[Users] 3.2.2 allinone install fails on CentOS 6.4
I'm tying to install $STABLE (3.2.2) on CentOS 6.4 . I have the repo for the el6 from ovirt. Before the engine-setup --with-allinone=yes can complete it errors out with the following in the setup log: 2013-07-17 15:52:47::DEBUG::all_in_one_100::451::root:: Checking JBoss status. 2013-07-17 15:52:47::INFO::all_in_one_100::454::root:: JBoss is up and running. 2013-07-17 15:52:47::DEBUG::setup_sequences::59::root:: running initAPI 2013-07-17 15:52:47::DEBUG::all_in_one_100::240::root:: Initiating the API object 2013-07-17 15:52:47::ERROR::all_in_one_100::251::root:: Traceback (most recent call last): File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 248, in initAPI ca_file=basedefs.FILE_CA_CRT_SRC, File "/usr/lib/python2.6/site-packages/ovirtsdk/api.py", line 119, in __init__ url='/api' File "/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py", line 112, in request persistent_auth=self._persistent_auth) File "/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py", line 134, in __doRequest persistent_auth=persistent_auth File "/usr/lib/python2.6/site-packages/ovirtsdk/web/connection.py", line 148, in doRequest raise ConnectionError, str(e) ConnectionError: [ERROR]::oVirt API connection failure, [Errno 111] Connection refused 2013-07-17 15:52:47::DEBUG::setup_sequences::62::root:: Traceback (most recent call last): File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 60, in run function() File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 252, in initAPI raise Exception(ERROR_CREATE_API_OBJECT) Exception: Error: could not create ovirtsdk API object 2013-07-17 15:52:47::DEBUG::engine-setup::1972::root:: *** The following params were used as user input: 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: override-httpd-config: no 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: http-port: 8700 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: https-port: 8701 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: random-passwords: no 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: mac-range: 00:1A:4A:8C:8A:00-00:1A:4A:8C:8A:FF 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: host-fqdn: storage01.mydomain.me 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: auth-pass: ******** 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: org-name: mydomain.me 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: application-mode: virt 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: default-dc-type: POSIXFS 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-remote-install: local 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-host: localhost 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-local-pass: ******** 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: nfs-mp: /var/lib/exports/iso 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: iso-domain-name: ISO_DOMAIN 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: config-nfs: yes 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: override-firewall: None 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: config-allinone: yes 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: storage-path: /var/lib/images 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: superuser-pass: ******** 2013-07-17 15:52:47::ERROR::engine-setup::2392::root:: Traceback (most recent call last): File "/usr/bin/engine-setup", line 2386, in <module> main(confFile) File "/usr/bin/engine-setup", line 2169, in main runSequences() File "/usr/bin/engine-setup", line 2092, in runSequences controller.runAllSequences() File "/usr/share/ovirt-engine/scripts/setup_controller.py", line 54, in runAllSequences sequence.run() File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 154, in run step.run() File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 60, in run function() File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 252, in initAPI raise Exception(ERROR_CREATE_API_OBJECT) Exception: Error: could not create ovirtsdk API object After much digging, it seems like the issue is in the certs but it's not making sense to me why it fails. From the server.log: 2013-07-17 16:37:28,873 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-3) JBAS015012: Started FileSystemDeploymentService for directory /var/lib/ovirt-engine/deployments 2013-07-17 16:37:28,877 ERROR [org.apache.tomcat.util.net.jsse.JSSESocketFactory] (MSC service thread 1-4) Failed to load keystore type PKCS12 with path /etc/pki/ovirt-engine/keys/apache.p12 due to /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied): java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_25] at java.io.FileInputStream.<init>(FileInputStream.java:138) [rt.jar:1.7.0_25] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:374) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:299) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:515) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:] at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25] 2013-07-17 16:37:28,883 ERROR [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-4) Error initializing endpoint: java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_25] at java.io.FileInputStream.<init>(FileInputStream.java:138) [rt.jar:1.7.0_25] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:374) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:299) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:515) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:] at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25] 2013-07-17 16:37:28,892 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC00001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25] Caused by: LifecycleException: Protocol handler initialization failed: java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at org.apache.catalina.connector.Connector.init(Connector.java:985) at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267) ... 5 more 2013-07-17 16:37:28,904 INFO [org.jboss.as.server.deployment.scanner] (DeploymentScanner-threads - 1) JBAS015003: Found engine.ear in deployment directory. To trigger deployment create a file called engine.ear.dodeploy 2013-07-17 16:37:28,957 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-11) JBAS010400: Bound data source [java:/ENGINEDataSource] 2013-07-17 16:37:28,966 INFO [org.jboss.as.controller] (Controller Boot Thread) JBAS014774: Service status report JBAS014777: Services which failed to start: service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector the /etc/pki/ovirt-engine/keys: ls -la /etc/pki/ovirt-engine/keys/ total 24 drwxr-xr-x. 2 ovirt ovirt 4096 Jul 17 15:51 . drwxr-xr-x. 6 ovirt ovirt 4096 Jul 17 15:51 .. -rw-r-----. 1 apache apache 1828 Jul 17 15:51 apache.key.nopass -rw-r-----. 1 apache apache 2685 Jul 17 15:51 apache.p12 -rw-------. 1 root root 1832 Jul 17 15:51 engine_id_rsa -rw-r-----. 1 ovirt ovirt 2685 Jul 17 15:51 engine.p12 I've tried with setenforce 0 and no change. I've downgraded to earlier 3.2.0 versions, earlier jboss-as, beta allinone plugin for 3.2, no changes. At one point I added some additional debuggingto the allinone script to make sure that reasonable variables were being passed around (they are). I'm stumped. -- -- James P. Kinney III * *Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain * http://electjimkinney.org http://heretothereideas.blogspot.com/ *
On 07/17/2013 11:55 PM, Jim Kinney wrote:
I'm tying to install $STABLE (3.2.2) on CentOS 6.4 . I have the repo for the el6 from ovirt.
this looks like packaging: Creating keystore for jboss use Currently jboss uses apache.p12 keystore file. In cases where apache is not used for proxying, jboss tries to use this file directly and fails on permissions. This patch tries to resolve the issue by adding an additional keystore jboss.p12 during setup/upgrade for the use by the jboss. Change-Id: I22d71d9de011e8af4bde26d9e2a048a6387ce70f Signed-off-by: Alex Lourie <alourie@redhat.com> http://gerrit.ovirt.org/#/c/12374/ alex - was it backported to 3.2? i also see some other potentially relevant patches were backported to 3.2.2 by alon - shouldn't we refresh the build for this? http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=shortlog;h=refs%2Fheads%...
Before the engine-setup --with-allinone=yes can complete it errors out with the following in the setup log:
2013-07-17 15:52:47::DEBUG::all_in_one_100::451::root:: Checking JBoss status. 2013-07-17 15:52:47::INFO::all_in_one_100::454::root:: JBoss is up and running. 2013-07-17 15:52:47::DEBUG::setup_sequences::59::root:: running initAPI 2013-07-17 15:52:47::DEBUG::all_in_one_100::240::root:: Initiating the API object 2013-07-17 15:52:47::ERROR::all_in_one_100::251::root:: Traceback (most recent call last): File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 248, in initAPI ca_file=basedefs.FILE_CA_CRT_SRC, File "/usr/lib/python2.6/site-packages/ovirtsdk/api.py", line 119, in __init__ url='/api' File "/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py", line 112, in request persistent_auth=self._persistent_auth) File "/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py", line 134, in __doRequest persistent_auth=persistent_auth File "/usr/lib/python2.6/site-packages/ovirtsdk/web/connection.py", line 148, in doRequest raise ConnectionError, str(e) ConnectionError: [ERROR]::oVirt API connection failure, [Errno 111] Connection refused
2013-07-17 15:52:47::DEBUG::setup_sequences::62::root:: Traceback (most recent call last): File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 60, in run function() File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 252, in initAPI raise Exception(ERROR_CREATE_API_OBJECT) Exception: Error: could not create ovirtsdk API object
2013-07-17 15:52:47::DEBUG::engine-setup::1972::root:: *** The following params were used as user input: 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: override-httpd-config: no 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: http-port: 8700 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: https-port: 8701 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: random-passwords: no 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: mac-range: 00:1A:4A:8C:8A:00-00:1A:4A:8C:8A:FF 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: host-fqdn: storage01.mydomain.me <http://storage01.mydomain.me> 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: auth-pass: ******** 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: org-name: mydomain.me <http://mydomain.me> 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: application-mode: virt 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: default-dc-type: POSIXFS 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-remote-install: local 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-host: localhost 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-local-pass: ******** 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: nfs-mp: /var/lib/exports/iso 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: iso-domain-name: ISO_DOMAIN 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: config-nfs: yes 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: override-firewall: None 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: config-allinone: yes 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: storage-path: /var/lib/images 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: superuser-pass: ******** 2013-07-17 15:52:47::ERROR::engine-setup::2392::root:: Traceback (most recent call last): File "/usr/bin/engine-setup", line 2386, in <module> main(confFile) File "/usr/bin/engine-setup", line 2169, in main runSequences() File "/usr/bin/engine-setup", line 2092, in runSequences controller.runAllSequences() File "/usr/share/ovirt-engine/scripts/setup_controller.py", line 54, in runAllSequences sequence.run() File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 154, in run step.run() File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 60, in run function() File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 252, in initAPI raise Exception(ERROR_CREATE_API_OBJECT) Exception: Error: could not create ovirtsdk API object
After much digging, it seems like the issue is in the certs but it's not making sense to me why it fails. From the server.log:
2013-07-17 16:37:28,873 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-3) JBAS015012: Started FileSystemDeploymentService for directory /var/lib/ovirt-engine/deployments 2013-07-17 16:37:28,877 ERROR [org.apache.tomcat.util.net.jsse.JSSESocketFactory] (MSC service thread 1-4) Failed to load keystore type PKCS12 with path /etc/pki/ovirt-engine/keys/apache.p12 due to /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied): java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_25] at java.io.FileInputStream.<init>(FileInputStream.java:138) [rt.jar:1.7.0_25] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:374) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:299) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:515) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:] at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
2013-07-17 16:37:28,883 ERROR [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-4) Error initializing endpoint: java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_25] at java.io.FileInputStream.<init>(FileInputStream.java:138) [rt.jar:1.7.0_25] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:374) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:299) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:515) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:] at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
2013-07-17 16:37:28,892 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC00001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25] Caused by: LifecycleException: Protocol handler initialization failed: java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at org.apache.catalina.connector.Connector.init(Connector.java:985) at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267) ... 5 more
2013-07-17 16:37:28,904 INFO [org.jboss.as.server.deployment.scanner] (DeploymentScanner-threads - 1) JBAS015003: Found engine.ear in deployment directory. To trigger deployment create a file called engine.ear.dodeploy 2013-07-17 16:37:28,957 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-11) JBAS010400: Bound data source [java:/ENGINEDataSource] 2013-07-17 16:37:28,966 INFO [org.jboss.as.controller] (Controller Boot Thread) JBAS014774: Service status report JBAS014777: Services which failed to start: service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector
the /etc/pki/ovirt-engine/keys:
ls -la /etc/pki/ovirt-engine/keys/ total 24 drwxr-xr-x. 2 ovirt ovirt 4096 Jul 17 15:51 . drwxr-xr-x. 6 ovirt ovirt 4096 Jul 17 15:51 .. -rw-r-----. 1 apache apache 1828 Jul 17 15:51 apache.key.nopass -rw-r-----. 1 apache apache 2685 Jul 17 15:51 apache.p12 -rw-------. 1 root root 1832 Jul 17 15:51 engine_id_rsa -rw-r-----. 1 ovirt ovirt 2685 Jul 17 15:51 engine.p12
I've tried with setenforce 0 and no change.
I've downgraded to earlier 3.2.0 versions, earlier jboss-as, beta allinone plugin for 3.2, no changes. At one point I added some additional debuggingto the allinone script to make sure that reasonable variables were being passed around (they are).
I'm stumped.
-- -- James P. Kinney III //// ////Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain //// http://electjimkinney.org http://heretothereideas.blogspot.com/ ////
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
----- Original Message -----
From: "Itamar Heim" <iheim@redhat.com> To: "Jim Kinney" <jim.kinney@gmail.com> Cc: users@ovirt.org, "Alex Lourie" <alourie@redhat.com>, "Alon Bar-Lev" <alonbl@redhat.com>, "Moran Goldboim" <mgoldboi@redhat.com> Sent: Thursday, July 18, 2013 6:42:02 AM Subject: Re: [Users] 3.2.2 allinone install fails on CentOS 6.4
On 07/17/2013 11:55 PM, Jim Kinney wrote:
I'm tying to install $STABLE (3.2.2) on CentOS 6.4 . I have the repo for the el6 from ovirt.
this looks like packaging: Creating keystore for jboss use
Indeed. Jim, I suggest you install engine with apache integration, apache integration is forced in 3.3 so better to be ready.
Currently jboss uses apache.p12 keystore file. In cases where apache is not used for proxying, jboss tries to use this file directly and fails on permissions.
This patch tries to resolve the issue by adding an additional keystore jboss.p12 during setup/upgrade for the use by the jboss.
Change-Id: I22d71d9de011e8af4bde26d9e2a048a6387ce70f Signed-off-by: Alex Lourie <alourie@redhat.com>
http://gerrit.ovirt.org/#/c/12374/
alex - was it backported to 3.2? i also see some other potentially relevant patches were backported to 3.2.2 by alon - shouldn't we refresh the build for this? http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=shortlog;h=refs%2Fheads%...
Before the engine-setup --with-allinone=yes can complete it errors out with the following in the setup log:
2013-07-17 15:52:47::DEBUG::all_in_one_100::451::root:: Checking JBoss status. 2013-07-17 15:52:47::INFO::all_in_one_100::454::root:: JBoss is up and running. 2013-07-17 15:52:47::DEBUG::setup_sequences::59::root:: running initAPI 2013-07-17 15:52:47::DEBUG::all_in_one_100::240::root:: Initiating the API object 2013-07-17 15:52:47::ERROR::all_in_one_100::251::root:: Traceback (most recent call last): File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 248, in initAPI ca_file=basedefs.FILE_CA_CRT_SRC, File "/usr/lib/python2.6/site-packages/ovirtsdk/api.py", line 119, in __init__ url='/api' File "/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py", line 112, in request persistent_auth=self._persistent_auth) File "/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py", line 134, in __doRequest persistent_auth=persistent_auth File "/usr/lib/python2.6/site-packages/ovirtsdk/web/connection.py", line 148, in doRequest raise ConnectionError, str(e) ConnectionError: [ERROR]::oVirt API connection failure, [Errno 111] Connection refused
2013-07-17 15:52:47::DEBUG::setup_sequences::62::root:: Traceback (most recent call last): File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 60, in run function() File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 252, in initAPI raise Exception(ERROR_CREATE_API_OBJECT) Exception: Error: could not create ovirtsdk API object
2013-07-17 15:52:47::DEBUG::engine-setup::1972::root:: *** The following params were used as user input: 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: override-httpd-config: no 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: http-port: 8700 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: https-port: 8701 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: random-passwords: no 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: mac-range: 00:1A:4A:8C:8A:00-00:1A:4A:8C:8A:FF 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: host-fqdn: storage01.mydomain.me <http://storage01.mydomain.me> 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: auth-pass: ******** 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: org-name: mydomain.me <http://mydomain.me> 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: application-mode: virt 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: default-dc-type: POSIXFS 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-remote-install: local 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-host: localhost 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-local-pass: ******** 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: nfs-mp: /var/lib/exports/iso 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: iso-domain-name: ISO_DOMAIN 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: config-nfs: yes 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: override-firewall: None 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: config-allinone: yes 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: storage-path: /var/lib/images 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: superuser-pass: ******** 2013-07-17 15:52:47::ERROR::engine-setup::2392::root:: Traceback (most recent call last): File "/usr/bin/engine-setup", line 2386, in <module> main(confFile) File "/usr/bin/engine-setup", line 2169, in main runSequences() File "/usr/bin/engine-setup", line 2092, in runSequences controller.runAllSequences() File "/usr/share/ovirt-engine/scripts/setup_controller.py", line 54, in runAllSequences sequence.run() File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 154, in run step.run() File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 60, in run function() File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 252, in initAPI raise Exception(ERROR_CREATE_API_OBJECT) Exception: Error: could not create ovirtsdk API object
After much digging, it seems like the issue is in the certs but it's not making sense to me why it fails. From the server.log:
2013-07-17 16:37:28,873 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-3) JBAS015012: Started FileSystemDeploymentService for directory /var/lib/ovirt-engine/deployments 2013-07-17 16:37:28,877 ERROR [org.apache.tomcat.util.net.jsse.JSSESocketFactory] (MSC service thread 1-4) Failed to load keystore type PKCS12 with path /etc/pki/ovirt-engine/keys/apache.p12 due to /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied): java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_25] at java.io.FileInputStream.<init>(FileInputStream.java:138) [rt.jar:1.7.0_25] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:374) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:299) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:515) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:] at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
2013-07-17 16:37:28,883 ERROR [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-4) Error initializing endpoint: java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_25] at java.io.FileInputStream.<init>(FileInputStream.java:138) [rt.jar:1.7.0_25] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:374) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:299) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:515) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:] at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
2013-07-17 16:37:28,892 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC00001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25] Caused by: LifecycleException: Protocol handler initialization failed: java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at org.apache.catalina.connector.Connector.init(Connector.java:985) at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267) ... 5 more
2013-07-17 16:37:28,904 INFO [org.jboss.as.server.deployment.scanner] (DeploymentScanner-threads - 1) JBAS015003: Found engine.ear in deployment directory. To trigger deployment create a file called engine.ear.dodeploy 2013-07-17 16:37:28,957 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-11) JBAS010400: Bound data source [java:/ENGINEDataSource] 2013-07-17 16:37:28,966 INFO [org.jboss.as.controller] (Controller Boot Thread) JBAS014774: Service status report JBAS014777: Services which failed to start: service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector
the /etc/pki/ovirt-engine/keys:
ls -la /etc/pki/ovirt-engine/keys/ total 24 drwxr-xr-x. 2 ovirt ovirt 4096 Jul 17 15:51 . drwxr-xr-x. 6 ovirt ovirt 4096 Jul 17 15:51 .. -rw-r-----. 1 apache apache 1828 Jul 17 15:51 apache.key.nopass -rw-r-----. 1 apache apache 2685 Jul 17 15:51 apache.p12 -rw-------. 1 root root 1832 Jul 17 15:51 engine_id_rsa -rw-r-----. 1 ovirt ovirt 2685 Jul 17 15:51 engine.p12
I've tried with setenforce 0 and no change.
I've downgraded to earlier 3.2.0 versions, earlier jboss-as, beta allinone plugin for 3.2, no changes. At one point I added some additional debuggingto the allinone script to make sure that reasonable variables were being passed around (they are).
I'm stumped.
-- -- James P. Kinney III //// ////Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain //// http://electjimkinney.org http://heretothereideas.blogspot.com/ ////
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Will do. Suggested version? I can't tell from ovirt site which engine has apache integrated. Or am I looking for jboss-as integrated with apache? On Thu, Jul 18, 2013 at 3:05 AM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Itamar Heim" <iheim@redhat.com> To: "Jim Kinney" <jim.kinney@gmail.com> Cc: users@ovirt.org, "Alex Lourie" <alourie@redhat.com>, "Alon Bar-Lev" <alonbl@redhat.com>, "Moran Goldboim" <mgoldboi@redhat.com> Sent: Thursday, July 18, 2013 6:42:02 AM Subject: Re: [Users] 3.2.2 allinone install fails on CentOS 6.4
On 07/17/2013 11:55 PM, Jim Kinney wrote:
I'm tying to install $STABLE (3.2.2) on CentOS 6.4 . I have the repo for the el6 from ovirt.
this looks like packaging: Creating keystore for jboss use
Indeed.
Jim, I suggest you install engine with apache integration, apache integration is forced in 3.3 so better to be ready.
Currently jboss uses apache.p12 keystore file. In cases where apache is not used for proxying, jboss tries to use this file directly and fails on permissions.
This patch tries to resolve the issue by adding an additional keystore jboss.p12 during setup/upgrade for the use by the jboss.
Change-Id: I22d71d9de011e8af4bde26d9e2a048a6387ce70f Signed-off-by: Alex Lourie <alourie@redhat.com>
http://gerrit.ovirt.org/#/c/12374/
alex - was it backported to 3.2? i also see some other potentially relevant patches were backported to 3.2.2 by alon - shouldn't we refresh the build for this?
http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=shortlog;h=refs%2Fheads%...
Before the engine-setup --with-allinone=yes can complete it errors out with the following in the setup log:
2013-07-17 15:52:47::DEBUG::all_in_one_100::451::root:: Checking JBoss status. 2013-07-17 15:52:47::INFO::all_in_one_100::454::root:: JBoss is up and running. 2013-07-17 15:52:47::DEBUG::setup_sequences::59::root:: running initAPI 2013-07-17 15:52:47::DEBUG::all_in_one_100::240::root:: Initiating the API object 2013-07-17 15:52:47::ERROR::all_in_one_100::251::root:: Traceback (most recent call last): File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 248, in initAPI ca_file=basedefs.FILE_CA_CRT_SRC, File "/usr/lib/python2.6/site-packages/ovirtsdk/api.py", line 119,
in
__init__ url='/api' File "/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py", line 112, in request persistent_auth=self._persistent_auth) File "/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py", line 134, in __doRequest persistent_auth=persistent_auth File "/usr/lib/python2.6/site-packages/ovirtsdk/web/connection.py", line 148, in doRequest raise ConnectionError, str(e) ConnectionError: [ERROR]::oVirt API connection failure, [Errno 111] Connection refused
2013-07-17 15:52:47::DEBUG::setup_sequences::62::root:: Traceback (most recent call last): File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 60, in run function() File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 252, in initAPI raise Exception(ERROR_CREATE_API_OBJECT) Exception: Error: could not create ovirtsdk API object
2013-07-17 15:52:47::DEBUG::engine-setup::1972::root:: *** The following params were used as user input: 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: override-httpd-config: no 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: http-port: 8700 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: https-port: 8701 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: random-passwords: no 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: mac-range: 00:1A:4A:8C:8A:00-00:1A:4A:8C:8A:FF 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: host-fqdn: storage01.mydomain.me <http://storage01.mydomain.me> 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: auth-pass:
2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: org-name: mydomain.me <http://mydomain.me> 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: application-mode: virt 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: default-dc-type: POSIXFS 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-remote-install: local 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-host: localhost 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-local-pass: ******** 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: nfs-mp: /var/lib/exports/iso 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: iso-domain-name: ISO_DOMAIN 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: config-nfs: yes 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: override-firewall: None 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: config-allinone: yes 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: storage-path: /var/lib/images 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: superuser-pass: ******** 2013-07-17 15:52:47::ERROR::engine-setup::2392::root:: Traceback (most recent call last): File "/usr/bin/engine-setup", line 2386, in <module> main(confFile) File "/usr/bin/engine-setup", line 2169, in main runSequences() File "/usr/bin/engine-setup", line 2092, in runSequences controller.runAllSequences() File "/usr/share/ovirt-engine/scripts/setup_controller.py", line 54, in runAllSequences sequence.run() File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 154, in run step.run() File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 60, in run function() File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 252, in initAPI raise Exception(ERROR_CREATE_API_OBJECT) Exception: Error: could not create ovirtsdk API object
After much digging, it seems like the issue is in the certs but it's not making sense to me why it fails. From the server.log:
2013-07-17 16:37:28,873 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-3) JBAS015012: Started FileSystemDeploymentService for directory /var/lib/ovirt-engine/deployments 2013-07-17 16:37:28,877 ERROR [org.apache.tomcat.util.net.jsse.JSSESocketFactory] (MSC service thread 1-4) Failed to load keystore type PKCS12 with path /etc/pki/ovirt-engine/keys/apache.p12 due to /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied): java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_25] at java.io.FileInputStream.<init>(FileInputStream.java:138) [rt.jar:1.7.0_25] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:374)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:299)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:515)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168)
[jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:] at
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
[jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_25] at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
2013-07-17 16:37:28,883 ERROR [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-4) Error initializing endpoint: java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_25] at java.io.FileInputStream.<init>(FileInputStream.java:138) [rt.jar:1.7.0_25] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:374)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:299)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:515)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168)
[jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:] at
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
[jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_25] at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
2013-07-17 16:37:28,892 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC00001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector at
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_25] at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25] Caused by: LifecycleException: Protocol handler initialization failed: java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at org.apache.catalina.connector.Connector.init(Connector.java:985) at
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
... 5 more
2013-07-17 16:37:28,904 INFO [org.jboss.as.server.deployment.scanner] (DeploymentScanner-threads - 1) JBAS015003: Found engine.ear in deployment directory. To trigger deployment create a file called engine.ear.dodeploy 2013-07-17 16:37:28,957 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-11) JBAS010400: Bound data source [java:/ENGINEDataSource] 2013-07-17 16:37:28,966 INFO [org.jboss.as.controller] (Controller
Boot
Thread) JBAS014774: Service status report JBAS014777: Services which failed to start: service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector
the /etc/pki/ovirt-engine/keys:
ls -la /etc/pki/ovirt-engine/keys/ total 24 drwxr-xr-x. 2 ovirt ovirt 4096 Jul 17 15:51 . drwxr-xr-x. 6 ovirt ovirt 4096 Jul 17 15:51 .. -rw-r-----. 1 apache apache 1828 Jul 17 15:51 apache.key.nopass -rw-r-----. 1 apache apache 2685 Jul 17 15:51 apache.p12 -rw-------. 1 root root 1832 Jul 17 15:51 engine_id_rsa -rw-r-----. 1 ovirt ovirt 2685 Jul 17 15:51 engine.p12
I've tried with setenforce 0 and no change.
I've downgraded to earlier 3.2.0 versions, earlier jboss-as, beta allinone plugin for 3.2, no changes. At one point I added some additional debuggingto the allinone script to make sure that reasonable variables were being passed around (they are).
I'm stumped.
-- -- James P. Kinney III //// ////Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain //// http://electjimkinney.org http://heretothereideas.blogspot.com/ ////
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- -- James P. Kinney III * *Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain * http://electjimkinney.org http://heretothereideas.blogspot.com/ *
Hmm. currently running jboss-as-7.7.7-11.el6. On Thu, Jul 18, 2013 at 7:45 AM, Jim Kinney <jim.kinney@gmail.com> wrote:
Will do. Suggested version? I can't tell from ovirt site which engine has apache integrated. Or am I looking for jboss-as integrated with apache?
On Thu, Jul 18, 2013 at 3:05 AM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Itamar Heim" <iheim@redhat.com> To: "Jim Kinney" <jim.kinney@gmail.com> Cc: users@ovirt.org, "Alex Lourie" <alourie@redhat.com>, "Alon Bar-Lev" <alonbl@redhat.com>, "Moran Goldboim" <mgoldboi@redhat.com> Sent: Thursday, July 18, 2013 6:42:02 AM Subject: Re: [Users] 3.2.2 allinone install fails on CentOS 6.4
On 07/17/2013 11:55 PM, Jim Kinney wrote:
I'm tying to install $STABLE (3.2.2) on CentOS 6.4 . I have the repo for the el6 from ovirt.
this looks like packaging: Creating keystore for jboss use
Indeed.
Jim, I suggest you install engine with apache integration, apache integration is forced in 3.3 so better to be ready.
Currently jboss uses apache.p12 keystore file. In cases where apache is not used for proxying, jboss tries to use this file directly and fails on permissions.
This patch tries to resolve the issue by adding an additional keystore jboss.p12 during setup/upgrade for the use by the jboss.
Change-Id: I22d71d9de011e8af4bde26d9e2a048a6387ce70f Signed-off-by: Alex Lourie <alourie@redhat.com>
http://gerrit.ovirt.org/#/c/12374/
alex - was it backported to 3.2? i also see some other potentially relevant patches were backported to 3.2.2 by alon - shouldn't we refresh the build for this?
http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=shortlog;h=refs%2Fheads%...
Before the engine-setup --with-allinone=yes can complete it errors out with the following in the setup log:
2013-07-17 15:52:47::DEBUG::all_in_one_100::451::root:: Checking JBoss status. 2013-07-17 15:52:47::INFO::all_in_one_100::454::root:: JBoss is up and running. 2013-07-17 15:52:47::DEBUG::setup_sequences::59::root:: running
initAPI
2013-07-17 15:52:47::DEBUG::all_in_one_100::240::root:: Initiating the API object 2013-07-17 15:52:47::ERROR::all_in_one_100::251::root:: Traceback (most recent call last): File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 248, in initAPI ca_file=basedefs.FILE_CA_CRT_SRC, File "/usr/lib/python2.6/site-packages/ovirtsdk/api.py", line 119, in __init__ url='/api' File "/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py", line 112, in request persistent_auth=self._persistent_auth) File "/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py", line 134, in __doRequest persistent_auth=persistent_auth File "/usr/lib/python2.6/site-packages/ovirtsdk/web/connection.py", line 148, in doRequest raise ConnectionError, str(e) ConnectionError: [ERROR]::oVirt API connection failure, [Errno 111] Connection refused
2013-07-17 15:52:47::DEBUG::setup_sequences::62::root:: Traceback (most recent call last): File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 60, in run function() File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 252, in initAPI raise Exception(ERROR_CREATE_API_OBJECT) Exception: Error: could not create ovirtsdk API object
2013-07-17 15:52:47::DEBUG::engine-setup::1972::root:: *** The following params were used as user input: 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: override-httpd-config: no 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: http-port: 8700 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: https-port: 8701 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: random-passwords: no 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: mac-range: 00:1A:4A:8C:8A:00-00:1A:4A:8C:8A:FF 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: host-fqdn: storage01.mydomain.me <http://storage01.mydomain.me> 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: auth-pass:
2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: org-name: mydomain.me <http://mydomain.me> 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: application-mode: virt 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: default-dc-type: POSIXFS 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-remote-install: local 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-host: localhost 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-local-pass: ******** 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: nfs-mp: /var/lib/exports/iso 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: iso-domain-name: ISO_DOMAIN 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: config-nfs: yes 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: override-firewall: None 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: config-allinone: yes 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: storage-path: /var/lib/images 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: superuser-pass: ******** 2013-07-17 15:52:47::ERROR::engine-setup::2392::root:: Traceback (most recent call last): File "/usr/bin/engine-setup", line 2386, in <module> main(confFile) File "/usr/bin/engine-setup", line 2169, in main runSequences() File "/usr/bin/engine-setup", line 2092, in runSequences controller.runAllSequences() File "/usr/share/ovirt-engine/scripts/setup_controller.py", line 54, in runAllSequences sequence.run() File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 154, in run step.run() File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 60, in run function() File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 252, in initAPI raise Exception(ERROR_CREATE_API_OBJECT) Exception: Error: could not create ovirtsdk API object
After much digging, it seems like the issue is in the certs but it's not making sense to me why it fails. From the server.log:
2013-07-17 16:37:28,873 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-3) JBAS015012: Started FileSystemDeploymentService for directory /var/lib/ovirt-engine/deployments 2013-07-17 16:37:28,877 ERROR [org.apache.tomcat.util.net.jsse.JSSESocketFactory] (MSC service thread 1-4) Failed to load keystore type PKCS12 with path /etc/pki/ovirt-engine/keys/apache.p12 due to /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied): java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_25] at java.io.FileInputStream.<init>(FileInputStream.java:138) [rt.jar:1.7.0_25] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:374)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:299)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:515)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168)
[jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:] at
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
[jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_25] at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
2013-07-17 16:37:28,883 ERROR [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-4) Error initializing endpoint: java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_25] at java.io.FileInputStream.<init>(FileInputStream.java:138) [rt.jar:1.7.0_25] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:374)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:299)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:515)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168)
[jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:] at
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
[jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_25] at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
2013-07-17 16:37:28,892 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC00001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector at
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_25] at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25] Caused by: LifecycleException: Protocol handler initialization failed: java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at org.apache.catalina.connector.Connector.init(Connector.java:985) at
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
... 5 more
2013-07-17 16:37:28,904 INFO [org.jboss.as.server.deployment.scanner] (DeploymentScanner-threads - 1) JBAS015003: Found engine.ear in deployment directory. To trigger deployment create a file called engine.ear.dodeploy 2013-07-17 16:37:28,957 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-11) JBAS010400: Bound data source [java:/ENGINEDataSource] 2013-07-17 16:37:28,966 INFO [org.jboss.as.controller] (Controller
Boot
Thread) JBAS014774: Service status report JBAS014777: Services which failed to start: service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector
the /etc/pki/ovirt-engine/keys:
ls -la /etc/pki/ovirt-engine/keys/ total 24 drwxr-xr-x. 2 ovirt ovirt 4096 Jul 17 15:51 . drwxr-xr-x. 6 ovirt ovirt 4096 Jul 17 15:51 .. -rw-r-----. 1 apache apache 1828 Jul 17 15:51 apache.key.nopass -rw-r-----. 1 apache apache 2685 Jul 17 15:51 apache.p12 -rw-------. 1 root root 1832 Jul 17 15:51 engine_id_rsa -rw-r-----. 1 ovirt ovirt 2685 Jul 17 15:51 engine.p12
I've tried with setenforce 0 and no change.
I've downgraded to earlier 3.2.0 versions, earlier jboss-as, beta allinone plugin for 3.2, no changes. At one point I added some additional debuggingto the allinone script to make sure that reasonable variables were being passed around (they are).
I'm stumped.
-- -- James P. Kinney III //// ////Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain //// http://electjimkinney.org http://heretothereideas.blogspot.com/ ////
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- -- James P. Kinney III * *Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain * http://electjimkinney.org http://heretothereideas.blogspot.com/ *
-- -- James P. Kinney III * *Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain * http://electjimkinney.org http://heretothereideas.blogspot.com/ *
----- Original Message -----
From: "Jim Kinney" <jim.kinney@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: users@ovirt.org, "Alex Lourie" <alourie@redhat.com>, "Moran Goldboim" <mgoldboi@redhat.com>, "Itamar Heim" <iheim@redhat.com> Sent: Thursday, July 18, 2013 2:45:06 PM Subject: Re: [Users] 3.2.2 allinone install fails on CentOS 6.4
Will do. Suggested version? I can't tell from ovirt site which engine has apache integrated. Or am I looking for jboss-as integrated with apache?
This is a new installation, right? If it is, please start from scratch and when prompted select to configure apache. Execute: # engine-cleanup # engine-setup If you need to preserve this system then simplest method for now is to: 1. copy apache.p12 to jboss.p12 2. chown jboss.p12 to ovirt and set mode of 0600.
On Thu, Jul 18, 2013 at 3:05 AM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Itamar Heim" <iheim@redhat.com> To: "Jim Kinney" <jim.kinney@gmail.com> Cc: users@ovirt.org, "Alex Lourie" <alourie@redhat.com>, "Alon Bar-Lev" <alonbl@redhat.com>, "Moran Goldboim" <mgoldboi@redhat.com> Sent: Thursday, July 18, 2013 6:42:02 AM Subject: Re: [Users] 3.2.2 allinone install fails on CentOS 6.4
On 07/17/2013 11:55 PM, Jim Kinney wrote:
I'm tying to install $STABLE (3.2.2) on CentOS 6.4 . I have the repo for the el6 from ovirt.
this looks like packaging: Creating keystore for jboss use
Indeed.
Jim, I suggest you install engine with apache integration, apache integration is forced in 3.3 so better to be ready.
Currently jboss uses apache.p12 keystore file. In cases where apache is not used for proxying, jboss tries to use this file directly and fails on permissions.
This patch tries to resolve the issue by adding an additional keystore jboss.p12 during setup/upgrade for the use by the jboss.
Change-Id: I22d71d9de011e8af4bde26d9e2a048a6387ce70f Signed-off-by: Alex Lourie <alourie@redhat.com>
http://gerrit.ovirt.org/#/c/12374/
alex - was it backported to 3.2? i also see some other potentially relevant patches were backported to 3.2.2 by alon - shouldn't we refresh the build for this?
http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=shortlog;h=refs%2Fheads%...
Before the engine-setup --with-allinone=yes can complete it errors out with the following in the setup log:
2013-07-17 15:52:47::DEBUG::all_in_one_100::451::root:: Checking JBoss status. 2013-07-17 15:52:47::INFO::all_in_one_100::454::root:: JBoss is up and running. 2013-07-17 15:52:47::DEBUG::setup_sequences::59::root:: running initAPI 2013-07-17 15:52:47::DEBUG::all_in_one_100::240::root:: Initiating the API object 2013-07-17 15:52:47::ERROR::all_in_one_100::251::root:: Traceback (most recent call last): File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 248, in initAPI ca_file=basedefs.FILE_CA_CRT_SRC, File "/usr/lib/python2.6/site-packages/ovirtsdk/api.py", line 119,
in
__init__ url='/api' File "/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py", line 112, in request persistent_auth=self._persistent_auth) File "/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py", line 134, in __doRequest persistent_auth=persistent_auth File "/usr/lib/python2.6/site-packages/ovirtsdk/web/connection.py", line 148, in doRequest raise ConnectionError, str(e) ConnectionError: [ERROR]::oVirt API connection failure, [Errno 111] Connection refused
2013-07-17 15:52:47::DEBUG::setup_sequences::62::root:: Traceback (most recent call last): File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 60, in run function() File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 252, in initAPI raise Exception(ERROR_CREATE_API_OBJECT) Exception: Error: could not create ovirtsdk API object
2013-07-17 15:52:47::DEBUG::engine-setup::1972::root:: *** The following params were used as user input: 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: override-httpd-config: no 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: http-port: 8700 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: https-port: 8701 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: random-passwords: no 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: mac-range: 00:1A:4A:8C:8A:00-00:1A:4A:8C:8A:FF 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: host-fqdn: storage01.mydomain.me <http://storage01.mydomain.me> 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: auth-pass:
2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: org-name: mydomain.me <http://mydomain.me> 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: application-mode: virt 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: default-dc-type: POSIXFS 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-remote-install: local 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-host: localhost 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-local-pass: ******** 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: nfs-mp: /var/lib/exports/iso 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: iso-domain-name: ISO_DOMAIN 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: config-nfs: yes 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: override-firewall: None 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: config-allinone: yes 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: storage-path: /var/lib/images 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: superuser-pass: ******** 2013-07-17 15:52:47::ERROR::engine-setup::2392::root:: Traceback (most recent call last): File "/usr/bin/engine-setup", line 2386, in <module> main(confFile) File "/usr/bin/engine-setup", line 2169, in main runSequences() File "/usr/bin/engine-setup", line 2092, in runSequences controller.runAllSequences() File "/usr/share/ovirt-engine/scripts/setup_controller.py", line 54, in runAllSequences sequence.run() File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 154, in run step.run() File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 60, in run function() File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 252, in initAPI raise Exception(ERROR_CREATE_API_OBJECT) Exception: Error: could not create ovirtsdk API object
After much digging, it seems like the issue is in the certs but it's not making sense to me why it fails. From the server.log:
2013-07-17 16:37:28,873 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-3) JBAS015012: Started FileSystemDeploymentService for directory /var/lib/ovirt-engine/deployments 2013-07-17 16:37:28,877 ERROR [org.apache.tomcat.util.net.jsse.JSSESocketFactory] (MSC service thread 1-4) Failed to load keystore type PKCS12 with path /etc/pki/ovirt-engine/keys/apache.p12 due to /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied): java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_25] at java.io.FileInputStream.<init>(FileInputStream.java:138) [rt.jar:1.7.0_25] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:374)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:299)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:515)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168)
[jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:] at
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
[jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_25] at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
2013-07-17 16:37:28,883 ERROR [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-4) Error initializing endpoint: java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_25] at java.io.FileInputStream.<init>(FileInputStream.java:138) [rt.jar:1.7.0_25] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:374)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:299)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:515)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168)
[jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:] at
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
[jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_25] at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
2013-07-17 16:37:28,892 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC00001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector at
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_25] at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25] Caused by: LifecycleException: Protocol handler initialization failed: java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at org.apache.catalina.connector.Connector.init(Connector.java:985) at
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
... 5 more
2013-07-17 16:37:28,904 INFO [org.jboss.as.server.deployment.scanner] (DeploymentScanner-threads - 1) JBAS015003: Found engine.ear in deployment directory. To trigger deployment create a file called engine.ear.dodeploy 2013-07-17 16:37:28,957 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-11) JBAS010400: Bound data source [java:/ENGINEDataSource] 2013-07-17 16:37:28,966 INFO [org.jboss.as.controller] (Controller
Boot
Thread) JBAS014774: Service status report JBAS014777: Services which failed to start: service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector
the /etc/pki/ovirt-engine/keys:
ls -la /etc/pki/ovirt-engine/keys/ total 24 drwxr-xr-x. 2 ovirt ovirt 4096 Jul 17 15:51 . drwxr-xr-x. 6 ovirt ovirt 4096 Jul 17 15:51 .. -rw-r-----. 1 apache apache 1828 Jul 17 15:51 apache.key.nopass -rw-r-----. 1 apache apache 2685 Jul 17 15:51 apache.p12 -rw-------. 1 root root 1832 Jul 17 15:51 engine_id_rsa -rw-r-----. 1 ovirt ovirt 2685 Jul 17 15:51 engine.p12
I've tried with setenforce 0 and no change.
I've downgraded to earlier 3.2.0 versions, earlier jboss-as, beta allinone plugin for 3.2, no changes. At one point I added some additional debuggingto the allinone script to make sure that reasonable variables were being passed around (they are).
I'm stumped.
-- -- James P. Kinney III //// ////Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain //// http://electjimkinney.org http://heretothereideas.blogspot.com/ ////
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- -- James P. Kinney III * *Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain * http://electjimkinney.org http://heretothereideas.blogspot.com/ *
Woo! Found the problem (I think). ipa-server was also installed on the same system. When ovirt ran, it detected this and suggested using ports 8700 and 8701 which I used. Apparently jboss uses those ports? I removed ipa-server and had options to configure new ports for engine to use. I put in 8700 and 8701 but the installer said "NO!" and noted that jboss was already claiming those ports. So I'm in but there was a cert problem. The SHA1 fingerprint reported by the engine-setup was NOT the one presented by the self-signed security cert on login. On Thu, Jul 18, 2013 at 7:52 AM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Jim Kinney" <jim.kinney@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: users@ovirt.org, "Alex Lourie" <alourie@redhat.com>, "Moran Goldboim" <mgoldboi@redhat.com>, "Itamar Heim" <iheim@redhat.com> Sent: Thursday, July 18, 2013 2:45:06 PM Subject: Re: [Users] 3.2.2 allinone install fails on CentOS 6.4
Will do. Suggested version? I can't tell from ovirt site which engine has apache integrated. Or am I looking for jboss-as integrated with apache?
This is a new installation, right? If it is, please start from scratch and when prompted select to configure apache. Execute: # engine-cleanup # engine-setup
If you need to preserve this system then simplest method for now is to: 1. copy apache.p12 to jboss.p12 2. chown jboss.p12 to ovirt and set mode of 0600.
On Thu, Jul 18, 2013 at 3:05 AM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Itamar Heim" <iheim@redhat.com> To: "Jim Kinney" <jim.kinney@gmail.com> Cc: users@ovirt.org, "Alex Lourie" <alourie@redhat.com>, "Alon
<alonbl@redhat.com>, "Moran Goldboim"
<mgoldboi@redhat.com> Sent: Thursday, July 18, 2013 6:42:02 AM Subject: Re: [Users] 3.2.2 allinone install fails on CentOS 6.4
On 07/17/2013 11:55 PM, Jim Kinney wrote:
I'm tying to install $STABLE (3.2.2) on CentOS 6.4 . I have the repo for the el6 from ovirt.
this looks like packaging: Creating keystore for jboss use
Indeed.
Jim, I suggest you install engine with apache integration, apache integration is forced in 3.3 so better to be ready.
Currently jboss uses apache.p12 keystore file. In cases where apache is not used for proxying, jboss tries to use this file directly and fails on permissions.
This patch tries to resolve the issue by adding an additional keystore jboss.p12 during setup/upgrade for the use by the jboss.
Change-Id: I22d71d9de011e8af4bde26d9e2a048a6387ce70f Signed-off-by: Alex Lourie <alourie@redhat.com>
http://gerrit.ovirt.org/#/c/12374/
alex - was it backported to 3.2? i also see some other potentially relevant patches were backported to 3.2.2 by alon - shouldn't we refresh the build for this?
http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=shortlog;h=refs%2Fheads%...
Before the engine-setup --with-allinone=yes can complete it errors
out
with the following in the setup log:
2013-07-17 15:52:47::DEBUG::all_in_one_100::451::root:: Checking JBoss status. 2013-07-17 15:52:47::INFO::all_in_one_100::454::root:: JBoss is up and running. 2013-07-17 15:52:47::DEBUG::setup_sequences::59::root:: running initAPI 2013-07-17 15:52:47::DEBUG::all_in_one_100::240::root:: Initiating
API object 2013-07-17 15:52:47::ERROR::all_in_one_100::251::root:: Traceback (most recent call last): File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 248, in initAPI ca_file=basedefs.FILE_CA_CRT_SRC, File "/usr/lib/python2.6/site-packages/ovirtsdk/api.py", line 119, in __init__ url='/api' File
"/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py",
line 112, in request persistent_auth=self._persistent_auth) File
"/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py",
line 134, in __doRequest persistent_auth=persistent_auth File "/usr/lib/python2.6/site-packages/ovirtsdk/web/connection.py", line 148, in doRequest raise ConnectionError, str(e) ConnectionError: [ERROR]::oVirt API connection failure, [Errno 111] Connection refused
2013-07-17 15:52:47::DEBUG::setup_sequences::62::root:: Traceback (most recent call last): File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 60, in run function() File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 252, in initAPI raise Exception(ERROR_CREATE_API_OBJECT) Exception: Error: could not create ovirtsdk API object
2013-07-17 15:52:47::DEBUG::engine-setup::1972::root:: *** The following params were used as user input: 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: override-httpd-config: no 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: http-port: 8700 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: https-port: 8701 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: random-passwords: no 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: mac-range: 00:1A:4A:8C:8A:00-00:1A:4A:8C:8A:FF 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: host-fqdn: storage01.mydomain.me <http://storage01.mydomain.me> 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: auth-pass:
2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: org-name: mydomain.me <http://mydomain.me> 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: application-mode: virt 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: default-dc-type: POSIXFS 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-remote-install: local 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-host: localhost 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-local-pass: ******** 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: nfs-mp: /var/lib/exports/iso 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: iso-domain-name: ISO_DOMAIN 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: config-nfs: yes 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: override-firewall: None 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: config-allinone: yes 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: storage-path: /var/lib/images 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: superuser-pass: ******** 2013-07-17 15:52:47::ERROR::engine-setup::2392::root:: Traceback (most recent call last): File "/usr/bin/engine-setup", line 2386, in <module> main(confFile) File "/usr/bin/engine-setup", line 2169, in main runSequences() File "/usr/bin/engine-setup", line 2092, in runSequences controller.runAllSequences() File "/usr/share/ovirt-engine/scripts/setup_controller.py",
in runAllSequences sequence.run() File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 154, in run step.run() File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 60, in run function() File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 252, in initAPI raise Exception(ERROR_CREATE_API_OBJECT) Exception: Error: could not create ovirtsdk API object
After much digging, it seems like the issue is in the certs but it's not making sense to me why it fails. From the server.log:
2013-07-17 16:37:28,873 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-3) JBAS015012: Started FileSystemDeploymentService for directory /var/lib/ovirt-engine/deployments 2013-07-17 16:37:28,877 ERROR [org.apache.tomcat.util.net.jsse.JSSESocketFactory] (MSC service
Bar-Lev" the line 54, thread
1-4) Failed to load keystore type PKCS12 with path /etc/pki/ovirt-engine/keys/apache.p12 due to /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied): java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_25] at java.io.FileInputStream.<init>(FileInputStream.java:138) [rt.jar:1.7.0_25] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:374)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:299)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:515)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168)
[jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) [jbossweb-7.0.13.Final.jar:] at
org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190)
[jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:] at
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
[jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_25] at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
2013-07-17 16:37:28,883 ERROR [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-4) Error initializing endpoint: java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_25] at java.io.FileInputStream.<init>(FileInputStream.java:138) [rt.jar:1.7.0_25] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:374)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:299)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:515)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168)
[jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) [jbossweb-7.0.13.Final.jar:] at
org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190)
[jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:] at
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
[jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_25] at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
2013-07-17 16:37:28,892 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC00001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector at
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_25] at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25] Caused by: LifecycleException: Protocol handler initialization failed: java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at org.apache.catalina.connector.Connector.init(Connector.java:985) at
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
... 5 more
2013-07-17 16:37:28,904 INFO
[org.jboss.as.server.deployment.scanner]
(DeploymentScanner-threads - 1) JBAS015003: Found engine.ear in deployment directory. To trigger deployment create a file called engine.ear.dodeploy 2013-07-17 16:37:28,957 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-11) JBAS010400: Bound data source [java:/ENGINEDataSource] 2013-07-17 16:37:28,966 INFO [org.jboss.as.controller] (Controller Boot Thread) JBAS014774: Service status report JBAS014777: Services which failed to start: service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector
the /etc/pki/ovirt-engine/keys:
ls -la /etc/pki/ovirt-engine/keys/ total 24 drwxr-xr-x. 2 ovirt ovirt 4096 Jul 17 15:51 . drwxr-xr-x. 6 ovirt ovirt 4096 Jul 17 15:51 .. -rw-r-----. 1 apache apache 1828 Jul 17 15:51 apache.key.nopass -rw-r-----. 1 apache apache 2685 Jul 17 15:51 apache.p12 -rw-------. 1 root root 1832 Jul 17 15:51 engine_id_rsa -rw-r-----. 1 ovirt ovirt 2685 Jul 17 15:51 engine.p12
I've tried with setenforce 0 and no change.
I've downgraded to earlier 3.2.0 versions, earlier jboss-as, beta allinone plugin for 3.2, no changes. At one point I added some additional debuggingto the allinone script to make sure that reasonable variables were being passed around (they are).
I'm stumped.
-- -- James P. Kinney III //// ////Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain //// http://electjimkinney.org http://heretothereideas.blogspot.com/ ////
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- -- James P. Kinney III * *Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain * http://electjimkinney.org http://heretothereideas.blogspot.com/ *
-- -- James P. Kinney III * *Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain * http://electjimkinney.org http://heretothereideas.blogspot.com/ *
----- Original Message -----
From: "Jim Kinney" <jim.kinney@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: users@ovirt.org, "Alex Lourie" <alourie@redhat.com>, "Moran Goldboim" <mgoldboi@redhat.com>, "Itamar Heim" <iheim@redhat.com> Sent: Thursday, July 18, 2013 3:38:49 PM Subject: Re: [Users] 3.2.2 allinone install fails on CentOS 6.4
Woo!
Found the problem (I think). ipa-server was also installed on the same system. When ovirt ran, it detected this and suggested using ports 8700 and 8701 which I used. Apparently jboss uses those ports? I removed ipa-server and had options to configure new ports for engine to use. I put in 8700 and 8701 but the installer said "NO!" and noted that jboss was already claiming those ports.
So I'm in but there was a cert problem. The SHA1 fingerprint reported by the engine-setup was NOT the one presented by the self-signed security cert on login.
The SSL certificate is not self-signed, it is signed by the CA certificate the setup enrolls.
On Thu, Jul 18, 2013 at 7:52 AM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Jim Kinney" <jim.kinney@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: users@ovirt.org, "Alex Lourie" <alourie@redhat.com>, "Moran Goldboim" <mgoldboi@redhat.com>, "Itamar Heim" <iheim@redhat.com> Sent: Thursday, July 18, 2013 2:45:06 PM Subject: Re: [Users] 3.2.2 allinone install fails on CentOS 6.4
Will do. Suggested version? I can't tell from ovirt site which engine has apache integrated. Or am I looking for jboss-as integrated with apache?
This is a new installation, right? If it is, please start from scratch and when prompted select to configure apache. Execute: # engine-cleanup # engine-setup
If you need to preserve this system then simplest method for now is to: 1. copy apache.p12 to jboss.p12 2. chown jboss.p12 to ovirt and set mode of 0600.
On Thu, Jul 18, 2013 at 3:05 AM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Itamar Heim" <iheim@redhat.com> To: "Jim Kinney" <jim.kinney@gmail.com> Cc: users@ovirt.org, "Alex Lourie" <alourie@redhat.com>, "Alon
<alonbl@redhat.com>, "Moran Goldboim"
<mgoldboi@redhat.com> Sent: Thursday, July 18, 2013 6:42:02 AM Subject: Re: [Users] 3.2.2 allinone install fails on CentOS 6.4
On 07/17/2013 11:55 PM, Jim Kinney wrote:
I'm tying to install $STABLE (3.2.2) on CentOS 6.4 . I have the repo for the el6 from ovirt.
this looks like packaging: Creating keystore for jboss use
Indeed.
Jim, I suggest you install engine with apache integration, apache integration is forced in 3.3 so better to be ready.
Currently jboss uses apache.p12 keystore file. In cases where apache is not used for proxying, jboss tries to use this file directly and fails on permissions.
This patch tries to resolve the issue by adding an additional keystore jboss.p12 during setup/upgrade for the use by the jboss.
Change-Id: I22d71d9de011e8af4bde26d9e2a048a6387ce70f Signed-off-by: Alex Lourie <alourie@redhat.com>
http://gerrit.ovirt.org/#/c/12374/
alex - was it backported to 3.2? i also see some other potentially relevant patches were backported to 3.2.2 by alon - shouldn't we refresh the build for this?
http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=shortlog;h=refs%2Fheads%...
Before the engine-setup --with-allinone=yes can complete it errors
out
with the following in the setup log:
2013-07-17 15:52:47::DEBUG::all_in_one_100::451::root:: Checking JBoss status. 2013-07-17 15:52:47::INFO::all_in_one_100::454::root:: JBoss is up and running. 2013-07-17 15:52:47::DEBUG::setup_sequences::59::root:: running initAPI 2013-07-17 15:52:47::DEBUG::all_in_one_100::240::root:: Initiating
API object 2013-07-17 15:52:47::ERROR::all_in_one_100::251::root:: Traceback (most recent call last): File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 248, in initAPI ca_file=basedefs.FILE_CA_CRT_SRC, File "/usr/lib/python2.6/site-packages/ovirtsdk/api.py", line 119, in __init__ url='/api' File
"/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py",
line 112, in request persistent_auth=self._persistent_auth) File
"/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py",
line 134, in __doRequest persistent_auth=persistent_auth File "/usr/lib/python2.6/site-packages/ovirtsdk/web/connection.py", line 148, in doRequest raise ConnectionError, str(e) ConnectionError: [ERROR]::oVirt API connection failure, [Errno 111] Connection refused
2013-07-17 15:52:47::DEBUG::setup_sequences::62::root:: Traceback (most recent call last): File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 60, in run function() File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 252, in initAPI raise Exception(ERROR_CREATE_API_OBJECT) Exception: Error: could not create ovirtsdk API object
2013-07-17 15:52:47::DEBUG::engine-setup::1972::root:: *** The following params were used as user input: 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: override-httpd-config: no 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: http-port: 8700 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: https-port: 8701 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: random-passwords: no 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: mac-range: 00:1A:4A:8C:8A:00-00:1A:4A:8C:8A:FF 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: host-fqdn: storage01.mydomain.me <http://storage01.mydomain.me> 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: auth-pass:
2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: org-name: mydomain.me <http://mydomain.me> 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: application-mode: virt 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: default-dc-type: POSIXFS 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-remote-install: local 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-host: localhost 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-local-pass: ******** 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: nfs-mp: /var/lib/exports/iso 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: iso-domain-name: ISO_DOMAIN 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: config-nfs: yes 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: override-firewall: None 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: config-allinone: yes 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: storage-path: /var/lib/images 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: superuser-pass: ******** 2013-07-17 15:52:47::ERROR::engine-setup::2392::root:: Traceback (most recent call last): File "/usr/bin/engine-setup", line 2386, in <module> main(confFile) File "/usr/bin/engine-setup", line 2169, in main runSequences() File "/usr/bin/engine-setup", line 2092, in runSequences controller.runAllSequences() File "/usr/share/ovirt-engine/scripts/setup_controller.py",
in runAllSequences sequence.run() File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 154, in run step.run() File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 60, in run function() File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", line 252, in initAPI raise Exception(ERROR_CREATE_API_OBJECT) Exception: Error: could not create ovirtsdk API object
After much digging, it seems like the issue is in the certs but it's not making sense to me why it fails. From the server.log:
2013-07-17 16:37:28,873 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-3) JBAS015012: Started FileSystemDeploymentService for directory /var/lib/ovirt-engine/deployments 2013-07-17 16:37:28,877 ERROR [org.apache.tomcat.util.net.jsse.JSSESocketFactory] (MSC service
Bar-Lev" the line 54, thread
1-4) Failed to load keystore type PKCS12 with path /etc/pki/ovirt-engine/keys/apache.p12 due to /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied): java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_25] at java.io.FileInputStream.<init>(FileInputStream.java:138) [rt.jar:1.7.0_25] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:374)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:299)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:515)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168)
[jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) [jbossweb-7.0.13.Final.jar:] at
org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190)
[jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:] at
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
[jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_25] at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
2013-07-17 16:37:28,883 ERROR [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-4) Error initializing endpoint: java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_25] at java.io.FileInputStream.<init>(FileInputStream.java:138) [rt.jar:1.7.0_25] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:374)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:299)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:515)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452)
[jbossweb-7.0.13.Final.jar:] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168)
[jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) [jbossweb-7.0.13.Final.jar:] at
org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190)
[jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:] at
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
[jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_25] at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
2013-07-17 16:37:28,892 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC00001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector at
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_25] at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25] Caused by: LifecycleException: Protocol handler initialization failed: java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied) at org.apache.catalina.connector.Connector.init(Connector.java:985) at
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
... 5 more
2013-07-17 16:37:28,904 INFO
[org.jboss.as.server.deployment.scanner]
(DeploymentScanner-threads - 1) JBAS015003: Found engine.ear in deployment directory. To trigger deployment create a file called engine.ear.dodeploy 2013-07-17 16:37:28,957 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-11) JBAS010400: Bound data source [java:/ENGINEDataSource] 2013-07-17 16:37:28,966 INFO [org.jboss.as.controller] (Controller Boot Thread) JBAS014774: Service status report JBAS014777: Services which failed to start: service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector
the /etc/pki/ovirt-engine/keys:
ls -la /etc/pki/ovirt-engine/keys/ total 24 drwxr-xr-x. 2 ovirt ovirt 4096 Jul 17 15:51 . drwxr-xr-x. 6 ovirt ovirt 4096 Jul 17 15:51 .. -rw-r-----. 1 apache apache 1828 Jul 17 15:51 apache.key.nopass -rw-r-----. 1 apache apache 2685 Jul 17 15:51 apache.p12 -rw-------. 1 root root 1832 Jul 17 15:51 engine_id_rsa -rw-r-----. 1 ovirt ovirt 2685 Jul 17 15:51 engine.p12
I've tried with setenforce 0 and no change.
I've downgraded to earlier 3.2.0 versions, earlier jboss-as, beta allinone plugin for 3.2, no changes. At one point I added some additional debuggingto the allinone script to make sure that reasonable variables were being passed around (they are).
I'm stumped.
-- -- James P. Kinney III //// ////Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain //// http://electjimkinney.org http://heretothereideas.blogspot.com/ ////
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- -- James P. Kinney III * *Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain * http://electjimkinney.org http://heretothereideas.blogspot.com/ *
-- -- James P. Kinney III * *Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain * http://electjimkinney.org http://heretothereideas.blogspot.com/ *
Yes. You're right. The cert that is generated in the setup process. But the fingerprints are different between what the setup process says at the end and what the cert presents with on initial connection in the browser. On Thu, Jul 18, 2013 at 8:42 AM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Jim Kinney" <jim.kinney@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: users@ovirt.org, "Alex Lourie" <alourie@redhat.com>, "Moran Goldboim" <mgoldboi@redhat.com>, "Itamar Heim" <iheim@redhat.com> Sent: Thursday, July 18, 2013 3:38:49 PM Subject: Re: [Users] 3.2.2 allinone install fails on CentOS 6.4
Woo!
Found the problem (I think). ipa-server was also installed on the same system. When ovirt ran, it detected this and suggested using ports 8700 and 8701 which I used. Apparently jboss uses those ports? I removed ipa-server and had options to configure new ports for engine to use. I put in 8700 and 8701 but the installer said "NO!" and noted that jboss was already claiming those ports.
So I'm in but there was a cert problem. The SHA1 fingerprint reported by the engine-setup was NOT the one presented by the self-signed security cert on login.
The SSL certificate is not self-signed, it is signed by the CA certificate the setup enrolls.
On Thu, Jul 18, 2013 at 7:52 AM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Jim Kinney" <jim.kinney@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: users@ovirt.org, "Alex Lourie" <alourie@redhat.com>, "Moran Goldboim" <mgoldboi@redhat.com>, "Itamar Heim" <iheim@redhat.com> Sent: Thursday, July 18, 2013 2:45:06 PM Subject: Re: [Users] 3.2.2 allinone install fails on CentOS 6.4
Will do. Suggested version? I can't tell from ovirt site which
apache integrated. Or am I looking for jboss-as integrated with apache?
This is a new installation, right? If it is, please start from scratch and when prompted select to configure apache. Execute: # engine-cleanup # engine-setup
If you need to preserve this system then simplest method for now is to: 1. copy apache.p12 to jboss.p12 2. chown jboss.p12 to ovirt and set mode of 0600.
On Thu, Jul 18, 2013 at 3:05 AM, Alon Bar-Lev <alonbl@redhat.com>
wrote:
----- Original Message -----
From: "Itamar Heim" <iheim@redhat.com> To: "Jim Kinney" <jim.kinney@gmail.com> Cc: users@ovirt.org, "Alex Lourie" <alourie@redhat.com>, "Alon
Bar-Lev"
<alonbl@redhat.com>, "Moran Goldboim"
<mgoldboi@redhat.com> Sent: Thursday, July 18, 2013 6:42:02 AM Subject: Re: [Users] 3.2.2 allinone install fails on CentOS 6.4
On 07/17/2013 11:55 PM, Jim Kinney wrote: > I'm tying to install $STABLE (3.2.2) on CentOS 6.4 . I have the repo for > the el6 from ovirt.
this looks like packaging: Creating keystore for jboss use
Indeed.
Jim, I suggest you install engine with apache integration, apache integration is forced in 3.3 so better to be ready.
Currently jboss uses apache.p12 keystore file. In cases where apache is not used for proxying, jboss tries to use this file directly and fails on permissions.
This patch tries to resolve the issue by adding an additional keystore jboss.p12 during setup/upgrade for the use by the jboss.
Change-Id: I22d71d9de011e8af4bde26d9e2a048a6387ce70f Signed-off-by: Alex Lourie <alourie@redhat.com>
http://gerrit.ovirt.org/#/c/12374/
alex - was it backported to 3.2? i also see some other potentially relevant patches were
backported to
3.2.2 by alon - shouldn't we refresh the build for this?
http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=shortlog;h=refs%2Fheads%...
> > Before the engine-setup --with-allinone=yes can complete it
> with the following in the setup log: > > 2013-07-17 15:52:47::DEBUG::all_in_one_100::451::root:: Checking JBoss > status. > 2013-07-17 15:52:47::INFO::all_in_one_100::454::root:: JBoss is up and > running. > 2013-07-17 15:52:47::DEBUG::setup_sequences::59::root:: running initAPI > 2013-07-17 15:52:47::DEBUG::all_in_one_100::240::root:: Initiating
errors out the
> API object > 2013-07-17 15:52:47::ERROR::all_in_one_100::251::root:: Traceback (most > recent call last): > File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", > line 248, in initAPI > ca_file=basedefs.FILE_CA_CRT_SRC, > File "/usr/lib/python2.6/site-packages/ovirtsdk/api.py",
119,
in
> __init__ > url='/api' > File > "/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py", > line 112, in request > persistent_auth=self._persistent_auth) > File > "/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py", > line 134, in __doRequest > persistent_auth=persistent_auth > File "/usr/lib/python2.6/site-packages/ovirtsdk/web/connection.py", > line 148, in doRequest > raise ConnectionError, str(e) > ConnectionError: [ERROR]::oVirt API connection failure, [Errno 111] > Connection refused > > 2013-07-17 15:52:47::DEBUG::setup_sequences::62::root:: Traceback (most > recent call last): > File "/usr/share/ovirt-engine/scripts/setup_sequences.py",
> in run > function() > File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", > line 252, in initAPI > raise Exception(ERROR_CREATE_API_OBJECT) > Exception: Error: could not create ovirtsdk API object > > 2013-07-17 15:52:47::DEBUG::engine-setup::1972::root:: *** The following > params were used as user input: > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: > override-httpd-config: no > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: http-port: 8700 > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: https-port: 8701 > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: random-passwords: no > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: mac-range: > 00:1A:4A:8C:8A:00-00:1A:4A:8C:8A:FF > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: host-fqdn: > storage01.mydomain.me <http://storage01.mydomain.me> > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: auth-pass:
> 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: org-name: > mydomain.me <http://mydomain.me> > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: application-mode: > virt > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: default-dc-type: > POSIXFS > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: > db-remote-install: local > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-host: localhost > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-local-pass: > ******** > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: nfs-mp: > /var/lib/exports/iso > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: iso-domain-name: > ISO_DOMAIN > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: config-nfs: yes > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: > override-firewall: None > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: config-allinone: yes > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: storage-path: > /var/lib/images > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: superuser-pass: > ******** > 2013-07-17 15:52:47::ERROR::engine-setup::2392::root:: Traceback (most > recent call last): > File "/usr/bin/engine-setup", line 2386, in <module> > main(confFile) > File "/usr/bin/engine-setup", line 2169, in main > runSequences() > File "/usr/bin/engine-setup", line 2092, in runSequences > controller.runAllSequences() > File "/usr/share/ovirt-engine/scripts/setup_controller.py",
60, line 54,
> in runAllSequences > sequence.run() > File "/usr/share/ovirt-engine/scripts/setup_sequences.py",
154,
> in run > step.run() > File "/usr/share/ovirt-engine/scripts/setup_sequences.py",
> in run > function() > File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", > line 252, in initAPI > raise Exception(ERROR_CREATE_API_OBJECT) > Exception: Error: could not create ovirtsdk API object > > > > After much digging, it seems like the issue is in the certs but it's not > making sense to me why it fails. From the server.log: > > 2013-07-17 16:37:28,873 INFO [org.jboss.as.server.deployment.scanner] > (MSC service thread 1-3) JBAS015012: Started FileSystemDeploymentService > for directory /var/lib/ovirt-engine/deployments > 2013-07-17 16:37:28,877 ERROR > [org.apache.tomcat.util.net.jsse.JSSESocketFactory] (MSC service
60, thread
> 1-4) Failed to load keystore type PKCS12 with path > /etc/pki/ovirt-engine/keys/apache.p12 due to > /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied): > java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 > (Permission denied) > at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_25] > at java.io.FileInputStream.<init>(FileInputStream.java:138) > [rt.jar:1.7.0_25] > at >
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:374)
> [jbossweb-7.0.13.Final.jar:] > at >
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:299)
> [jbossweb-7.0.13.Final.jar:] > at >
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:515)
> [jbossweb-7.0.13.Final.jar:] > at >
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452)
> [jbossweb-7.0.13.Final.jar:] > at >
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168)
> [jbossweb-7.0.13.Final.jar:] > at > org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) > [jbossweb-7.0.13.Final.jar:] > at > org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190) > [jbossweb-7.0.13.Final.jar:] > at org.apache.catalina.connector.Connector.init(Connector.java:983) > [jbossweb-7.0.13.Final.jar:] > at >
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
> [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
> [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] > at >
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
> [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] > at >
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> [rt.jar:1.7.0_25] > at >
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> [rt.jar:1.7.0_25] > at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25] > > 2013-07-17 16:37:28,883 ERROR [org.apache.coyote.http11.Http11Protocol] > (MSC service thread 1-4) Error initializing endpoint: > java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 > (Permission denied) > at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_25] > at java.io.FileInputStream.<init>(FileInputStream.java:138) > [rt.jar:1.7.0_25] > at >
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:374)
> [jbossweb-7.0.13.Final.jar:] > at >
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:299)
> [jbossweb-7.0.13.Final.jar:] > at >
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:515)
> [jbossweb-7.0.13.Final.jar:] > at >
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452)
> [jbossweb-7.0.13.Final.jar:] > at >
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168)
> [jbossweb-7.0.13.Final.jar:] > at > org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) > [jbossweb-7.0.13.Final.jar:] > at > org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190) > [jbossweb-7.0.13.Final.jar:] > at org.apache.catalina.connector.Connector.init(Connector.java:983) > [jbossweb-7.0.13.Final.jar:] > at >
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
> [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] > at >
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
> [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] > at >
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
> [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] > at >
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> [rt.jar:1.7.0_25] > at >
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> [rt.jar:1.7.0_25] > at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25] > > 2013-07-17 16:37:28,892 ERROR [org.jboss.msc.service.fail] (MSC service > thread 1-4) MSC00001: Failed to start service jboss.web.connector.https: > org.jboss.msc.service.StartException in service > jboss.web.connector.https: JBAS018007: Error starting web connector > at >
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271)
> at >
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
> [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] > at >
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
> [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] > at >
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> [rt.jar:1.7.0_25] > at >
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> [rt.jar:1.7.0_25] > at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25] > Caused by: LifecycleException: Protocol handler initialization failed: > java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 > (Permission denied) > at org.apache.catalina.connector.Connector.init(Connector.java:985) > at >
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
> ... 5 more > > 2013-07-17 16:37:28,904 INFO [org.jboss.as.server.deployment.scanner] > (DeploymentScanner-threads - 1) JBAS015003: Found engine.ear in > deployment directory. To trigger deployment create a file called > engine.ear.dodeploy > 2013-07-17 16:37:28,957 INFO > [org.jboss.as.connector.subsystems.datasources] (MSC service
engine has line line line line thread
> 1-11) JBAS010400: Bound data source [java:/ENGINEDataSource] > 2013-07-17 16:37:28,966 INFO [org.jboss.as.controller] (Controller Boot > Thread) JBAS014774: Service status report > JBAS014777: Services which failed to start: service > jboss.web.connector.https: org.jboss.msc.service.StartException in > service jboss.web.connector.https: JBAS018007: Error starting web connector > > > the /etc/pki/ovirt-engine/keys: > > ls -la /etc/pki/ovirt-engine/keys/ > total 24 > drwxr-xr-x. 2 ovirt ovirt 4096 Jul 17 15:51 . > drwxr-xr-x. 6 ovirt ovirt 4096 Jul 17 15:51 .. > -rw-r-----. 1 apache apache 1828 Jul 17 15:51 apache.key.nopass > -rw-r-----. 1 apache apache 2685 Jul 17 15:51 apache.p12 > -rw-------. 1 root root 1832 Jul 17 15:51 engine_id_rsa > -rw-r-----. 1 ovirt ovirt 2685 Jul 17 15:51 engine.p12 > > > I've tried with setenforce 0 and no change. > > I've downgraded to earlier 3.2.0 versions, earlier jboss-as, beta > allinone plugin for 3.2, no changes. At one point I added some > additional debuggingto the allinone script to make sure that reasonable > variables were being passed around (they are). > > I'm stumped. > > -- > -- > James P. Kinney III > //// > ////Every time you stop a school, you will have to build a jail. What > you gain at one end you lose at the other. It's like feeding a dog on > his own tail. It won't fatten the dog. > - Speech 11/23/1900 Mark Twain > //// > http://electjimkinney.org > http://heretothereideas.blogspot.com/ > //// > > > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users >
-- -- James P. Kinney III * *Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain * http://electjimkinney.org http://heretothereideas.blogspot.com/ *
-- -- James P. Kinney III * *Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain * http://electjimkinney.org http://heretothereideas.blogspot.com/ *
-- -- James P. Kinney III * *Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain * http://electjimkinney.org http://heretothereideas.blogspot.com/ *
----- Original Message -----
From: "Jim Kinney" <jim.kinney@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: users@ovirt.org, "Alex Lourie" <alourie@redhat.com>, "Moran Goldboim" <mgoldboi@redhat.com>, "Itamar Heim" <iheim@redhat.com> Sent: Thursday, July 18, 2013 4:34:12 PM Subject: Re: [Users] 3.2.2 allinone install fails on CentOS 6.4
Yes. You're right. The cert that is generated in the setup process. But the fingerprints are different between what the setup process says at the end and what the cert presents with on initial connection in the browser.
The browser probably displays the fingerprint of the end certificate, while the setup displays the fingerprint of the CA certificate.
On Thu, Jul 18, 2013 at 8:42 AM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Jim Kinney" <jim.kinney@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: users@ovirt.org, "Alex Lourie" <alourie@redhat.com>, "Moran Goldboim" <mgoldboi@redhat.com>, "Itamar Heim" <iheim@redhat.com> Sent: Thursday, July 18, 2013 3:38:49 PM Subject: Re: [Users] 3.2.2 allinone install fails on CentOS 6.4
Woo!
Found the problem (I think). ipa-server was also installed on the same system. When ovirt ran, it detected this and suggested using ports 8700 and 8701 which I used. Apparently jboss uses those ports? I removed ipa-server and had options to configure new ports for engine to use. I put in 8700 and 8701 but the installer said "NO!" and noted that jboss was already claiming those ports.
So I'm in but there was a cert problem. The SHA1 fingerprint reported by the engine-setup was NOT the one presented by the self-signed security cert on login.
The SSL certificate is not self-signed, it is signed by the CA certificate the setup enrolls.
On Thu, Jul 18, 2013 at 7:52 AM, Alon Bar-Lev <alonbl@redhat.com> wrote:
----- Original Message -----
From: "Jim Kinney" <jim.kinney@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: users@ovirt.org, "Alex Lourie" <alourie@redhat.com>, "Moran Goldboim" <mgoldboi@redhat.com>, "Itamar Heim" <iheim@redhat.com> Sent: Thursday, July 18, 2013 2:45:06 PM Subject: Re: [Users] 3.2.2 allinone install fails on CentOS 6.4
Will do. Suggested version? I can't tell from ovirt site which
apache integrated. Or am I looking for jboss-as integrated with apache?
This is a new installation, right? If it is, please start from scratch and when prompted select to configure apache. Execute: # engine-cleanup # engine-setup
If you need to preserve this system then simplest method for now is to: 1. copy apache.p12 to jboss.p12 2. chown jboss.p12 to ovirt and set mode of 0600.
On Thu, Jul 18, 2013 at 3:05 AM, Alon Bar-Lev <alonbl@redhat.com>
wrote:
----- Original Message ----- > From: "Itamar Heim" <iheim@redhat.com> > To: "Jim Kinney" <jim.kinney@gmail.com> > Cc: users@ovirt.org, "Alex Lourie" <alourie@redhat.com>, "Alon
Bar-Lev"
<alonbl@redhat.com>, "Moran Goldboim" > <mgoldboi@redhat.com> > Sent: Thursday, July 18, 2013 6:42:02 AM > Subject: Re: [Users] 3.2.2 allinone install fails on CentOS 6.4 > > On 07/17/2013 11:55 PM, Jim Kinney wrote: > > I'm tying to install $STABLE (3.2.2) on CentOS 6.4 . I have the repo for > > the el6 from ovirt. > > this looks like > packaging: Creating keystore for jboss use
Indeed.
Jim, I suggest you install engine with apache integration, apache integration is forced in 3.3 so better to be ready.
> > Currently jboss uses apache.p12 keystore file. In cases > where apache is not used for proxying, jboss tries to > use this file directly and fails on permissions. > > This patch tries to resolve the issue by adding an additional > keystore jboss.p12 during setup/upgrade for the use by the jboss. > > Change-Id: I22d71d9de011e8af4bde26d9e2a048a6387ce70f > Signed-off-by: Alex Lourie <alourie@redhat.com> > > http://gerrit.ovirt.org/#/c/12374/ > > alex - was it backported to 3.2? > i also see some other potentially relevant patches were backported to > 3.2.2 by alon - shouldn't we refresh the build for this? >
http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=shortlog;h=refs%2Fheads%...
> > > > > Before the engine-setup --with-allinone=yes can complete it errors out > > with the following in the setup log: > > > > 2013-07-17 15:52:47::DEBUG::all_in_one_100::451::root:: Checking JBoss > > status. > > 2013-07-17 15:52:47::INFO::all_in_one_100::454::root:: JBoss is up and > > running. > > 2013-07-17 15:52:47::DEBUG::setup_sequences::59::root:: running initAPI > > 2013-07-17 15:52:47::DEBUG::all_in_one_100::240::root:: Initiating the > > API object > > 2013-07-17 15:52:47::ERROR::all_in_one_100::251::root:: Traceback (most > > recent call last): > > File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", > > line 248, in initAPI > > ca_file=basedefs.FILE_CA_CRT_SRC, > > File "/usr/lib/python2.6/site-packages/ovirtsdk/api.py",
119,
in > > __init__ > > url='/api' > > File > > "/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py", > > line 112, in request > > persistent_auth=self._persistent_auth) > > File > > "/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py", > > line 134, in __doRequest > > persistent_auth=persistent_auth > > File "/usr/lib/python2.6/site-packages/ovirtsdk/web/connection.py", > > line 148, in doRequest > > raise ConnectionError, str(e) > > ConnectionError: [ERROR]::oVirt API connection failure, [Errno 111] > > Connection refused > > > > 2013-07-17 15:52:47::DEBUG::setup_sequences::62::root:: Traceback (most > > recent call last): > > File "/usr/share/ovirt-engine/scripts/setup_sequences.py",
> > in run > > function() > > File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", > > line 252, in initAPI > > raise Exception(ERROR_CREATE_API_OBJECT) > > Exception: Error: could not create ovirtsdk API object > > > > 2013-07-17 15:52:47::DEBUG::engine-setup::1972::root:: *** The following > > params were used as user input: > > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: > > override-httpd-config: no > > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: http-port: 8700 > > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: https-port: 8701 > > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: random-passwords: no > > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: mac-range: > > 00:1A:4A:8C:8A:00-00:1A:4A:8C:8A:FF > > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: host-fqdn: > > storage01.mydomain.me <http://storage01.mydomain.me> > > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: auth-pass: ******** > > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: org-name: > > mydomain.me <http://mydomain.me> > > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: application-mode: > > virt > > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: default-dc-type: > > POSIXFS > > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: > > db-remote-install: local > > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-host: localhost > > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: db-local-pass: > > ******** > > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: nfs-mp: > > /var/lib/exports/iso > > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: iso-domain-name: > > ISO_DOMAIN > > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: config-nfs: yes > > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: > > override-firewall: None > > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: config-allinone: yes > > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: storage-path: > > /var/lib/images > > 2013-07-17 15:52:47::DEBUG::engine-setup::1977::root:: superuser-pass: > > ******** > > 2013-07-17 15:52:47::ERROR::engine-setup::2392::root:: Traceback (most > > recent call last): > > File "/usr/bin/engine-setup", line 2386, in <module> > > main(confFile) > > File "/usr/bin/engine-setup", line 2169, in main > > runSequences() > > File "/usr/bin/engine-setup", line 2092, in runSequences > > controller.runAllSequences() > > File "/usr/share/ovirt-engine/scripts/setup_controller.py",
60, line 54,
> > in runAllSequences > > sequence.run() > > File "/usr/share/ovirt-engine/scripts/setup_sequences.py",
154,
> > in run > > step.run() > > File "/usr/share/ovirt-engine/scripts/setup_sequences.py",
> > in run > > function() > > File "/usr/share/ovirt-engine/scripts/plugins/all_in_one_100.py", > > line 252, in initAPI > > raise Exception(ERROR_CREATE_API_OBJECT) > > Exception: Error: could not create ovirtsdk API object > > > > > > > > After much digging, it seems like the issue is in the certs but it's not > > making sense to me why it fails. From the server.log: > > > > 2013-07-17 16:37:28,873 INFO [org.jboss.as.server.deployment.scanner] > > (MSC service thread 1-3) JBAS015012: Started FileSystemDeploymentService > > for directory /var/lib/ovirt-engine/deployments > > 2013-07-17 16:37:28,877 ERROR > > [org.apache.tomcat.util.net.jsse.JSSESocketFactory] (MSC service
60, thread
> > 1-4) Failed to load keystore type PKCS12 with path > > /etc/pki/ovirt-engine/keys/apache.p12 due to > > /etc/pki/ovirt-engine/keys/apache.p12 (Permission denied): > > java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 > > (Permission denied) > > at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_25] > > at java.io.FileInputStream.<init>(FileInputStream.java:138) > > [rt.jar:1.7.0_25] > > at > >
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:374)
> > [jbossweb-7.0.13.Final.jar:] > > at > >
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:299)
> > [jbossweb-7.0.13.Final.jar:] > > at > >
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:515)
> > [jbossweb-7.0.13.Final.jar:] > > at > >
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452)
> > [jbossweb-7.0.13.Final.jar:] > > at > >
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168)
> > [jbossweb-7.0.13.Final.jar:] > > at > > org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) > > [jbossweb-7.0.13.Final.jar:] > > at > > org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190) > > [jbossweb-7.0.13.Final.jar:] > > at org.apache.catalina.connector.Connector.init(Connector.java:983) > > [jbossweb-7.0.13.Final.jar:] > > at > >
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
> > [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
> > [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] > > at > >
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
> > [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] > > at > >
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> > [rt.jar:1.7.0_25] > > at > >
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> > [rt.jar:1.7.0_25] > > at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25] > > > > 2013-07-17 16:37:28,883 ERROR [org.apache.coyote.http11.Http11Protocol] > > (MSC service thread 1-4) Error initializing endpoint: > > java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 > > (Permission denied) > > at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_25] > > at java.io.FileInputStream.<init>(FileInputStream.java:138) > > [rt.jar:1.7.0_25] > > at > >
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:374)
> > [jbossweb-7.0.13.Final.jar:] > > at > >
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:299)
> > [jbossweb-7.0.13.Final.jar:] > > at > >
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:515)
> > [jbossweb-7.0.13.Final.jar:] > > at > >
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452)
> > [jbossweb-7.0.13.Final.jar:] > > at > >
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168)
> > [jbossweb-7.0.13.Final.jar:] > > at > > org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) > > [jbossweb-7.0.13.Final.jar:] > > at > > org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190) > > [jbossweb-7.0.13.Final.jar:] > > at org.apache.catalina.connector.Connector.init(Connector.java:983) > > [jbossweb-7.0.13.Final.jar:] > > at > >
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
> > [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] > > at > >
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
> > [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] > > at > >
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
> > [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] > > at > >
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> > [rt.jar:1.7.0_25] > > at > >
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> > [rt.jar:1.7.0_25] > > at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25] > > > > 2013-07-17 16:37:28,892 ERROR [org.jboss.msc.service.fail] (MSC service > > thread 1-4) MSC00001: Failed to start service jboss.web.connector.https: > > org.jboss.msc.service.StartException in service > > jboss.web.connector.https: JBAS018007: Error starting web connector > > at > >
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:271)
> > at > >
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
> > [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] > > at > >
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
> > [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] > > at > >
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> > [rt.jar:1.7.0_25] > > at > >
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> > [rt.jar:1.7.0_25] > > at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25] > > Caused by: LifecycleException: Protocol handler initialization failed: > > java.io.FileNotFoundException: /etc/pki/ovirt-engine/keys/apache.p12 > > (Permission denied) > > at org.apache.catalina.connector.Connector.init(Connector.java:985) > > at > >
org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267)
> > ... 5 more > > > > 2013-07-17 16:37:28,904 INFO [org.jboss.as.server.deployment.scanner] > > (DeploymentScanner-threads - 1) JBAS015003: Found engine.ear in > > deployment directory. To trigger deployment create a file called > > engine.ear.dodeploy > > 2013-07-17 16:37:28,957 INFO > > [org.jboss.as.connector.subsystems.datasources] (MSC service
engine has line line line line thread
> > 1-11) JBAS010400: Bound data source [java:/ENGINEDataSource] > > 2013-07-17 16:37:28,966 INFO [org.jboss.as.controller] (Controller Boot > > Thread) JBAS014774: Service status report > > JBAS014777: Services which failed to start: service > > jboss.web.connector.https: org.jboss.msc.service.StartException in > > service jboss.web.connector.https: JBAS018007: Error starting web connector > > > > > > the /etc/pki/ovirt-engine/keys: > > > > ls -la /etc/pki/ovirt-engine/keys/ > > total 24 > > drwxr-xr-x. 2 ovirt ovirt 4096 Jul 17 15:51 . > > drwxr-xr-x. 6 ovirt ovirt 4096 Jul 17 15:51 .. > > -rw-r-----. 1 apache apache 1828 Jul 17 15:51 apache.key.nopass > > -rw-r-----. 1 apache apache 2685 Jul 17 15:51 apache.p12 > > -rw-------. 1 root root 1832 Jul 17 15:51 engine_id_rsa > > -rw-r-----. 1 ovirt ovirt 2685 Jul 17 15:51 engine.p12 > > > > > > I've tried with setenforce 0 and no change. > > > > I've downgraded to earlier 3.2.0 versions, earlier jboss-as, beta > > allinone plugin for 3.2, no changes. At one point I added some > > additional debuggingto the allinone script to make sure that reasonable > > variables were being passed around (they are). > > > > I'm stumped. > > > > -- > > -- > > James P. Kinney III > > //// > > ////Every time you stop a school, you will have to build a jail. What > > you gain at one end you lose at the other. It's like feeding a dog on > > his own tail. It won't fatten the dog. > > - Speech 11/23/1900 Mark Twain > > //// > > http://electjimkinney.org > > http://heretothereideas.blogspot.com/ > > //// > > > > > > _______________________________________________ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > > >
-- -- James P. Kinney III * *Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain * http://electjimkinney.org http://heretothereideas.blogspot.com/ *
-- -- James P. Kinney III * *Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain * http://electjimkinney.org http://heretothereideas.blogspot.com/ *
-- -- James P. Kinney III * *Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain * http://electjimkinney.org http://heretothereideas.blogspot.com/ *
participants (3)
-
Alon Bar-Lev -
Itamar Heim -
Jim Kinney