Re: [ovirt-users] Foreman: Add external provider (Failed with error PROVIDER_FAILURE and code 5050)

25 Sep 2015

      On Friday, September 25, 2015 11:27:11 AM Nathanaël Blanchet wrote:
...
hi Yaniv,
When using http request, ovirt tells me " I Failed to communicate with
the external provider." and I get this on the foreman side:
  | Started GET "/api/v2" for 192.168.52.116 at 2015-09-25 11:18:32 +0200
2015-09-25 11:18:32 [app] [I] Processing by
Api::V2::HomeController#index as JSON
2015-09-25 11:18:32 [app] [I]   Parameters: {"apiv"=>"v2", "home"=>{}}
2015-09-25 11:18:32 [app] [I] Redirected to https://euphorbe.v3.abes.fr/api
2015-09-25 11:18:32 [app] [I] Filter chain halted as
#<Proc:0x000000093503a0@/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-
3.2.8/lib/action_controller/metal/force_ssl.rb:28> rendered or redirected
2015-09-25 11:18:32 [app] [I] Completed 301 Moved Permanently in 1ms
(ActiveRecord: 0.0ms)
But no log comes using https on the foreman side and I get "Test Failed
(unknown error)." with 5-09-25 11:25:31,181 ERROR
[org.ovirt.engine.core.bll.GetProviderCertificateChainQuery]
(ajp--127.0.0.1-8702-4) Error in encoding certificate. Error is {}
java.io.IOException: Keystore was tampered with, or password was incorrect.
I've just updated to 3.5.4 and otopi asked me for renewing the
certificate. May it be the reason of the issue?
I actually just had a similar issue, basically if I tried to make a http 
connection and clicked the test button. The foreman side would show me it is 
doing a redirect (presumably to https), which the ovirt side doesn't handle 
very well.

And if I tried to make a https request I would get the IOException Keystore 
has been tampered with, or password was incorrect. For me it turned out the 
/var/lib/ovirt-engine/external_truststore was corrupted. What normally will 
happen when trying to make an https connection to foreman is it will receive 
certificate from foreman, notice it is not trusted and ask the user to trust it 
(and it will put it in the external_truststore, if the user trusts it). Since 
it was corrupted it was unable to properly open the trust store and the 
mentioned IOException would get logged.

Assuming your trust store is corrupted (Mine was only 32 bytes, it should be 
much bigger), you can just rename it or delete it. And a new one will be 
created when you try to make an HTTPS connection to foreman. Once I did both 
(remove the corrupted trust store, and make an HTTPS connection). Everything 
started working correctly for me.
...
Le 25/09/2015 11:14, Yaniv Bronheim a écrit :
...
Hi Nathanael,
This error means that the restAPI request to foreman returned an
error. Most of the time it is a communication issue.. but we can't
know much from this report.
Can you please share the production.log file from your foreman host?
Better to try to add the server as provider, get the error and then
check the production.log file - it will show us if engine request got
to foreman server, the internal fields and why foreman returned 5050.
Greeting,
Yaniv Bronhaim.
On Wed, Sep 23, 2015 at 5:31 PM, Nathanaël Blanchet <blanchet@abes.fr
<mailto:blanchet@abes.fr>> wrote:
    Hello,
I have a working foreman 1.9.1 installed with katello 2.3.
    ruby193-rubygem-ovirt_provision_plugin-1.0.1-1.el7 is also
    installed on the same host.
    But the issue is the same as below when testing  in "add external
    provider" from ovirt 3.5.4.
    What can I do now?
Le 06/11/2014 12:31, Oved Ourfali a écrit :
        ----- Original Message -----
From: "Daniel Helgenberger" <daniel.helgenberger@m-box.de
            <mailto:daniel.helgenberger@m-box.de>>
            To: "Oved Ourfali" <oourfali@redhat.com
            <mailto:oourfali@redhat.com>>
            Cc: users@ovirt.org <mailto:users@ovirt.org>
            Sent: Thursday, November 6, 2014 1:29:38 PM
            Subject: Re: [ovirt-users] Foreman: Add external provider
            (Failed with error PROVIDER_FAILURE and code 5050)
On 06.11.2014 05:47, Oved Ourfali wrote:
                These steps are also in the feature page
Thanks Oved for pointing to the doc; my bad. I was using
            the foreman
            integration document [1]. Maybe the pages should be merged?
Yaniv - you planned to merge them, right? That would be a good
        time...
, but it would be nice if you review them to see
                nothing is missing.
http://www.ovirt.org/Features/AdvancedForemanIntegration
With foreman 1.6 (at least) there is no need to enable the
            nightly
            builds any more as rb-ovirt is resolved by yum.
Lastly, I think you need to enable foreman_discovery with
            the foreman
            installer to work and download images:
# foreman-installer --enable-foreman-plugin-discovery
            --foreman-plugin-discovery-install-images=true
You have that already listed in the testing env setup; but
            this needs to
            be put in context with installing foreman-ovirt on the
            foreman host.
Yaniv - please add a note there too.
Daniel - thanks for the review and the comments!
Regards,
        Oved
Thanks
                Oved
[1] http://www.ovirt.org/Features/ForemanIntegration
On Nov 6, 2014 12:40 AM, Daniel Helgenberger
                <daniel.helgenberger@m-box.de
                <mailto:daniel.helgenberger@m-box.de>>
wrote:
                    Answering my own question; and maybe a very
                    obvious cause for the
                    failing provider: the missiAnswering my own
                    question; and maybe a very
                    obvious cause for the
failing provider: the missing provider plugin in forman!
                So one needs to do:
yum install ruby193-rubygem-ovirt_provision_plugin
on the foreman host.
After that, the connection test in the engine comes up
                positive. Sadly,
                this is not documented anywhere; only on the GitHub
                repo readme [1].
                This is also a little bit outdated, as the rbovirt
                dependency is
                resolved now automatically.
Also, but I am not sure, the porvider lugin needs the
                foreman_discovery
                plugin to work:
yum install ruby193-rubygem-foreman_discovery
[1]
                https://github.com/theforeman/ovirt_provision_plugin/blob/
                master/README.md
On 29.10.2014 00:36, Daniel Helgenberger wrote:
                    Hello,
did anyone actually get this working in oVirt 3.5
                    / EL6 - Engine? I am
                    trying this for two days now.
Setup:
                    Engine; EL6.5
                    Foreman; EL6.5
Foreman seems to do it's as I can use it to deploy
                    hosts and also smart
                    proxies are running fine.
I have opened a BZ [1]; because this really can
                    not work out of the box
                    with EL6 plain vanilla packages. I wonder if this
                    was ever tested... ?
                    Java 7 used i n EL6 [4] does only support DH keys
                    up to 1024byte. This
                    is known issue in Foreman [2] as longer DH keys
                    are now used by default
                    in Foreman / PuppetCA.
                    A dirty fix confirmed working is adding default DH
                    parameters to the
                    foreman cert; effectively disabling it [3].
So I got SSL working and I get beyond the
                    authentication (entering wrong
                    data gets me auth errors)- however, I am still not
                    able to add the
                    external provider. Pressing 'test' results in
                    (Failed with error PROVIDER_FAILURE and code 5050)
Sample engine.log
                    2014-10-28 23:49:40,860 ERROR
                    [org.ovirt.engine.core.bll.provider.TestProviderConnec
                    tivityCommand]
                    (ajp--127.0.0.1-8702-1) [6a3da4e7] Command
                    org.ovirt.engine.core.bll.provider.TestProviderConnect
                    ivityCommand
                    throw
                    Vdc Bll exception. With error message
                    VdcBLLException: PROVIDER_FAILURE
                    (Failed with error PROVIDER_FAILURE and code 5050)
I can't find any more hints in oVirt; access logs
                    in Foreman are telling
                    me API queries by the engine. Did I miss a crucial
                    step in the foreman
                    setup? How can I debug this issue?
I am willing to upgrade openjdk; provided this
                    does not break my engine...
Thanks!
[1]
                    https://bugzilla.redhat.com/show_bug.cgi?id=1157749
                    [2] https://tickets.puppetlabs.com/browse/SERVER-17
                    [3]
                    http://httpd.apache.org/docs/current/ssl/ssl_faq.html#
                    javadh
                    [4] java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5.x86_64
--
            Daniel Helgenberger
            m box bewegtbild GmbH
P: +49/30/2408781-22
            F: +49/30/2408781-10
ACKERSTR. 19
            D-10115 BERLIN
www.m-box.de <http://www.m-box.de> www.monkeymen.tv
            <http://www.monkeymen.tv>
Geschäftsführer: Martin Retschitzegger / Michaela Göllner
            Handeslregister: Amtsgericht Charlottenburg / HRB 112767
_______________________________________________
        Users mailing list
        Users@ovirt.org <mailto:Users@ovirt.org>
        http://lists.ovirt.org/mailman/listinfo/users
Supervision réseau
    Pôle Infrastrutures Informatiques
    227 avenue Professeur-Jean-Louis-Viala
    34193 MONTPELLIER CEDEX 5
    Tél. 33 (0)4 67 54 84 55
    Fax  33 (0)4 67 54 84 14
    blanchet@abes.fr <mailto:blanchet@abes.fr>
_______________________________________________
    Users mailing list
    Users@ovirt.org <mailto:Users@ovirt.org>
    http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Foreman: Add external provider (Failed with error PROVIDER_FAILURE and code 5050)

Alexander Wels