Issue with 4.2.1 RC and SSL
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --X1liMzBwOelVuDr9VnkmQpyzIXGjCLTVO Content-Type: multipart/mixed; boundary="nhGTtLudrG119NimaBSBZPnEVXBJuW62Y"; protected-headers="v1" From: ~Stack~ <i.am.stack@gmail.com> To: users <users@ovirt.org> Message-ID: <ff271e8b-7ec9-f0b6-6e00-511c5aad1b27@gmail.com> Subject: Issue with 4.2.1 RC and SSL --nhGTtLudrG119NimaBSBZPnEVXBJuW62Y Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Greetings, I was having a lot of issues with 4.2 and 95% of them are in the change logs for 4.2.1. Since this is a new build, I just blew everything away and started from scratch with the RC release. The very first thing that I did after the engine-config was to set up my SSL cert. I followed the directions from here: https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL/ Logged in the first time to the web interface and everything worked! Grea= t. Install my hosts (also completely fresh installs - Scientific Linux 7 fully updated) and none would finish the install... I can send the full host debug log if you want, however, I'm pretty sure that the problem is because of the SSL somewhere. I've cut/pasted the relevant part. Any advice/help, please? Thanks! ~Stack~ 2018-02-07 16:56:21,697-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventEnd STAGE misc METHOD otopi.plugins.ovirt_host_deploy.tune.tuned.Plugin._misc (None) 2018-02-07 16:56:21,698-0600 DEBUG otopi.context context._executeMethod:128 Stage misc METHOD otopi.plugins.ovirt_host_deploy.vdsm.vdsmid.Plugin._store_id 2018-02-07 16:56:21,698-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventStart STAGE misc METHOD otopi.plugins.ovirt_host_deploy.vdsm.vdsmid.Plugin._store_id (None) 2018-02-07 16:56:21,699-0600 DEBUG otopi.transaction transaction._prepare:61 preparing 'File transaction for '/etc/vdsm/vdsm.i= d'' 2018-02-07 16:56:21,699-0600 DEBUG otopi.filetransaction filetransaction.prepare:183 file '/etc/vdsm/vdsm.id' missing 2018-02-07 16:56:21,705-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventEnd STAGE misc METHOD otopi.plugins.ovirt_host_deploy.vdsm.vdsmid.Plugin._store_id (None) 2018-02-07 16:56:21,706-0600 DEBUG otopi.context context._executeMethod:128 Stage misc METHOD otopi.plugins.ovirt_host_deploy.vdsmhooks.hooks.Plugin._hooks 2018-02-07 16:56:21,706-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventStart STAGE misc METHOD otopi.plugins.ovirt_host_deploy.vdsmhooks.hooks.Plugin._hooks (None) 2018-02-07 16:56:21,707-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventEnd STAGE misc METHOD otopi.plugins.ovirt_host_deploy.vdsmhooks.hooks.Plugin._hooks (None) 2018-02-07 16:56:21,707-0600 DEBUG otopi.context context._executeMethod:128 Stage misc METHOD otopi.plugins.ovirt_host_common.vdsm.pki.Plugin._misc 2018-02-07 16:56:21,708-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventStart STAGE misc METHOD otopi.plugins.ovirt_host_common.vdsm.pki.Plugin._misc (None) 2018-02-07 16:56:21,708-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### Setting up PKI 2018-02-07 16:56:21,709-0600 DEBUG otopi.plugins.ovirt_host_common.vdsm.pki plugin.executeRaw:813 execute: ('/usr/bin/openssl', 'req', '-new', '-newkey', 'rsa:2048', '-nodes', '-subj', '/', '-keyout', '/tmp/tmpQkrIuV.tmp'), executable=3D'None', cwd=3D'None', env=3DNone 2018-02-07 16:56:21,756-0600 DEBUG otopi.plugins.ovirt_host_common.vdsm.pki plugin.executeRaw:863 execute-result: ('/usr/bin/openssl', 'req', '-new', '-newkey', 'rsa:2048', '-nodes', '-subj', '/', '-keyout', '/tmp/tmpQkrIuV.tmp'), rc=3D= 0 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### Please issue VDSM certificate based on this certificate request 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ***D:MULTI-STRING VDSM_CERTIFICATE_REQUEST --=3D451b80dc-996f-432e-9e4f-2b29ef6d1141=3D-- 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND -----BEGIN CERTIFICATE REQUEST--= --- 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND MIICRTCCAS0CAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZm 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND eYTWbHKkN+GlQnZ8C6fdk++htyFE+IHSzkhTyTSZdM0bPTdvhomTeCwzNlWBWdU+ 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND PrVB7j/1iksSt6RXDQUWlPDPBNfAa6NtZijEaGuxAe0RpI71G5feZmgVRmtIfrkE 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND 5BjhnCMJW46y9Y7dc2TaXzQqeVj0nkWkHt0v6AVdRWP3OHfOCvqoABny1urStvFT 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND TeAhSBVBUWTaNczBrZBpMXhXrSAe/hhLXMF3VfBV1odOOwb7AeccYkGePMxUOg8+ 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND XMAKdDCn7N0ZC4gSyEAP9mSobvOvNObcfw02NyYdny32/edgPrXKR+ISf4IwVd0d 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND mDonT4W2ROTE/A3M/mkCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCpAKAMv/Vh 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND 0ByC02R3fxtA6b/OZyys+xyIAfAGxo2NSDJDQsw9Gy1QWVtJX5BGsbzuhnNJjhRm 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND 5yx0wrS/k34oEv8Wh+po1fwpI5gG1W9L96Sx+vF/+UXBenJbhEVfir/cOzjmP1Hg 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND TtK5nYnBM7Py5JdnnAPww6jPt6uRypDZqqM8YOct1OEsBr8gPvmQvt5hDGJKqW37 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND xFbad6ILwYIE0DXAu2h9y20Pl3fy4Kb2LQDjltiaQ2IBiHFRUB/H2DOxq0NpH4z7 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND wqU/ai7sXWT/Vq4R6jD+c0V0WP4+VgSkgqPvnSYHwqQUbc9Kh7RwRnVyzLupbWdM 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND Pr+MZ2D1jg27 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND -----END CERTIFICATE REQUEST----= - 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND --=3D451b80dc-996f-432e-9e4f-2b29ef6d1141=3D-- 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%QStart: VDSM_CERTIFICATE_CHAI= N 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### Please input VDSM certificate chain that matches certificate request, top is issuer 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### 2018-02-07 16:56:21,759-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### type '--=3D451b80dc-996f-432e-9e4f-2b29ef6d1141=3D--' in own line to mark end,= '--=3D451b80dc-996f-ABORT-9e4f-2b29ef6d1141=3D--' aborts 2018-02-07 16:56:21,759-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ***Q:MULTI-STRING VDSM_CERTIFICATE_CHAIN --=3D451b80dc-996f-432e-9e4f-2b29ef6d1141=3D-- --=3D451b80dc-996f-ABORT-9e4f-2b29ef6d1141=3D-- 2018-02-07 16:56:21,759-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%QEnd: VDSM_CERTIFICATE_CHAIN 2018-02-07 16:56:22,765-0600 DEBUG otopi.context context._executeMethod:143 method exception Traceback (most recent call last): File "/tmp/ovirt-h7XmTvEqc3/pythonlib/otopi/context.py", line 133, in _executeMethod method['method']() File "/tmp/ovirt-h7XmTvEqc3/otopi-plugins/ovirt-host-common/vdsm/pki.py", line 241, in _misc '\n\nPlease input VDSM certificate chain that ' File "/tmp/ovirt-h7XmTvEqc3/otopi-plugins/otopi/dialog/machine.py", line 327, in queryMultiString v =3D self._readline() File "/tmp/ovirt-h7XmTvEqc3/pythonlib/otopi/dialog.py", line 248, in _readline raise IOError(_('End of file')) IOError: End of file 2018-02-07 16:56:22,766-0600 ERROR otopi.context context._executeMethod:152 Failed to execute stage 'Misc configuration': End of file --nhGTtLudrG119NimaBSBZPnEVXBJuW62Y-- --X1liMzBwOelVuDr9VnkmQpyzIXGjCLTVO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJae5YTAAoJELkej+ysXJPmkskP/RipREtSwvODOXqtHU893bjl 3RrYt9BZ98vYqdM0paqori+b+HGwhM3BMP9wsDV2j96fg6wbYgGIZT3aCgxNJza2 mIuvZWWu8Y7NgbUL/Wb2cWPx/ZendohCcT6BC83mPnw6ehGik9+zhNpBFJWrbLwP LnsJMh1Hx5R06X9FWjCUnsREKLLmBGCuauLEomdpOSVtrMADWknUWz9jJP3RGYWI 7eDEys2oAkrwt5IQC51JIdi++PX7QWaARP22Oo6qH97ofLxL4B1xIzxCP1Y0JNY8 k+i2vF8sQHIkUR1B5aO5sUHyhK9pAGf+ASBiYMH+04d6L2t/mhRB4G0EOJtR/VJu lZSF3wU+F4IEOWvMmk1/fPMqxctgbTAfWoMu8dmoHT17p4fodRy6506acByP0+RG kQ6O4ccfwgAk2GXNSMRAgzi4gQxfh4+T7UIZ9DccW93Cn/35uF/3UzE0PlH0Dy9I TacAksGGb96OKSGVp2AHJu78/1hDrNn++lH0pZFWWiHWsEXrtWnEw0kKJojuuj5i GM7El2VeFjC33ObeqCrLCRpibxwl2FaTVN1VxPyCVFQ+SLv4ayAydo05v5ETl/NB MkxuyidIQgovlIiUu++9Gw9EkHu+A4VVOlugwukX187F6Ln2Sy21hDsp/c86mHuD 7aOnX/1hWCV5ut1kD9N1 =shka -----END PGP SIGNATURE----- --X1liMzBwOelVuDr9VnkmQpyzIXGjCLTVO--
Hi Stack, have you tried it on other linux distributions? Scientific is not officially supported. My guess based on your log is there are somewhere missing certificates, maybe different path?. You can check the paths by the documentation: https://www.ovirt.org/develop/release-management/features/infra/pki/#vdsm Hope this helps. Petr On Thu, Feb 8, 2018 at 1:13 AM, ~Stack~ <i.am.stack@gmail.com> wrote:
Greetings,
I was having a lot of issues with 4.2 and 95% of them are in the change logs for 4.2.1. Since this is a new build, I just blew everything away and started from scratch with the RC release.
The very first thing that I did after the engine-config was to set up my SSL cert. I followed the directions from here: https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL/
Logged in the first time to the web interface and everything worked! Great.
Install my hosts (also completely fresh installs - Scientific Linux 7 fully updated) and none would finish the install...
I can send the full host debug log if you want, however, I'm pretty sure that the problem is because of the SSL somewhere. I've cut/pasted the relevant part.
Any advice/help, please?
Thanks! ~Stack~
2018-02-07 16:56:21,697-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventEnd STAGE misc METHOD otopi.plugins.ovirt_host_deploy.tune.tuned.Plugin._misc (None) 2018-02-07 16:56:21,698-0600 DEBUG otopi.context context._executeMethod:128 Stage misc METHOD otopi.plugins.ovirt_host_deploy.vdsm.vdsmid.Plugin._store_id 2018-02-07 16:56:21,698-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventStart STAGE misc METHOD otopi.plugins.ovirt_host_deploy.vdsm.vdsmid.Plugin._store_id (None) 2018-02-07 16:56:21,699-0600 DEBUG otopi.transaction transaction._prepare:61 preparing 'File transaction for '/etc/vdsm/vdsm.id '' 2018-02-07 16:56:21,699-0600 DEBUG otopi.filetransaction filetransaction.prepare:183 file '/etc/vdsm/vdsm.id' missing 2018-02-07 16:56:21,705-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventEnd STAGE misc METHOD otopi.plugins.ovirt_host_deploy.vdsm.vdsmid.Plugin._store_id (None) 2018-02-07 16:56:21,706-0600 DEBUG otopi.context context._executeMethod:128 Stage misc METHOD otopi.plugins.ovirt_host_deploy.vdsmhooks.hooks.Plugin._hooks 2018-02-07 16:56:21,706-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventStart STAGE misc METHOD otopi.plugins.ovirt_host_deploy.vdsmhooks.hooks.Plugin._hooks (None) 2018-02-07 16:56:21,707-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventEnd STAGE misc METHOD otopi.plugins.ovirt_host_deploy.vdsmhooks.hooks.Plugin._hooks (None) 2018-02-07 16:56:21,707-0600 DEBUG otopi.context context._executeMethod:128 Stage misc METHOD otopi.plugins.ovirt_host_common.vdsm.pki.Plugin._misc 2018-02-07 16:56:21,708-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventStart STAGE misc METHOD otopi.plugins.ovirt_host_common.vdsm.pki.Plugin._misc (None) 2018-02-07 16:56:21,708-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### Setting up PKI 2018-02-07 16:56:21,709-0600 DEBUG otopi.plugins.ovirt_host_common.vdsm.pki plugin.executeRaw:813 execute: ('/usr/bin/openssl', 'req', '-new', '-newkey', 'rsa:2048', '-nodes', '-subj', '/', '-keyout', '/tmp/tmpQkrIuV.tmp'), executable='None', cwd='None', env=None 2018-02-07 16:56:21,756-0600 DEBUG otopi.plugins.ovirt_host_common.vdsm.pki plugin.executeRaw:863 execute-result: ('/usr/bin/openssl', 'req', '-new', '-newkey', 'rsa:2048', '-nodes', '-subj', '/', '-keyout', '/tmp/tmpQkrIuV.tmp'), rc=0 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### Please issue VDSM certificate based on this certificate request 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ***D:MULTI-STRING VDSM_CERTIFICATE_REQUEST --=451b80dc-996f-432e-9e4f-2b29ef6d1141=-- 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND -----BEGIN CERTIFICATE REQUEST----- 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND MIICRTCCAS0CAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZm 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND eYTWbHKkN+GlQnZ8C6fdk++htyFE+IHSzkhTyTSZdM0bPTdvhomTeCwzNlWBWdU+ 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND PrVB7j/1iksSt6RXDQUWlPDPBNfAa6NtZijEaGuxAe0RpI71G5feZmgVRmtIfrkE 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND 5BjhnCMJW46y9Y7dc2TaXzQqeVj0nkWkHt0v6AVdRWP3OHfOCvqoABny1urStvFT 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND TeAhSBVBUWTaNczBrZBpMXhXrSAe/hhLXMF3VfBV1odOOwb7AeccYkGePMxUOg8+ 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND XMAKdDCn7N0ZC4gSyEAP9mSobvOvNObcfw02NyYdny32/edgPrXKR+ISf4IwVd0d 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND mDonT4W2ROTE/A3M/mkCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCpAKAMv/Vh 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND 0ByC02R3fxtA6b/OZyys+xyIAfAGxo2NSDJDQsw9Gy1QWVtJX5BGsbzuhnNJjhRm 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND 5yx0wrS/k34oEv8Wh+po1fwpI5gG1W9L96Sx+vF/+UXBenJbhEVfir/cOzjmP1Hg 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND TtK5nYnBM7Py5JdnnAPww6jPt6uRypDZqqM8YOct1OEsBr8gPvmQvt5hDGJKqW37 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND xFbad6ILwYIE0DXAu2h9y20Pl3fy4Kb2LQDjltiaQ2IBiHFRUB/H2DOxq0NpH4z7 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND wqU/ai7sXWT/Vq4R6jD+c0V0WP4+VgSkgqPvnSYHwqQUbc9Kh7RwRnVyzLupbWdM 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND Pr+MZ2D1jg27 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND -----END CERTIFICATE REQUEST----- 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND --=451b80dc-996f-432e-9e4f-2b29ef6d1141=-- 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%QStart: VDSM_CERTIFICATE_CHAIN 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### Please input VDSM certificate chain that matches certificate request, top is issuer 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### 2018-02-07 16:56:21,759-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### type '--=451b80dc-996f-432e-9e4f-2b29ef6d1141=--' in own line to mark end, '--=451b80dc-996f-ABORT-9e4f-2b29ef6d1141=--' aborts 2018-02-07 16:56:21,759-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ***Q:MULTI-STRING VDSM_CERTIFICATE_CHAIN --=451b80dc-996f-432e-9e4f-2b29ef6d1141=-- --=451b80dc-996f-ABORT-9e4f-2b29ef6d1141=-- 2018-02-07 16:56:21,759-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%QEnd: VDSM_CERTIFICATE_CHAIN 2018-02-07 16:56:22,765-0600 DEBUG otopi.context context._executeMethod:143 method exception Traceback (most recent call last): File "/tmp/ovirt-h7XmTvEqc3/pythonlib/otopi/context.py", line 133, in _executeMethod method['method']() File "/tmp/ovirt-h7XmTvEqc3/otopi-plugins/ovirt-host-common/vdsm/pki.py", line 241, in _misc '\n\nPlease input VDSM certificate chain that ' File "/tmp/ovirt-h7XmTvEqc3/otopi-plugins/otopi/dialog/machine.py", line 327, in queryMultiString v = self._readline() File "/tmp/ovirt-h7XmTvEqc3/pythonlib/otopi/dialog.py", line 248, in _readline raise IOError(_('End of file')) IOError: End of file 2018-02-07 16:56:22,766-0600 ERROR otopi.context context._executeMethod:152 Failed to execute stage 'Misc configuration': End of file
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
On Thu, Feb 8, 2018 at 2:42 PM, Petr Kotas <pkotas@redhat.com> wrote:
Hi Stack,
have you tried it on other linux distributions? Scientific is not officially supported.
My guess based on your log is there are somewhere missing certificates, maybe different path?. You can check the paths by the documentation: https://www.ovirt.org/develop/release-management/features/infra/pki/#vdsm
Hope this helps.
Petr
On Thu, Feb 8, 2018 at 1:13 AM, ~Stack~ <i.am.stack@gmail.com> wrote:
Greetings,
I was having a lot of issues with 4.2 and 95% of them are in the change logs for 4.2.1. Since this is a new build, I just blew everything away and started from scratch with the RC release.
The very first thing that I did after the engine-config was to set up my SSL cert. I followed the directions from here: https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL/
Logged in the first time to the web interface and everything worked! Great.
Install my hosts (also completely fresh installs - Scientific Linux 7 fully updated) and none would finish the install...
I can send the full host debug log if you want, however, I'm pretty sure that the problem is because of the SSL somewhere. I've cut/pasted the relevant part.
Please check/share also engine.log of the relevant time frame. Thanks.
Any advice/help, please?
Thanks! ~Stack~
2018-02-07 16:56:21,697-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventEnd STAGE misc METHOD otopi.plugins.ovirt_host_deploy.tune.tuned.Plugin._misc (None) 2018-02-07 16:56:21,698-0600 DEBUG otopi.context context._executeMethod:128 Stage misc METHOD otopi.plugins.ovirt_host_deploy.vdsm.vdsmid.Plugin._store_id 2018-02-07 16:56:21,698-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventStart STAGE misc METHOD otopi.plugins.ovirt_host_deploy.vdsm.vdsmid.Plugin._store_id (None) 2018-02-07 16:56:21,699-0600 DEBUG otopi.transaction transaction._prepare:61 preparing 'File transaction for '/etc/vdsm/vdsm.id'' 2018-02-07 16:56:21,699-0600 DEBUG otopi.filetransaction filetransaction.prepare:183 file '/etc/vdsm/vdsm.id' missing 2018-02-07 16:56:21,705-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventEnd STAGE misc METHOD otopi.plugins.ovirt_host_deploy.vdsm.vdsmid.Plugin._store_id (None) 2018-02-07 16:56:21,706-0600 DEBUG otopi.context context._executeMethod:128 Stage misc METHOD otopi.plugins.ovirt_host_deploy.vdsmhooks.hooks.Plugin._hooks 2018-02-07 16:56:21,706-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventStart STAGE misc METHOD otopi.plugins.ovirt_host_deploy.vdsmhooks.hooks.Plugin._hooks (None) 2018-02-07 16:56:21,707-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventEnd STAGE misc METHOD otopi.plugins.ovirt_host_deploy.vdsmhooks.hooks.Plugin._hooks (None) 2018-02-07 16:56:21,707-0600 DEBUG otopi.context context._executeMethod:128 Stage misc METHOD otopi.plugins.ovirt_host_common.vdsm.pki.Plugin._misc 2018-02-07 16:56:21,708-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventStart STAGE misc METHOD otopi.plugins.ovirt_host_common.vdsm.pki.Plugin._misc (None) 2018-02-07 16:56:21,708-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### Setting up PKI 2018-02-07 16:56:21,709-0600 DEBUG otopi.plugins.ovirt_host_common.vdsm.pki plugin.executeRaw:813 execute: ('/usr/bin/openssl', 'req', '-new', '-newkey', 'rsa:2048', '-nodes', '-subj', '/', '-keyout', '/tmp/tmpQkrIuV.tmp'), executable='None', cwd='None', env=None 2018-02-07 16:56:21,756-0600 DEBUG otopi.plugins.ovirt_host_common.vdsm.pki plugin.executeRaw:863 execute-result: ('/usr/bin/openssl', 'req', '-new', '-newkey', 'rsa:2048', '-nodes', '-subj', '/', '-keyout', '/tmp/tmpQkrIuV.tmp'), rc=0 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### Please issue VDSM certificate based on this certificate request 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ***D:MULTI-STRING VDSM_CERTIFICATE_REQUEST --=451b80dc-996f-432e-9e4f-2b29ef6d1141=-- 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND -----BEGIN CERTIFICATE REQUEST----- 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND MIICRTCCAS0CAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZm 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND eYTWbHKkN+GlQnZ8C6fdk++htyFE+IHSzkhTyTSZdM0bPTdvhomTeCwzNlWBWdU+ 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND PrVB7j/1iksSt6RXDQUWlPDPBNfAa6NtZijEaGuxAe0RpI71G5feZmgVRmtIfrkE 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND 5BjhnCMJW46y9Y7dc2TaXzQqeVj0nkWkHt0v6AVdRWP3OHfOCvqoABny1urStvFT 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND TeAhSBVBUWTaNczBrZBpMXhXrSAe/hhLXMF3VfBV1odOOwb7AeccYkGePMxUOg8+ 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND XMAKdDCn7N0ZC4gSyEAP9mSobvOvNObcfw02NyYdny32/edgPrXKR+ISf4IwVd0d 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND mDonT4W2ROTE/A3M/mkCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCpAKAMv/Vh 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND 0ByC02R3fxtA6b/OZyys+xyIAfAGxo2NSDJDQsw9Gy1QWVtJX5BGsbzuhnNJjhRm 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND 5yx0wrS/k34oEv8Wh+po1fwpI5gG1W9L96Sx+vF/+UXBenJbhEVfir/cOzjmP1Hg 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND TtK5nYnBM7Py5JdnnAPww6jPt6uRypDZqqM8YOct1OEsBr8gPvmQvt5hDGJKqW37 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND xFbad6ILwYIE0DXAu2h9y20Pl3fy4Kb2LQDjltiaQ2IBiHFRUB/H2DOxq0NpH4z7 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND wqU/ai7sXWT/Vq4R6jD+c0V0WP4+VgSkgqPvnSYHwqQUbc9Kh7RwRnVyzLupbWdM 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND Pr+MZ2D1jg27 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND -----END CERTIFICATE REQUEST----- 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND --=451b80dc-996f-432e-9e4f-2b29ef6d1141=-- 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%QStart: VDSM_CERTIFICATE_CHAIN 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### Please input VDSM certificate chain that matches certificate request, top is issuer 2018-02-07 16:56:21,758-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### 2018-02-07 16:56:21,759-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### type '--=451b80dc-996f-432e-9e4f-2b29ef6d1141=--' in own line to mark end, '--=451b80dc-996f-ABORT-9e4f-2b29ef6d1141=--' aborts 2018-02-07 16:56:21,759-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ***Q:MULTI-STRING VDSM_CERTIFICATE_CHAIN --=451b80dc-996f-432e-9e4f-2b29ef6d1141=-- --=451b80dc-996f-ABORT-9e4f-2b29ef6d1141=-- 2018-02-07 16:56:21,759-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%QEnd: VDSM_CERTIFICATE_CHAIN 2018-02-07 16:56:22,765-0600 DEBUG otopi.context context._executeMethod:143 method exception Traceback (most recent call last): File "/tmp/ovirt-h7XmTvEqc3/pythonlib/otopi/context.py", line 133, in _executeMethod method['method']() File "/tmp/ovirt-h7XmTvEqc3/otopi-plugins/ovirt-host-common/vdsm/pki.py", line 241, in _misc '\n\nPlease input VDSM certificate chain that ' File "/tmp/ovirt-h7XmTvEqc3/otopi-plugins/otopi/dialog/machine.py", line 327, in queryMultiString v = self._readline() File "/tmp/ovirt-h7XmTvEqc3/pythonlib/otopi/dialog.py", line 248, in _readline raise IOError(_('End of file')) IOError: End of file 2018-02-07 16:56:22,766-0600 ERROR otopi.context context._executeMethod:152 Failed to execute stage 'Misc configuration': End of file
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Didi
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --N7rS7X42Oz6dzZeMXiD09e5KjlzvCJoN3 Content-Type: multipart/mixed; boundary="HYrCWtGO9nYHgscLK4sVUX0gChQPRkXE3"; protected-headers="v1" From: ~Stack~ <i.am.stack@gmail.com> To: users <users@ovirt.org> Message-ID: <4179b0be-6579-d86e-dc2e-e64c5e3cb57b@gmail.com> Subject: Re: [ovirt-users] Issue with 4.2.1 RC and SSL References: <ff271e8b-7ec9-f0b6-6e00-511c5aad1b27@gmail.com> <CAMuConxhWp=LStDpGCwCo5vK31qFd_2cLLf-WzXELwMSHDws6g@mail.gmail.com> In-Reply-To: <CAMuConxhWp=LStDpGCwCo5vK31qFd_2cLLf-WzXELwMSHDws6g@mail.gmail.com> --HYrCWtGO9nYHgscLK4sVUX0gChQPRkXE3 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 02/08/2018 06:42 AM, Petr Kotas wrote:
Hi Stack,
Greetings Petr
have you tried it on other linux distributions? Scientific is not officially supported.
No, but SL isn't really any different than CentOS. If anything, we've found it adheres closer to RH than CentOS does.
My guess based on your log is there are somewhere missing certificates,=
maybe different path?. You can check the paths by the documentation: https://www.ovirt.org/develop/release-management/features/infra/pki/#vd= sm
Hope this helps.
Thanks for the suggestion. It took a while but we dug into it and I *think* the problem was because I may have over-written the wrong cert file in one of my steps. I'm only about 80% certain of that, but it seems to match what we found when we were digging through the log files. We decided to just start from scratch and my coworker watched and confirmed every step. It works! No problems at all this time. Further evidence that I goofed _something_ up the first time. Thank you for the suggestion! ~Stack~ --HYrCWtGO9nYHgscLK4sVUX0gChQPRkXE3-- --N7rS7X42Oz6dzZeMXiD09e5KjlzvCJoN3 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJaf5GdAAoJELkej+ysXJPmjxYP/2fIOvjNV8RBlyo+QLkttJoR 3a9Yu5hyqbdzdjmkFu/nbmngdVYjbvKWQmb3fn9Ng7C2V0cf04ihs8JssWVwOYbF wN9Y+9mCPJZ7EzNp2yBeIqJ5QIV9CoAtpVxfQ8gmeds9YtiHW4tCUZBgTxytKl2V cxq7s/gP4A1q3rF5sZKsL3UE4dEckUUIIrPbBHjKc/9MrwTJdN/Xasb1h8R5uvoE Yts45M+JzXSXFPdGsWJagYBM7quAA4c+mYe82XHjety5i1MjJTxKfnCC6Sqn91nS MpZHtY83vZs+YJOfcQzX9Pf2ls/pDmuqwS6a89LYv1qKg4qfFl6YdbOn2G2cFgZ3 pmMKfSOKkCKF3JdpsRJYbN6AyjcFO0IHsFOagae4cPboqBBa1v90AH+mT9TY/G4l a3x/yO5X9S69tjkUlhFFeJ2FmQoeFeb0JM4fpRnS2SZ8uZ5/718ZOa+/iyX4X4ZA ItHxRlixzfIuinP7WY0c6plLPS/HH8VlEqDIAmkakQA5zE2zPhLR9nUFP1v4gDP5 TiWO9QDeh3aNSXssCttzoykOW7HvR6PztN7Pjf6UcTjBojH/8Hkkp2RtgjCV1R7p 9vcGhNgZ6cN7kv8CGegV+zUXCOX4WRmD5oWzOGa+qU1FH2JKWXveoGOMkKFRhOqF axS0F8BwnoBC6KaPpOca =eUm3 -----END PGP SIGNATURE----- --N7rS7X42Oz6dzZeMXiD09e5KjlzvCJoN3--
On Sun, Feb 11, 2018 at 2:43 AM, ~Stack~ <i.am.stack@gmail.com> wrote:
On 02/08/2018 06:42 AM, Petr Kotas wrote:
Hi Stack,
Greetings Petr
have you tried it on other linux distributions? Scientific is not officially supported.
No, but SL isn't really any different than CentOS. If anything, we've found it adheres closer to RH than CentOS does.
My guess based on your log is there are somewhere missing certificates, maybe different path?. You can check the paths by the documentation: https://www.ovirt.org/develop/release-management/features/ infra/pki/#vdsm
Hope this helps.
Thanks for the suggestion. It took a while but we dug into it and I *think* the problem was because I may have over-written the wrong cert file in one of my steps. I'm only about 80% certain of that, but it seems to match what we found when we were digging through the log files.
We decided to just start from scratch and my coworker watched and confirmed every step. It works! No problems at all this time. Further evidence that I goofed _something_ up the first time.
We should really have an Ansible role that performs the conversion to self-signed certificates. That would make the conversion easier and safer. Y.
Thank you for the suggestion! ~Stack~
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
On Sun, Feb 11, 2018 at 10:26 AM, Yaniv Kaul <ykaul@redhat.com> wrote:
On Sun, Feb 11, 2018 at 2:43 AM, ~Stack~ <i.am.stack@gmail.com> wrote:
On 02/08/2018 06:42 AM, Petr Kotas wrote:
Hi Stack,
Greetings Petr
have you tried it on other linux distributions? Scientific is not officially supported.
No, but SL isn't really any different than CentOS. If anything, we've found it adheres closer to RH than CentOS does.
My guess based on your log is there are somewhere missing certificates, maybe different path?. You can check the paths by the documentation:
https://www.ovirt.org/develop/release-management/features/infra/pki/#vdsm
Hope this helps.
Thanks for the suggestion. It took a while but we dug into it and I *think* the problem was because I may have over-written the wrong cert file in one of my steps. I'm only about 80% certain of that, but it seems to match what we found when we were digging through the log files.
We decided to just start from scratch and my coworker watched and confirmed every step. It works! No problems at all this time. Further evidence that I goofed _something_ up the first time.
We should really have an Ansible role that performs the conversion to self-signed certificates. That would make the conversion easier and safer.
+1 Not sure "self-signed" is the correct term here. Also the internal engine CA's cert is self-signed. I guess you refer to this: https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL/ I'd call it "configure-3rd-party-CA" or something like that.
Y.
Thank you for the suggestion! ~Stack~
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Didi
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --4BFXM4dprdXvY9i0EwAh1haI8NcHpGu91 Content-Type: multipart/mixed; boundary="HEq0HKrZuQcDum2lNJDexCSlzddd54KDf"; protected-headers="v1" From: ~Stack~ <i.am.stack@gmail.com> To: Yedidyah Bar David <didi@redhat.com>, Yaniv Kaul <ykaul@redhat.com> Cc: users <users@ovirt.org> Message-ID: <9c8ad0ff-9510-d524-9dc6-310666264876@gmail.com> Subject: Re: [ovirt-users] Issue with 4.2.1 RC and SSL References: <ff271e8b-7ec9-f0b6-6e00-511c5aad1b27@gmail.com> <CAMuConxhWp=LStDpGCwCo5vK31qFd_2cLLf-WzXELwMSHDws6g@mail.gmail.com> <4179b0be-6579-d86e-dc2e-e64c5e3cb57b@gmail.com> <CAJgorsa9wyT4AT0gZx0JD2teh25yg0HgHwSntfCoyAtwx3_W2w@mail.gmail.com> <CAHRwYXsL1T3kCkdExQfQ2+4j4kk00FFGCbi4erzhqFNDmSyzSA@mail.gmail.com> In-Reply-To: <CAHRwYXsL1T3kCkdExQfQ2+4j4kk00FFGCbi4erzhqFNDmSyzSA@mail.gmail.com> --HEq0HKrZuQcDum2lNJDexCSlzddd54KDf Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 02/11/2018 02:41 AM, Yedidyah Bar David wrote:
On Sun, Feb 11, 2018 at 10:26 AM, Yaniv Kaul <ykaul@redhat.com> wrote:
On Sun, Feb 11, 2018 at 2:43 AM, ~Stack~ <i.am.stack@gmail.com> wrote:=
[snip]
We decided to just start from scratch and my coworker watched and confirmed every step. It works! No problems at all this time. Further=
evidence that I goofed _something_ up the first time.
We should really have an Ansible role that performs the conversion to self-signed certificates. That would make the conversion easier and safer. =20 +1 =20 Not sure "self-signed" is the correct term here. Also the internal engine CA's cert is self-signed. =20 I guess you refer to this: =20 https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL/ =20 I'd call it "configure-3rd-party-CA" or something like that.
Greetings, Another +1 from me (obviously! :-). I also agree in that we are not doing a self-signed cert, but rather we've purchased a cert from one of the big-name-CA-vendors that is valid for our domain. "configure-3rd-party-CA" makes more sense to me. Lastly, that is the link that I used for a guide. Thanks! ~Stack~ --HEq0HKrZuQcDum2lNJDexCSlzddd54KDf-- --4BFXM4dprdXvY9i0EwAh1haI8NcHpGu91 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJagLiUAAoJELkej+ysXJPmISAP/j244ZJaeOwD6DgasjjO+8on Ocb4h8PAt6W2aFIVSOW63XyE78gxaLI92p2yFB/lK2YSEmPM0vZH385BMswNZOSR ms16EEmOPM7zAbd4YSZW0N+VEHvOgwp6tUA5JXR5mb0n6a1+ioPC9jTOAgd+bdIZ WqdCnDpjij5cEz22Iptv2FMgCYNU1oA6HKXb3Mvlfl6Q9Aj+xx66wyAgVnMuII8I dQQKfKMVKmak691p0eNdByjOw0k3ShdYDjsSyetwe6RSZhKH+PjIBSLrvS9CsseI EDFC4ZyZ+NxWqUw0n+t3PTFMnOSW6lZ/RPzEcKROSY0CFE0DyULRbQATV5co+NCo CnH2HzIxbQ7m+n4QzzP+fGlnbSwHkSaI8+iKQCvVkplXTsXaktm4McH6qw6ctbgg UU3/5genkTvva9A39U5Q37XW3D+xnIlIyqlaUEp57OGrrwpujrLwBWoHCFpePegB 6T3g8qQrI8sjzeVFVJWdzfZawMk43btbBSLhUNu0oGMovM0iQd26K5kqatwYCPaY k9QA17+UWAkVlQMqz+Hif+yMYcNPaa/g88Sg+3qGQyPAh8NVcYlcwEfmGnjOxAv7 IHrrhbO7nlaf97ujNPdkWTAS2TQOoW0eaXE3beVl7RRXj/wD5Gcm7S43BfDS8VR+ aJZRPGPc9nRK8eU1UTra =cpoB -----END PGP SIGNATURE----- --4BFXM4dprdXvY9i0EwAh1haI8NcHpGu91--
On Sun, Feb 11, 2018 at 11:41 PM, ~Stack~ <i.am.stack@gmail.com> wrote:
On 02/11/2018 02:41 AM, Yedidyah Bar David wrote:
On Sun, Feb 11, 2018 at 10:26 AM, Yaniv Kaul <ykaul@redhat.com> wrote:
On Sun, Feb 11, 2018 at 2:43 AM, ~Stack~ <i.am.stack@gmail.com> wrote:
[snip]
We decided to just start from scratch and my coworker watched and confirmed every step. It works! No problems at all this time. Further evidence that I goofed _something_ up the first time.
We should really have an Ansible role that performs the conversion to self-signed certificates. That would make the conversion easier and safer.
+1
Not sure "self-signed" is the correct term here. Also the internal engine CA's cert is self-signed.
I guess you refer to this:
https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL/
I'd call it "configure-3rd-party-CA" or something like that.
Greetings,
Another +1 from me (obviously! :-).
I also agree in that we are not doing a self-signed cert, but rather we've purchased a cert from one of the big-name-CA-vendors that is valid for our domain. "configure-3rd-party-CA" makes more sense to me.
Nit: This big-name-CA-vendors CA's cert is most likely also self-signed, so it's not a mistake to call it "self-signed". The difference between "self-signed by _me_" and "self-signed by big-name" is mainly a matter of trust and business relations (between that big-name and you, big-name and the OS/browser vendors, etc.) and not a technical one. If you loan a friend $100 for a month, the difference between you and a big bank is very similar to that above difference...
Lastly, that is the link that I used for a guide.
Thanks! ~Stack~
-- Didi
participants (4)
-
Petr Kotas -
Yaniv Kaul -
Yedidyah Bar David -
~Stack~