Hey Marcin. There aren't any logs for those services as they haven't been started yet. This failure happens very early in the deploy, just after the page where you configure the engine VM settings.

Unfortunately, I can't try a redeploy on the same node because libvirtd is now in a bad state and can't come up at all. I now get the following error once we get past the Gluster Wizard and move on the the Hosted Engine Deploy:
"libvirt is not running! Please ensure it is running before starting the wizard, so system capabilities can be queried."

I'll sift through the ansible to see what it changed and report back. But I'd still like to get past this /etc/pki/CA/cacert.pem issue.

On Fri, May 22, 2020 at 4:45 AM Marcin Sobczyk <msobczyk@redhat.com> wrote:

Hi,

On 5/22/20 7:06 AM, Stephen Panicho wrote:

Hi all! I'm using Cockpit to perform an HCI install, and it fails at the hosted engine deploy. Libvirtd can't restart because of a missing /etc/pki/CA/cacert.pem file.

The log (tasks seemingly from /usr/share/ansible/roles/ovirt.hosted_engine_setup/tasks/initial_clean.yml):

[ INFO ] TASK [ovirt.hosted_engine_setup : Stop libvirt service]
[ INFO ] changed: [localhost]
[ INFO ] TASK [ovirt.hosted_engine_setup : Drop vdsm config statements]
[ INFO ] changed: [localhost]
[ INFO ] TASK [ovirt.hosted_engine_setup : Restore initial abrt config files]
[ INFO ] changed: [localhost]
[ INFO ] TASK [ovirt.hosted_engine_setup : Restart abrtd service]
[ INFO ] changed: [localhost]
[ INFO ] TASK [ovirt.hosted_engine_setup : Drop libvirt sasl2 configuration by vdsm]
[ INFO ] changed: [localhost]
[ INFO ] TASK [ovirt.hosted_engine_setup : Stop and disable services]
[ INFO ] ok: [localhost]
[ INFO ] TASK [ovirt.hosted_engine_setup : Restore initial libvirt default network configuration]
[ INFO ] changed: [localhost]
[ INFO ] TASK [ovirt.hosted_engine_setup : Start libvirt]
[ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg": "Unable to start service libvirtd: Job for libvirtd.service failed because the control process exited with error code.\nSee \"systemctl status libvirtd.service\" and \"journalctl -xe\" for details.\n"}

journalctl -u libvirtd:

May 22 04:33:25 node1 libvirtd[26392]: libvirt version: 5.6.0, package: 10.el8 (CBS <cbs@centos.org>, 2020-02-27-01:09:46, )
May 22 04:33:25 node1 libvirtd[26392]: hostname: node1
May 22 04:33:25 node1 libvirtd[26392]: Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file or directory
May 22 04:33:25 node1 systemd[1]: libvirtd.service: Main process exited, code=exited, status=6/NOTCONFIGURED
May 22 04:33:25 node1 systemd[1]: libvirtd.service: Failed with result 'exit-code'.
May 22 04:33:25 node1 systemd[1]: Failed to start Virtualization daemon.

Can you please share journalctl logs for vdsmd and supervdsmd?

Regards, Marcin
From a fresh CentOS 8.1 minimal install, I've installed the following:

- The 4.4 repo

- cockpit

- ovirt-cockpit-dashboard

- vdsm-gluster (providing glusterfs-server and allowing the Gluster Wizard to complete)

- gluster-ansible-roles (only on the bootstrap host)

I'm not exactly sure what that initial bit of the playbook does. Comparing the bootstrap node with another that has yet to be touched, both /etc/libvirt/libvirtd.conf and /etc/sysconfig/libvirtd are the same on both hosts. Yet the bootstrap host can no longer start libvirtd while the other host can. Neither host has the /etc/pki/CA/cacert.pem file.

Please let me know if I can provide any more information. Thanks!
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/XNW4HWUQUTN44VMATT4B6ARSEYVURDP7/