oVirt management has lost its SSL.
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --jqakiCaOmFP9f4FpGI29oNeauWoOxF3aM Content-Type: multipart/mixed; boundary="66cCtMpFhTKBqqwQAsjplKCPdvE5mwege"; protected-headers="v1" From: ~Stack~ <i.am.stack@gmail.com> To: users <users@ovirt.org> Message-ID: <4db29c1e-4031-aece-e736-855879c5c023@gmail.com> Subject: oVirt management has lost its SSL. --66cCtMpFhTKBqqwQAsjplKCPdvE5mwege Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Greetings, OS: Scientific Linux 7.4 oVirt: 4.1 Everything fully updated. Everything was working great. I received my new network card today to upgrade my ovirt management node (physical node; not self-hosted), took the machine down, swapped the card, and brought it up to many many errors= =2E Here's the basic break-down of my discoveries. 1) My /etc/pki/ovirt-engine/.trustedstore was corrupt. I had lots of messages in my engine.log about it being corrupt. Restored from backup, and oVirt engine was really peeved for not having my domain cert in it (tons of messages in the engine.log file)...figured out how to add my domain cert and it seemed OK. Which led me to... 2) My /etc/pki/ovirt-engine/keys/engine.p12 and /etc/pki/ovirt-engine/keys/apache.p12 are _gone_. Don't have them in my backups either. This results in a massive java dump when I try to start the engine service. 3) I noticed that I had /etc/pki/ovirt-engine/keys/engine.p12.201711021302 which is a time stamp corresponding to when I shut the node down. Then I noticed, that I was missing dang near EVERY file in /etc/pki/ovirt-engine but I had an equivalent file with the ".201711021302" extension. So a touch of bash and I copied all of my "*.201711021302" files with the proper user/group/permissions into their base name. Hooray! No more errors in the log files and all services start!! 4) I open my web browser and head to my management host...and I get this error: Keystore was tampered with, or password was incorrect Well...yeah. I had to fix it in step one. :-/ I'm not getting anything useful out of my Internet searching. I don't know what went wrong or why, but my SSL is just borked. Any suggestions? Thoughts? Ideas? Is there a way to just blow away and start over with the SSL _without_ destroying the VM's (which fortunately they all seem to still be functional!)? Any help would be greatly appreciated. Thanks! ~Stack~ --66cCtMpFhTKBqqwQAsjplKCPdvE5mwege-- --jqakiCaOmFP9f4FpGI29oNeauWoOxF3aM Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZ+4ufAAoJELkej+ysXJPm/QwQAJYRG5YCzxLDvvMtr252oMP2 2NzNF1hSscm/rDe2LnmDygdeJNrnMf/E2KrGUcfIly5HsESMnY3qfcbDzzzLhF8P jMyRszzdPIo3z1OOlhK67q90kOI9KKuyf8/t/a5WCqyBUFfVGWr5t/UvkIg3gS1j hisokLAbBKRZmRj/ncjZFQJ8roNExamwedYe/5hnZnX5/yxmsBYUHB6aQ3rt/p7f Ic9Oqvt6RVbAvZ/69fFNcUK+/KQUdPDLqqKLepwlkb9nvvSYLtYKw3/0rqxCs0S3 AWsLi1ZV2Vfgn/Gx27x/wpXOLxYUWr8GhyE7++iTv6ujxNfP4MPm8ijgzl2RvgfA NVzHHf6WUOTGD3TPsgd45oa4IoKJ44pkKa/llqn1rrGeqhvoioBtE1NMaq5nexo6 t8bHOghcM+0SHclUenZJ5Yv19f0bYNN0GBjevmIy9W/LXQaS2knNnPPOZGsZFZlF e7M9phTEWo6jlv0k21rp98+ZlLszdo6zXQ6Bj72FS/HE2xGQkzrN3M/xFSrJl2Wv lbK2R2/Jg8jsriCOBQaNHTj/JbGPKPIbeZaa9ThmDC0htsfOqqN6Zj7OGUmq92+i yH8Iw+jyHmai99ssEi8zM7b3Nv01WWZYwPKEusuDsczJ5UTejy5SbbBxjQwFyZrM +TRNf+h1rWwrJC+Fetse =gPCS -----END PGP SIGNATURE----- --jqakiCaOmFP9f4FpGI29oNeauWoOxF3aM--
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --6srqPwiDoNgJCMhM5k3HBhW43FakwQb0c Content-Type: multipart/mixed; boundary="0T6GsGDl9lswqG1oKhuTrenOACKCmepeH"; protected-headers="v1" From: ~Stack~ <i.am.stack@gmail.com> To: users <users@ovirt.org> Message-ID: <d0bca9f6-2251-f865-436e-9e82b24333b1@gmail.com> Subject: Re: oVirt management has lost its SSL. References: <4db29c1e-4031-aece-e736-855879c5c023@gmail.com> In-Reply-To: <4db29c1e-4031-aece-e736-855879c5c023@gmail.com> --0T6GsGDl9lswqG1oKhuTrenOACKCmepeH Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Greetings, Please, I would greatly appreciate some help/feedback. I'm not sure what else to do. I reverted the .trustedstore to the only backup I have, and there is one key in it. That too gets flagged by oVirt as having been tampered with (I'm guessing oVirt added something that isn't there any more). The password is correct as I can verify it from the oVirt config file on the command line. I'm out of ideas on fixing this. What happens to my oVirt hypervisors and VM's if I rebuild the management engine host from scratch? Thanks! ~Stack~ On 11/02/2017 04:18 PM, ~Stack~ wrote:
Greetings, =20 OS: Scientific Linux 7.4 oVirt: 4.1 Everything fully updated. =20 Everything was working great. I received my new network card today to upgrade my ovirt management node (physical node; not self-hosted), took=
the machine down, swapped the card, and brought it up to many many erro= rs. =20 Here's the basic break-down of my discoveries. =20 1) My /etc/pki/ovirt-engine/.trustedstore was corrupt. I had lots of messages in my engine.log about it being corrupt. Restored from backup,=
and oVirt engine was really peeved for not having my domain cert in it (tons of messages in the engine.log file)...figured out how to add my domain cert and it seemed OK. Which led me to... =20 2) My /etc/pki/ovirt-engine/keys/engine.p12 and /etc/pki/ovirt-engine/keys/apache.p12 are _gone_. Don't have them in my=
backups either. This results in a massive java dump when I try to start=
the engine service. =20 3) I noticed that I had /etc/pki/ovirt-engine/keys/engine.p12.201711021302 which is a time stam= p corresponding to when I shut the node down. Then I noticed, that I was missing dang near EVERY file in /etc/pki/ovirt-engine but I had an equivalent file with the ".201711021302" extension. So a touch of bash and I copied all of my "*.201711021302" files with the proper user/group/permissions into their base name. Hooray! No more errors in the log files and all services start!! =20 4) I open my web browser and head to my management host...and I get thi= s error: Keystore was tampered with, or password was incorrect =20 Well...yeah. I had to fix it in step one. :-/ =20 I'm not getting anything useful out of my Internet searching. I don't know what went wrong or why, but my SSL is just borked. =20 Any suggestions? Thoughts? Ideas? =20 Is there a way to just blow away and start over with the SSL _without_ destroying the VM's (which fortunately they all seem to still be functional!)? =20 Any help would be greatly appreciated. Thanks! ~Stack~ =20 =20
--0T6GsGDl9lswqG1oKhuTrenOACKCmepeH-- --6srqPwiDoNgJCMhM5k3HBhW43FakwQb0c Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZ/H1qAAoJELkej+ysXJPmXykP/3Y9mC3+Mr5KUgqWZQdrw0n2 /YE9rSpIX1KsL2hx7MfNN3RRYNbRAU7bk6odB4nARS/LDyojuQouV9c931RyjlCr xeI6uzmd8TiEjuNSQ6uNQC1YLNyBWXHlAF7qoSXunXPF1W6n81A8FzAc6fy7dbtF gqymX/Exk9giS7/ybmEh0yZc8h2zNu0PeO8BjFp583444sXZ8Fd4SxHxCUPPcdKl GqjIVXBEtSb/b6fQHc0Tl2gXxgKqeTieacfAv1zoyj4uH+U+s3RUo/Jl5BNPnR6G Y5FeibVgh3kRV7WoJadYd8ZaVLa3NLSnuQIWQuP/qGrMNDt5hJZeURH2hCFFGWKc nXxFoeswjhfb3MHqp6YQqUuoGg0cxAbjT8IVfpvv6qQd5RIu79Tb6kvOO2AyYRY3 07GwQIgWiiaJUrY6AsI/FpRdzIr3xTYwpsUHA6yD0rplrVke6nwH0Pmqz2IFdBcn 3J1vLWNRNG3F32lsARwRyohcV9blKagr8oU2H/Kin3rzJpewLfim4OGXQEHZ8xRz 2yVJW3DnN9rdYZID3EM37uE8B+VtBq83VNEzrx7zixycei/m1BnzoddpJYnzmFdY ZFWwKvyN2bhw9R/TeWWsERViSRGSPdwGiYh8wr7mCA9OnUoxnLr8wF+CrTfVIysM LPhXZIkHFhFjtX2y6rtb =R70t -----END PGP SIGNATURE----- --6srqPwiDoNgJCMhM5k3HBhW43FakwQb0c--
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --FplIUg6f4oTjf2uFF6d2cIwEkHoJ3XiFB Content-Type: multipart/mixed; boundary="7L1K7tlmuTMbpGfdltWoF2kVahxXLS4w9"; protected-headers="v1" From: ~Stack~ <i.am.stack@gmail.com> To: users <users@ovirt.org> Message-ID: <a8ae8ead-b6cc-c1d1-4dcb-785f4c41a57f@gmail.com> Subject: Re: oVirt management has lost its SSL. References: <4db29c1e-4031-aece-e736-855879c5c023@gmail.com> <d0bca9f6-2251-f865-436e-9e82b24333b1@gmail.com> In-Reply-To: <d0bca9f6-2251-f865-436e-9e82b24333b1@gmail.com> --7L1K7tlmuTMbpGfdltWoF2kVahxXLS4w9 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Greetings, I'm seriously just grasping at straws here. I took a spare hard drive, tossed it in the management host, and did a fresh install. It did not like me trying to add it into the existing infrastructure. Tried to dump the DB from the old to the new, update the passwords, and pretty much ended up in the same place. I did check the .trustedkeystore and it has the same 1 key as my original back up. So that isn't the issue. Still poking at it. Would love some thoughts/feedback. Thanks! ~Stack~ On 11/03/2017 09:30 AM, ~Stack~ wrote:
Greetings, =20 Please, I would greatly appreciate some help/feedback. I'm not sure wha= t else to do. =20 I reverted the .trustedstore to the only backup I have, and there is on= e key in it. That too gets flagged by oVirt as having been tampered with (I'm guessing oVirt added something that isn't there any more). The password is correct as I can verify it from the oVirt config file on th= e command line. =20 I'm out of ideas on fixing this. What happens to my oVirt hypervisors and VM's if I rebuild the management engine host from scratch? =20 Thanks! ~Stack~ On 11/02/2017 04:18 PM, ~Stack~ wrote:
Greetings,
OS: Scientific Linux 7.4 oVirt: 4.1 Everything fully updated.
Everything was working great. I received my new network card today to upgrade my ovirt management node (physical node; not self-hosted), too= k the machine down, swapped the card, and brought it up to many many err= ors.
Here's the basic break-down of my discoveries.
1) My /etc/pki/ovirt-engine/.trustedstore was corrupt. I had lots of messages in my engine.log about it being corrupt. Restored from backup= , and oVirt engine was really peeved for not having my domain cert in it=
(tons of messages in the engine.log file)...figured out how to add my domain cert and it seemed OK. Which led me to...
2) My /etc/pki/ovirt-engine/keys/engine.p12 and /etc/pki/ovirt-engine/keys/apache.p12 are _gone_. Don't have them in m= y backups either. This results in a massive java dump when I try to star= t the engine service.
3) I noticed that I had /etc/pki/ovirt-engine/keys/engine.p12.201711021302 which is a time sta= mp corresponding to when I shut the node down. Then I noticed, that I was=
missing dang near EVERY file in /etc/pki/ovirt-engine but I had an equivalent file with the ".201711021302" extension. So a touch of bash=
and I copied all of my "*.201711021302" files with the proper user/group/permissions into their base name. Hooray! No more errors in=
the log files and all services start!!
4) I open my web browser and head to my management host...and I get th= is error: Keystore was tampered with, or password was incorrect
Well...yeah. I had to fix it in step one. :-/
I'm not getting anything useful out of my Internet searching. I don't know what went wrong or why, but my SSL is just borked.
Any suggestions? Thoughts? Ideas?
Is there a way to just blow away and start over with the SSL _without_=
destroying the VM's (which fortunately they all seem to still be functional!)?
Any help would be greatly appreciated. Thanks! ~Stack~
=20 =20 =20
--7L1K7tlmuTMbpGfdltWoF2kVahxXLS4w9-- --FplIUg6f4oTjf2uFF6d2cIwEkHoJ3XiFB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZ/KQwAAoJELkej+ysXJPm18YQALnXz8vN1Etj97pt+3Fcu5pj FFHCNYNe2SKCH6ezSs230AfItckp0HExWN6v3aHArKZfWNAkBkrvbwhCC07hhqZ0 /jNjXuyqzgwBppS3HNFnWuzpXR4iEkyszww0jPwXTSHWUG1yMNLPKHrOCYVKtsO1 WbUSMiPgopo7l9iRts2+qqIRcz1kFtQXEl8KrBEX4InibQ3hK1yAeG/LEDwMH9yK v6wkavcw/Xk0SXSs58DrLiyaOBXHggGPPwu5mgISD+YmDpQ2v3VsHQyW5gzNUfur v7pbpfwVWZiARREctA+I5rEeSVUDgKca7HdtK9BswMHICgJDRtiawjVNDgGQwYNi oiRSSwUQMQP2UZN40NsByWGOABi62Pj6T90plZEnymqKnyl5vmdmZ/GDD5K0wKd3 b0wgd7nc4owhzCv7D178fdhHHon72Gvt+OK0ZNs1BravC2qazNG3AHGVhsmzMxvJ IMoix5wElxpJ1t936/PUR64k3Du60yZy5c25ymypN01KQIvwgG80MFloELTQjEUO bA0PDf9ambKYVyWu+jbkdAzJ1l0RCEe2UrNEpFybLlx6RuNZ8LLpB6zToIbcDpac PtKZOiJddeosh82tXuMqR6MQ/4gyZOehSYfwdyXwRUIdgeoTmQA+J78yRORJa1R8 21Fh48BMD5I1/p5a/BM2 =59U2 -----END PGP SIGNATURE----- --FplIUg6f4oTjf2uFF6d2cIwEkHoJ3XiFB--
On Friday, November 3, 2017 1:15:27 PM EDT ~Stack~ wrote:
Greetings,
I'm seriously just grasping at straws here. I took a spare hard drive, tossed it in the management host, and did a fresh install. It did not like me trying to add it into the existing infrastructure. Tried to dump the DB from the old to the new, update the passwords, and pretty much ended up in the same place.
I did check the .trustedkeystore and it has the same 1 key as my original back up. So that isn't the issue.
Still poking at it. Would love some thoughts/feedback.
Thanks! ~Stack~
Running engine-setup on the engine machine should re-generate the keys.
On 11/03/2017 09:30 AM, ~Stack~ wrote:
Greetings,
Please, I would greatly appreciate some help/feedback. I'm not sure what else to do.
I reverted the .trustedstore to the only backup I have, and there is one key in it. That too gets flagged by oVirt as having been tampered with (I'm guessing oVirt added something that isn't there any more). The password is correct as I can verify it from the oVirt config file on the command line.
I'm out of ideas on fixing this. What happens to my oVirt hypervisors and VM's if I rebuild the management engine host from scratch?
Thanks! ~Stack~
On 11/02/2017 04:18 PM, ~Stack~ wrote:
Greetings,
OS: Scientific Linux 7.4 oVirt: 4.1 Everything fully updated.
Everything was working great. I received my new network card today to upgrade my ovirt management node (physical node; not self-hosted), took the machine down, swapped the card, and brought it up to many many errors.
Here's the basic break-down of my discoveries.
1) My /etc/pki/ovirt-engine/.trustedstore was corrupt. I had lots of messages in my engine.log about it being corrupt. Restored from backup, and oVirt engine was really peeved for not having my domain cert in it (tons of messages in the engine.log file)...figured out how to add my domain cert and it seemed OK. Which led me to...
2) My /etc/pki/ovirt-engine/keys/engine.p12 and /etc/pki/ovirt-engine/keys/apache.p12 are _gone_. Don't have them in my backups either. This results in a massive java dump when I try to start the engine service.
3) I noticed that I had /etc/pki/ovirt-engine/keys/engine.p12.201711021302 which is a time stamp corresponding to when I shut the node down. Then I noticed, that I was missing dang near EVERY file in /etc/pki/ovirt-engine but I had an equivalent file with the ".201711021302" extension. So a touch of bash and I copied all of my "*.201711021302" files with the proper user/group/permissions into their base name. Hooray! No more errors in the log files and all services start!!
4) I open my web browser and head to my management host...and I get this error: Keystore was tampered with, or password was incorrect
Well...yeah. I had to fix it in step one. :-/
I'm not getting anything useful out of my Internet searching. I don't know what went wrong or why, but my SSL is just borked.
Any suggestions? Thoughts? Ideas?
Is there a way to just blow away and start over with the SSL _without_ destroying the VM's (which fortunately they all seem to still be functional!)?
Any help would be greatly appreciated. Thanks! ~Stack~
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --RIdq5PTfuKg5kKXBX1iAIR2goeFGXkjdE Content-Type: multipart/mixed; boundary="KnJOald1h0BWIrxeKcmMEprQiQEeI3RIi"; protected-headers="v1" From: ~Stack~ <i.am.stack@gmail.com> To: Alexander Wels <awels@redhat.com>, users@ovirt.org Message-ID: <322b0492-ac8f-f031-89a2-c9e88f704934@gmail.com> Subject: Re: [ovirt-users] oVirt management has lost its SSL. References: <4db29c1e-4031-aece-e736-855879c5c023@gmail.com> <d0bca9f6-2251-f865-436e-9e82b24333b1@gmail.com> <a8ae8ead-b6cc-c1d1-4dcb-785f4c41a57f@gmail.com> <3083657.k6sMFeiRm5@awels> In-Reply-To: <3083657.k6sMFeiRm5@awels> --KnJOald1h0BWIrxeKcmMEprQiQEeI3RIi Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 11/03/2017 12:23 PM, Alexander Wels wrote:
On Friday, November 3, 2017 1:15:27 PM EDT ~Stack~ wrote:
Greetings,
I'm seriously just grasping at straws here. I took a spare hard drive,=
tossed it in the management host, and did a fresh install. It did not like me trying to add it into the existing infrastructure. Tried to du= mp the DB from the old to the new, update the passwords, and pretty much ended up in the same place.
I did check the .trustedkeystore and it has the same 1 key as my original back up. So that isn't the issue.
Still poking at it. Would love some thoughts/feedback.
Thanks! ~Stack~
=20 Running engine-setup on the engine machine should re-generate the keys.=
Thanks for the suggestion. I've tried that. Twice. Still the same error. "Keystore was tampered with, or password was incorrect." =46rom digging around in the logs, it looks like it is trying to access /etc/pki/ovirt-engine/.trustedstore but the password found in the ovirt configs works just fine. So I know it is not a password issue. I've been trying to figure out how that file is created so I can possibly generate a new one, but no luck so far. Thanks! ~Stack~ --KnJOald1h0BWIrxeKcmMEprQiQEeI3RIi-- --RIdq5PTfuKg5kKXBX1iAIR2goeFGXkjdE Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZ/KosAAoJELkej+ysXJPmuDYQAJbMQmpo5OoXlzHiQn7oJL0y K7QlDfgGqYC2JzUX2KoOSpk+IyIk6VN2qjHGf1zLB3qTKMk8Qnvd/b1o71NJOECV YyWBGw1OQ08flqCAUci4uPMLcFKZLY5wAVkVQ/48iegjJHYUzz5XqYzRoox0WW2V E9FHv26h82Rj3NA6K0tUPo4vEnJWnqLZVJgtTG8BkInoC6bcqqFYoAyuhIWKbZZV V4VJG+G/eV2Gzus8KkYEZcAeiP5a/MIA+Nye8doezBLg1uzWTR06D69ypPW+CuGY SiNTgOJKv1l3xzxS8kh/s78d0bvAhzNHfZfOh+nbzxF5hN0P6UnYpxtL5EKVeMPy ULtH439VhlacLld2Q7XmFa8j+Deb7JoD/lw6+1RoaeoRpWq4dNHBON6cgoHirVoO q0mGV1PVpRsImGhsc6c7hSu5eOLHvcmJSHG6uw3yjjwBSq+mGFkYV71qGLugJ99T CJ6jk2hU7X4ZgnxXKlkHfp4vhuyj8CCctqvAIjjT99NTmLiyG/fzWP2HlKXgLg8s CDcAs0GI9tGuXHXX5xqhXPg9mMuahMjIeTW2AUGJfAeUdq0zD9BvHQtMDsKiSZra GOlKLV2iSwpLxG6nxd4voFhJNj02JTqOFZTFC7pNKaYUVEwIlFUeMd6QrrIaRjN+ Ir2FtiRSVAvoOV/Mc7Hr =EZH8 -----END PGP SIGNATURE----- --RIdq5PTfuKg5kKXBX1iAIR2goeFGXkjdE--
On Friday, November 3, 2017 1:41:00 PM EDT ~Stack~ wrote:
On 11/03/2017 12:23 PM, Alexander Wels wrote:
On Friday, November 3, 2017 1:15:27 PM EDT ~Stack~ wrote:
Greetings,
I'm seriously just grasping at straws here. I took a spare hard drive, tossed it in the management host, and did a fresh install. It did not like me trying to add it into the existing infrastructure. Tried to dump the DB from the old to the new, update the passwords, and pretty much ended up in the same place.
I did check the .trustedkeystore and it has the same 1 key as my original back up. So that isn't the issue.
Still poking at it. Would love some thoughts/feedback.
Thanks! ~Stack~
Running engine-setup on the engine machine should re-generate the keys.
Thanks for the suggestion. I've tried that. Twice. Still the same error.
"Keystore was tampered with, or password was incorrect."
From digging around in the logs, it looks like it is trying to access /etc/pki/ovirt-engine/.trustedstore but the password found in the ovirt configs works just fine. So I know it is not a password issue.
I've been trying to figure out how that file is created so I can possibly generate a new one, but no luck so far.
Thanks! ~Stack~
AFAIC engine-setup will create the files needed. Try running engine-cleanup and maybe it will remove everything needed and then running engine-setup again? But if all else fails you should be able to create a fresh engine, and after you have added a host, you should be able to import the existing storage domain (like you noted the VMs are still there).
=20 AFAIC engine-setup will create the files needed. Try running engine-cle= anup=20 and maybe it will remove everything needed and then running engine-setu=
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --h3SR4RpK38rWMkS9h7ELfbT8hHMBAQnPq Content-Type: multipart/mixed; boundary="MiSkDcn1FBPBUNr7Lcn8tsI7bFhrjKpek"; protected-headers="v1" From: ~Stack~ <i.am.stack@gmail.com> To: Alexander Wels <awels@redhat.com> Cc: users@ovirt.org Message-ID: <92281f4f-4245-32ba-e604-ef73cce78bd5@gmail.com> Subject: Re: [ovirt-users] oVirt management has lost its SSL. References: <4db29c1e-4031-aece-e736-855879c5c023@gmail.com> <3083657.k6sMFeiRm5@awels> <322b0492-ac8f-f031-89a2-c9e88f704934@gmail.com> <3618278.H5GOBpvrsq@awels> In-Reply-To: <3618278.H5GOBpvrsq@awels> --MiSkDcn1FBPBUNr7Lcn8tsI7bFhrjKpek Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 11/03/2017 12:48 PM, Alexander Wels wrote: p=20
again? =20 But if all else fails you should be able to create a fresh engine, and = after=20 you have added a host, you should be able to import the existing storag= e=20 domain (like you noted the VMs are still there). =20 =20 Greetings, Thanks, but I've tried that too. Even though it did delete the keystore, I ended up with the exact same error. :-(
I'm doing a fresh install right now. I've never done an import like this before. I just connect the fresh install to one of my hosts and I can import the others hosts/vms/configurations? Thanks! ~Stack~ --MiSkDcn1FBPBUNr7Lcn8tsI7bFhrjKpek-- --h3SR4RpK38rWMkS9h7ELfbT8hHMBAQnPq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZ/LLLAAoJELkej+ysXJPm+RwP/2PQ8988sdOPMxC1e2aCnajw y53vK5ROnvJ5ddi7MDs0HI6ZwX5jaN1FzAPUGY1zD/pWJbwC5uZWe5XBzubd5MqY vidjTZvZPSKu6/gXXsLvBbQqOcLcVbf1jqLva5/XaG4DpHzZYUzf0XtskRbYArHD f/ioV+UG2M5nlhjMW5lxfOOZuAL6AdZwMXEv05Ylkm8dBCu3vArzX0gdh4qRunBX J44HfZvT0znzDk+X8jFmGQQZIL1Yv1fN/CWS2/LEz2hcG99n/e1bdKKP8McxtTJM gDBHa9JEvKApBwPFJJ0GfHMQ/26hHDAT9lul40XKmqXBX3vB2L02OQGIZVidrcCR D9/mYX0QSMglc89wMrhPAO6HXfknvL4CSg4VxvvZp6G/yBrPrDyfxBNfY1E9drwk NgJZk1vJCO061eOZV5j/TjFvyjSxHhXMkpF4rNBGn2YeqZ6vIyMvQhOZCE8buVPq 3kJIB3XN5cIQcfg75EbsH3ShneyIAiqm43AfU8OYdI7OO73nXhPI2mMoCvIpJpsX Hw/uq1xjLTjjl9AlcpYbqm7+v+SEOz1JD0IDNu3HHzUWlYzhBZSVYn+l+6/816Cg N3Fo2tmdtS6AYF3GxOJV0IqVx68ZCBOHdn/lUE4sOJHYH8AstvTj6ayl4In+6zky zVAEWE8o8hqjPE/Sfyhz =40N3 -----END PGP SIGNATURE----- --h3SR4RpK38rWMkS9h7ELfbT8hHMBAQnPq--
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --0PcAiSkaHrjjr6QFh7VrO0RDvQmbbBC2V Content-Type: multipart/mixed; boundary="cA3CNKrjSQ9lfIk0caXaSXaUTXaE2jSaB"; protected-headers="v1" From: ~Stack~ <i.am.stack@gmail.com> To: users@ovirt.org Message-ID: <a8c5336a-1c83-6c33-bb93-5c0641bc9f00@gmail.com> Subject: Re: [ovirt-users] oVirt management has lost its SSL. References: <4db29c1e-4031-aece-e736-855879c5c023@gmail.com> <3083657.k6sMFeiRm5@awels> <322b0492-ac8f-f031-89a2-c9e88f704934@gmail.com> <3618278.H5GOBpvrsq@awels> <92281f4f-4245-32ba-e604-ef73cce78bd5@gmail.com> In-Reply-To: <92281f4f-4245-32ba-e604-ef73cce78bd5@gmail.com> --cA3CNKrjSQ9lfIk0caXaSXaUTXaE2jSaB Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 11/03/2017 01:17 PM, ~Stack~ wrote:
On 11/03/2017 12:48 PM, Alexander Wels wrote:
But if all else fails you should be able to create a fresh engine, and= after=20 you have added a host, you should be able to import the existing stora= ge=20 domain (like you noted the VMs are still there).
Greetings, Thanks, but I've tried that too. Even though it did delete the keystore= , I ended up with the exact same error. :-( =20 I'm doing a fresh install right now. I've never done an import like thi= s before. I just connect the fresh install to one of my hosts and I can import the others hosts/vms/configurations? =20 Thanks! ~Stack~ =20 =20
Bender: Are we boned? Leela: Yeah, we're boned So I built a new management host from scratch. I added one of my hosts, and immediately crashed the vm's running on that hypervisor (they all just stopped responding). I don't know why they didn't fail over, but they didn't. Oh well. At least the other hypervisor is up! So I tried following this guide to import my storage domain from the section "Disaster Recovery flows" for "Import file Storage Domain". https://www.ovirt.org/develop/release-management/features/storage/imports= toragedomain/ Yeah. That didn't work. It says it can't find any other domains to import, but if I attempt to create a new one it says it can't because there are existing domains! Well, while I was poking at it the other VM's started acting up (crazy high latency and the ovirt logs were really pissed at me). So I shut off the ones that still responded, then shut down the other hypervisor. I backed up the VM's on my NFS share, and created a new directory for the data domain. Guess I'm rebuilding my environment from scratch. I just hope I can get some of the VM's to come back some how. :-/ ~Stack~ --cA3CNKrjSQ9lfIk0caXaSXaUTXaE2jSaB-- --0PcAiSkaHrjjr6QFh7VrO0RDvQmbbBC2V Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZ/MfHAAoJELkej+ysXJPmyjcQAKziFZ+av4KuLmMpnl8Pq6vI vnWWQMcqlqq+n+w9QA/EPi1dRiD/wEPubn8Fv40e+SDn86DxLiyzFH13lR/Z0msp pjBChLvuD/alvzjU/pJOG+31ti/aWqAgpfwE5YicNWTuLr86oHBZg3q9grP/qyhv acbYDYq/ghBiFwOgPPtEd/+kAriPqaQqAmDr4JID8J+fd6dFOcwVTU/IQhcB6cbN ZhBmwTjYmAQvQmKFbKrpeQKIHFOdX+eJXr2tm2c2WMJMLOIVtBhb5oJsAStaboT7 JLIdR1bqJcWWL6hEo0V8jwUeWYuYGKmSmktAAybnfZ89AaG56S2r2Y6hmzoYHaRP GW70o9aNrRXWeBDWwwCapnzw2iEnLx7q/XBgOmuwTuIg96N7WPO3bzpCqR2yq5Y9 Mm+sK7i3DqGZ5UIl2ekW0llhPAPbPJMAe+kSKnzVhNdeK8//vY0U9/2X1Lkiprmd dhp7aCQBr1dBfFKYrBkmXtTFpewSTm9VtgWvq1zWiEUHFSwqUXSb+YFsn+pM2Siu g1+IX7P3zusv2seKZhWTN2CPrmrFGOJFw4sG0XquaeOcF4MCTkDGnyuTOo1DE6w/ nJYKeNjNrzzwZ9NTf46Fl5IQZQopCPh/x2Gj2Fp/O45R1DCgpprCohIVnpxYWvV+ /c+OGCXKpaQuowbWmOJp =iqGZ -----END PGP SIGNATURE----- --0PcAiSkaHrjjr6QFh7VrO0RDvQmbbBC2V--
Hi, Can you send the engine log around the time you tried to import the export domain? Thanks On Fri, Nov 3, 2017 at 9:47 PM, ~Stack~ <i.am.stack@gmail.com> wrote:
On 11/03/2017 01:17 PM, ~Stack~ wrote:
On 11/03/2017 12:48 PM, Alexander Wels wrote:
But if all else fails you should be able to create a fresh engine, and after you have added a host, you should be able to import the existing storage domain (like you noted the VMs are still there).
Greetings, Thanks, but I've tried that too. Even though it did delete the keystore, I ended up with the exact same error. :-(
I'm doing a fresh install right now. I've never done an import like this before. I just connect the fresh install to one of my hosts and I can import the others hosts/vms/configurations?
Thanks! ~Stack~
Bender: Are we boned? Leela: Yeah, we're boned
So I built a new management host from scratch. I added one of my hosts, and immediately crashed the vm's running on that hypervisor (they all just stopped responding). I don't know why they didn't fail over, but they didn't. Oh well. At least the other hypervisor is up!
So I tried following this guide to import my storage domain from the section "Disaster Recovery flows" for "Import file Storage Domain".
https://www.ovirt.org/develop/release-management/features/ storage/importstoragedomain/
Yeah. That didn't work. It says it can't find any other domains to import, but if I attempt to create a new one it says it can't because there are existing domains!
Well, while I was poking at it the other VM's started acting up (crazy high latency and the ovirt logs were really pissed at me). So I shut off the ones that still responded, then shut down the other hypervisor. I backed up the VM's on my NFS share, and created a new directory for the data domain.
Guess I'm rebuilding my environment from scratch. I just hope I can get some of the VM's to come back some how. :-/
~Stack~
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (3)
-
Alexander Wels -
Fred Rolland -
~Stack~