GET /v2.0/ports 2019-02-01 14:26:58,317 root HTTPSConnectionPool(host='engine-host', port=443): Max retries exceeded with url: /ovirt-engine/sso/oauth/token-info (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fe806166b90>: Failed to establish a new connection: [Errno -2] 0x7fe806166b90>Name or service not known',)) Traceback (most recent call last): File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 134, in _handle_request method, path_parts, content File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, in handle_request return self.call_response_handler(handler, content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/neutron.py", line 33, in call_response_handler TOKEN_HTTP_HEADER_FIELD_NAME, '')): File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 31, in validate_token return auth.core.plugin.validate_token(token) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", line 36, in validate_token return self._is_user_name(token, _admin_user_name()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", line 47, in _is_user_name timeout=AuthorizationByUserName._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 131, in get_token_info timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, in wrapper response = func(*args, **kwargs) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, in wrapper raise BadGateway(e) BadGateway: HTTPSConnectionPool(host='engine-host', port=443): Max retries exceeded with url: /ovirt-engine/sso/oauth/token-info (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fe806166b90>: Failed to establish a new connection: [Errno -2] 0x7fe806166b90>Name or service not known',))