engine-setup fails: "Failed to execute stage 'Misc configuration': Command '/usr/bin/ovirt-aaa-jdbc-tool' failed to execute"
5:16 p.m.
I can find no reason why this would be happening. AlmaLinux 9.4, oVirt 4.5.6, brand
new/fresh cluster/install.
From the log, these seem to be the only relevant lines:
2024-06-18 22:02:52,720+0000 DEBUG
otopi.plugins.ovirt_engine_setup.ovirt_engine.config.aaajdbc plugin.execute:918
execute-output: ('/usr/bin/ovirt-aaa-jdbc-tool',
'--db-config=/etc/ovirt-engine/aaa/internal.properties', 'query',
'--what=
user', '--pattern=name=admin') stdout:
2024-06-18 22:02:52,720+0000 DEBUG
otopi.plugins.ovirt_engine_setup.ovirt_engine.config.aaajdbc plugin.execute:923
execute-output: ('/usr/bin/ovirt-aaa-jdbc-tool',
'--db-config=/etc/ovirt-engine/aaa/internal.properties', 'query',
'--what=
user', '--pattern=name=admin') stderr:
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
Jun 18, 2024 10:02:52 PM org.ovirt.engine.extension.aaa.jdbc.binding.cli.Cli main
SEVERE: Unexpected Exception invoking Cli:
com/ongres/scram/common/stringprep/StringPreparation
2024-06-18 22:02:52,720+0000 DEBUG otopi.context context._executeMethod:143 method
exception
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/otopi/context.py", line 132, in
_executeMethod
method['method']()
File
"/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/config/aaajdbc.py",
line 414, in _misc
self._setupAdminUser()
File
"/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/config/aaajdbc.py",
line 298, in _setupAdminUser
if not self._userExists(
File
"/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/config/aaajdbc.py",
line 49, in _userExists
rc, stdout, stderr = self.execute(
File "/usr/lib/python3.9/site-packages/otopi/plugin.py", line 929, in execute
raise RuntimeError(
RuntimeError: Command '/usr/bin/ovirt-aaa-jdbc-tool' failed to execute
2024-06-18 22:02:52,721+0000 ERROR otopi.context context._executeMethod:151 Failed to
execute stage 'Misc configuration': Command '/usr/bin/ovirt-aaa-jdbc-tool'
failed to execute
2024-06-18 22:02:52,721+0000 DEBUG otopi.transaction transaction.abort:124 aborting
'DNF Transaction'
Any ideas?
2:37 p.m.
New subject: engine-setup fails: "Failed to execute stage 'Misc configuration': Command '/usr/bin/ovirt-aaa-jdbc-tool' failed to execute"
As a quick update to this:
# ovirt-aaa-jdbc-tool
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
Jun 19, 2024 7:28:14 PM org.ovirt.engine.extension.aaa.jdbc.binding.cli.Cli main
SEVERE: Unexpected Exception invoking Cli: Could not read properties from:
/etc/ovirt-engine/aaa/internal.properties
Which is, of course, the same message in the log.
This is probably expected, since *engine-setup never actually created the file*:
# ls -la /etc/ovirt-engine/aaa
total 4
drwxr-xr-x. 2 root root 6 Jun 19 19:27 .
drwxr-xr-x. 18 root root 4096 Jun 19 19:27 ..
#
And:
2024-06-19 19:27:10,917+0000 DEBUG
otopi.plugins.ovirt_engine_setup.ovirt_engine.config.aaajdbc plugin.execute:923
execute-output: ['/usr/share/ovirt-engine-extension-aaa-jdbc/dbscripts/schema.sh',
'-s', '[REDACTED_REMOTE_DB_HOST]', '-p', '5432',
'-u', '[REDACTED_REMOTE_DB_USER]', '-d',
'[REDACTED_REMOTE_DB_NAME]', '-e', 'aaa_jdbc', '-l',
'/root/ovirt-engine-setup.log', '-c', 'apply'] stderr:
2024-06-19 19:27:10,917+0000 DEBUG otopi.transaction transaction._prepare:61 preparing
'File transaction for '/etc/ovirt-engine/aaa/internal.properties''
2024-06-19 19:27:10,917+0000 DEBUG otopi.filetransaction filetransaction.prepare:184 file
'/etc/ovirt-engine/aaa/internal.properties' missing
2024-06-19 19:27:10,920+0000 DEBUG otopi.transaction transaction._prepare:61 preparing
'File transaction for
'/etc/ovirt-engine/extensions.d/internal-authn.properties''
2024-06-19 19:27:10,920+0000 DEBUG otopi.filetransaction filetransaction.prepare:184 file
'/etc/ovirt-engine/extensions.d/internal-authn.properties' missing
2024-06-19 19:27:10,921+0000 DEBUG otopi.transaction transaction._prepare:61 preparing
'File transaction for
'/etc/ovirt-engine/extensions.d/internal-authz.properties''
2024-06-19 19:27:10,921+0000 DEBUG otopi.filetransaction filetransaction.prepare:184 file
'/etc/ovirt-engine/extensions.d/internal-authz.properties' missing
2024-06-19 19:27:10,921+0000 DEBUG
otopi.plugins.ovirt_engine_setup.ovirt_engine.config.aaajdbc plugin.executeRaw:808
execute: ('/usr/bin/ovirt-aaa-jdbc-tool',
(...)
Is this because I'm using remote databases for the DWH? I was under the impression
this was supported, especially given that engine-setup prompts for the host and it is
documented.
1:11 a.m.
New subject: engine-setup fails: "Failed to execute stage 'Misc configuration': Command '/usr/bin/ovirt-aaa-jdbc-tool' failed to execute"
On Wed, Jun 19, 2024 at 10:38 PM Brent S. <brent.saner(a)netfire.com> wrote:
As a quick update to this:
# ovirt-aaa-jdbc-tool
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
Jun 19, 2024 7:28:14 PM
org.ovirt.engine.extension.aaa.jdbc.binding.cli.Cli main
SEVERE: Unexpected Exception invoking Cli: Could not read properties from:
/etc/ovirt-engine/aaa/internal.properties
Which is, of course, the same message in the log.
This is probably expected, since *engine-setup never actually created the
file*:
Are you sure about this?
# ls -la /etc/ovirt-engine/aaa
total 4
drwxr-xr-x. 2 root root 6 Jun 19 19:27 .
drwxr-xr-x. 18 root root 4096 Jun 19 19:27 ..
#
I guess you checked the above only after engine-setup failed/finished,
right?
And:
2024-06-19 19:27:10,917+0000 DEBUG
otopi.plugins.ovirt_engine_setup.ovirt_engine.config.aaajdbc
plugin.execute:923 execute-output:
['/usr/share/ovirt-engine-extension-aaa-jdbc/dbscripts/schema.sh', '-s',
'[REDACTED_REMOTE_DB_HOST]', '-p', '5432', '-u',
'[REDACTED_REMOTE_DB_USER]', '-d', '[REDACTED_REMOTE_DB_NAME]',
'-e',
'aaa_jdbc', '-l', '/root/ovirt-engine-setup.log', '-c',
'apply'] stderr:
2024-06-19 19:27:10,917+0000 DEBUG otopi.transaction
transaction._prepare:61 preparing 'File transaction for
'/etc/ovirt-engine/aaa/internal.properties''
2024-06-19 19:27:10,917+0000 DEBUG otopi.filetransaction
filetransaction.prepare:184 file
'/etc/ovirt-engine/aaa/internal.properties' missing
Indeed
2024-06-19 19:27:10,920+0000 DEBUG otopi.transaction
transaction._prepare:61 preparing 'File transaction for
'/etc/ovirt-engine/extensions.d/internal-authn.properties''
2024-06-19 19:27:10,920+0000 DEBUG otopi.filetransaction
filetransaction.prepare:184 file
'/etc/ovirt-engine/extensions.d/internal-authn.properties' missing
2024-06-19 19:27:10,921+0000 DEBUG otopi.transaction
transaction._prepare:61 preparing 'File transaction for
'/etc/ovirt-engine/extensions.d/internal-authz.properties''
2024-06-19 19:27:10,921+0000 DEBUG otopi.filetransaction
filetransaction.prepare:184 file
'/etc/ovirt-engine/extensions.d/internal-authz.properties' missing
2024-06-19 19:27:10,921+0000 DEBUG
otopi.plugins.ovirt_engine_setup.ovirt_engine.config.aaajdbc
plugin.executeRaw:808 execute: ('/usr/bin/ovirt-aaa-jdbc-tool',
(...)
Is this because I'm using remote databases for the DWH? I was under the
impression this was supported, especially given that engine-setup prompts
for the host and it is documented.
I don't think that's related.
If you grep ovirt-engine sources, you'll find internal.properties in:
packaging/setup/ovirt_engine_setup/engine/constants.py:
AAA_JDBC_CONFIG_DB = os.path.join(
OVIRT_ENGINE_SYSCONFDIR,
'aaa',
'internal.properties'
)
If you then grep for AAA_JDBC_CONFIG_DB, you see it in:
packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/config/aaajdbc.py:
def _setupAuth(self):
self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append(
filetransaction.FileTransaction(
name=oenginecons.FileLocations.AAA_JDBC_CONFIG_DB,
...
visibleButUnsafe=True,
...
def _setupAdminUser(self):
toolArgs = (
oenginecons.FileLocations.AAA_JDBC_TOOL,
'--db-config=%s' % oenginecons.FileLocations.AAA_JDBC_CONFIG_DB,
)
...
@plugin.event(
stage=plugin.Stages.STAGE_MISC,
name=AAA_JDBC_SETUP_ADMIN_USER,
after=(
oengcommcons.Stages.DB_SCHEMA,
oengcommcons.Stages.DB_CONNECTION_AVAILABLE,
oenginecons.Stages.CONFIG_EXTENSIONS_UPGRADE,
),
before=(
oenginecons.Stages.CONFIG_AAA_ADMIN_USER_SETUP,
),
condition=lambda self: self.environment[
oenginecons.ConfigEnv.ADMIN_USER_AUTHZ_TYPE
] == self.AAA_JDBC_AUTHZ_TYPE,
)
def _misc(self):
# TODO: if we knew that aaa-jdbc package was upgraded by
engine-setup
# TODO: we could display summary note that custom profiles have to
be
# TODO: upgraded manually
self._setupSchema()
self._setupAuth()
self._setupAdminUser()
...
This means that:
At STAGE_MISC, _misc calls _setupAuth, which creates this file, and then it
calls
_setupAdminUser which tries to use it. Latter fails, and engine-setup rolls
back
the MAIN_TRANSACTION, including removing the file.
I'd start debugging this issue by:
1. Patching _setupAuth to wait (e.g. using dialog.queryBoolean, search the
source
for examples) after it creates the file, so that I can investigate it
2. Patching _setupAdminUser to wait after it runs the tool, so that I can
try to
investigate the failure - e.g. run it myself under strace, if the existing
logging
is not enough.
You can try using the otopi plugin wait_on_error for this, instead of
patching.
Good luck and best regards,
--
Didi
1:13 a.m.
New subject: engine-setup fails: "Failed to execute stage 'Misc configuration': Command '/usr/bin/ovirt-aaa-jdbc-tool' failed to execute"
On Thu, Jul 4, 2024 at 9:11 AM Yedidyah Bar David <didi(a)redhat.com> wrote:
On Wed, Jun 19, 2024 at 10:38 PM Brent S.
<brent.saner(a)netfire.com> wrote:
> As a quick update to this:
>
> # ovirt-aaa-jdbc-tool
>
>
> Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
>
>
>
> Jun 19, 2024 7:28:14 PM
> org.ovirt.engine.extension.aaa.jdbc.binding.cli.Cli main
>
>
> SEVERE: Unexpected Exception invoking Cli: Could not read properties
> from: /etc/ovirt-engine/aaa/internal.properties
>
> Which is, of course, the same message in the log.
>
> This is probably expected, since *engine-setup never actually created the
> file*:
>
Are you sure about this?
>
> # ls -la /etc/ovirt-engine/aaa
> total 4
> drwxr-xr-x. 2 root root 6 Jun 19 19:27 .
> drwxr-xr-x. 18 root root 4096 Jun 19 19:27 ..
> #
>
I guess you checked the above only after engine-setup failed/finished,
right?
>
> And:
>
> 2024-06-19 19:27:10,917+0000 DEBUG
> otopi.plugins.ovirt_engine_setup.ovirt_engine.config.aaajdbc
> plugin.execute:923 execute-output:
> ['/usr/share/ovirt-engine-extension-aaa-jdbc/dbscripts/schema.sh',
'-s',
> '[REDACTED_REMOTE_DB_HOST]', '-p', '5432', '-u',
> '[REDACTED_REMOTE_DB_USER]', '-d',
'[REDACTED_REMOTE_DB_NAME]', '-e',
> 'aaa_jdbc', '-l', '/root/ovirt-engine-setup.log',
'-c', 'apply'] stderr:
>
>
> 2024-06-19 19:27:10,917+0000 DEBUG otopi.transaction
> transaction._prepare:61 preparing 'File transaction for
> '/etc/ovirt-engine/aaa/internal.properties''
> 2024-06-19 19:27:10,917+0000 DEBUG otopi.filetransaction
> filetransaction.prepare:184 file
> '/etc/ovirt-engine/aaa/internal.properties' missing
>
Indeed
> 2024-06-19 19:27:10,920+0000 DEBUG otopi.transaction
> transaction._prepare:61 preparing 'File transaction for
> '/etc/ovirt-engine/extensions.d/internal-authn.properties''
> 2024-06-19 19:27:10,920+0000 DEBUG otopi.filetransaction
> filetransaction.prepare:184 file
> '/etc/ovirt-engine/extensions.d/internal-authn.properties' missing
> 2024-06-19 19:27:10,921+0000 DEBUG otopi.transaction
> transaction._prepare:61 preparing 'File transaction for
> '/etc/ovirt-engine/extensions.d/internal-authz.properties''
> 2024-06-19 19:27:10,921+0000 DEBUG otopi.filetransaction
> filetransaction.prepare:184 file
> '/etc/ovirt-engine/extensions.d/internal-authz.properties' missing
> 2024-06-19 19:27:10,921+0000 DEBUG
> otopi.plugins.ovirt_engine_setup.ovirt_engine.config.aaajdbc
> plugin.executeRaw:808 execute: ('/usr/bin/ovirt-aaa-jdbc-tool',
> (...)
>
> Is this because I'm using remote databases for the DWH? I was under the
> impression this was supported, especially given that engine-setup prompts
> for the host and it is documented.
>
I don't think that's related.
If you grep ovirt-engine sources, you'll find internal.properties in:
packaging/setup/ovirt_engine_setup/engine/constants.py:
AAA_JDBC_CONFIG_DB = os.path.join(
OVIRT_ENGINE_SYSCONFDIR,
'aaa',
'internal.properties'
)
If you then grep for AAA_JDBC_CONFIG_DB, you see it in:
packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/config/aaajdbc.py:
def _setupAuth(self):
self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append(
filetransaction.FileTransaction(
name=oenginecons.FileLocations.AAA_JDBC_CONFIG_DB,
...
visibleButUnsafe=True,
Forgot to mention: You can check otopi sources:src/otopi/filetransaction.py
to see what this means.
...
def _setupAdminUser(self):
toolArgs = (
oenginecons.FileLocations.AAA_JDBC_TOOL,
'--db-config=%s' %
oenginecons.FileLocations.AAA_JDBC_CONFIG_DB,
)
...
@plugin.event(
stage=plugin.Stages.STAGE_MISC,
name=AAA_JDBC_SETUP_ADMIN_USER,
after=(
oengcommcons.Stages.DB_SCHEMA,
oengcommcons.Stages.DB_CONNECTION_AVAILABLE,
oenginecons.Stages.CONFIG_EXTENSIONS_UPGRADE,
),
before=(
oenginecons.Stages.CONFIG_AAA_ADMIN_USER_SETUP,
),
condition=lambda self: self.environment[
oenginecons.ConfigEnv.ADMIN_USER_AUTHZ_TYPE
] == self.AAA_JDBC_AUTHZ_TYPE,
)
def _misc(self):
# TODO: if we knew that aaa-jdbc package was upgraded by
engine-setup
# TODO: we could display summary note that custom profiles have to
be
# TODO: upgraded manually
self._setupSchema()
self._setupAuth()
self._setupAdminUser()
...
This means that:
At STAGE_MISC, _misc calls _setupAuth, which creates this file, and then
it calls
_setupAdminUser which tries to use it. Latter fails, and engine-setup
rolls back
the MAIN_TRANSACTION, including removing the file.
I'd start debugging this issue by:
1. Patching _setupAuth to wait (e.g. using dialog.queryBoolean, search the
source
for examples) after it creates the file, so that I can investigate it
2. Patching _setupAdminUser to wait after it runs the tool, so that I can
try to
investigate the failure - e.g. run it myself under strace, if the existing
logging
is not enough.
You can try using the otopi plugin wait_on_error for this, instead of
patching.
Good luck and best regards,
--
Didi
--
Didi
7:28 a.m.
New subject: engine-setup fails: "Failed to execute stage 'Misc configuration': Command '/usr/bin/ovirt-aaa-jdbc-tool' failed to execute"
Same problem here. I even tried to recompile from source, used differnt Java versions
etc.
Just executing the /usr/bin/ovirt-aaa-jdbc-tool fails, too, as soon as you try something
that
actually wants t query the database.
SEVERE: Unexpected Exception invoking Cli:
com/ongres/scram/common/stringprep/StringPreparation
All jars are there, ans all came with the ovirt45 installation. So, I expected there
should be no version
mismatches etc.
7:31 a.m.
New subject: engine-setup fails: "Failed to execute stage 'Misc configuration': Command '/usr/bin/ovirt-aaa-jdbc-tool' failed to execute"
BTW: The access to the database itself is no problem, here, it reads the correct
configuration file. The installation has been tried on Rock9 and Centos9-Stream
installations, same on all installations.
2:04 p.m.
New subject: engine-setup fails: "Failed to execute stage 'Misc configuration': Command '/usr/bin/ovirt-aaa-jdbc-tool' failed to execute"
For cross-reference, the same issue has been reported in GitHub[0] with no resolve or
response yet.
To make matters clear, this completely prevents engine installation across AlmaLinux 9.x,
Rocky 9.x, *and* Centos 9 Stream. This is a major blocker to new installs.
[0] https://github.com/oVirt/ovirt-engine/issues/945
2
days inactive
18
days old
6 comments
4 participants
participants (4)
-
Brent S. -
brent.saner@netfire.com
-
ovirt@kirschke.de -
Yedidyah Bar David