Re: [ovirt-users] adding new node through WAN - fatal: Unable to negotiate a key exchange method [preauth] - Users

7 Jan 2017

      Hi.

I made some changes and now there are fresh installations, and durring add
new node I got the same issue:

2017-01-07 07:44:08,847 ERROR
[org.ovirt.engine.core.bll.hostdeploy.AddVdsCommand] (default task-49)
[c5fb7a0] Failed to establish session with host 'node1': SSH session closed
during connection 'root@10.30.30.51'
2017-01-07 07:44:08,847 WARN
 [org.ovirt.engine.core.bll.hostdeploy.AddVdsCommand] (default task-49)
[c5fb7a0] Validation of action 'AddVds' failed for user
admin@internal-authz. Reasons: VAR__ACTION__ADD,VAR__TYPE__HOST,$server
10.30.30
.51,VDS_CANNOT_CONNECT_TO_SERVER

on both servers are this fresh installed system:

CentOS Linux release 7.3.1611 (Core)

Here are some informations about you asked last time:

[root@ovirt ovirt-engine]# rpm -qa | grep ovirt
ovirt-imageio-common-0.4.0-1.el7.noarch
python-ovirt-engine-sdk4-4.0.2-1.el7.centos.x86_64
ovirt-imageio-proxy-setup-0.4.0-0.201608310602.gita9b573b.el7.centos.noarch
ovirt-engine-websocket-proxy-4.0.5.5-1.el7.centos.noarch
ovirt-engine-dashboard-1.0.5-1.el7.centos.noarch
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.0.5.5-1.el7.centos.noarch
ovirt-engine-backend-4.0.5.5-1.el7.centos.noarch
ovirt-engine-extension-aaa-jdbc-1.1.1-1.el7.noarch
ovirt-host-deploy-1.5.3-1.el7.centos.noarch
ovirt-engine-wildfly-overlay-10.0.0-1.el7.noarch
ovirt-engine-setup-base-4.0.5.5-1.el7.centos.noarch
ovirt-vmconsole-proxy-1.0.4-1.el7.centos.noarch
ovirt-host-deploy-java-1.5.3-1.el7.centos.noarch
ovirt-release40-4.0.5-2.noarch
ovirt-engine-setup-plugin-ovirt-engine-common-4.0.5.5-1.el7.centos.noarch
ovirt-engine-dwh-4.0.5-1.el7.centos.noarch
ovirt-imageio-proxy-0.4.0-0.201608310602.gita9b573b.el7.centos.noarch
ovirt-engine-setup-plugin-websocket-proxy-4.0.5.5-1.el7.centos.noarch
ovirt-iso-uploader-4.0.2-1.el7.centos.noarch
ovirt-engine-dbscripts-4.0.5.5-1.el7.centos.noarch
ovirt-engine-webadmin-portal-4.0.5.5-1.el7.centos.noarch
ovirt-engine-setup-4.0.5.5-1.el7.centos.noarch
ovirt-engine-vmconsole-proxy-helper-4.0.5.5-1.el7.centos.noarch
ovirt-engine-userportal-4.0.5.5-1.el7.centos.noarch
ovirt-engine-restapi-4.0.5.5-1.el7.centos.noarch
ovirt-setup-lib-1.0.2-1.el7.centos.noarch
ovirt-engine-sdk-python-3.6.9.1-1.el7.centos.noarch
ovirt-engine-extensions-api-impl-4.0.5.5-1.el7.centos.noarch
ovirt-engine-wildfly-10.1.0-1.el7.x86_64
ovirt-engine-lib-4.0.5.5-1.el7.centos.noarch
ovirt-vmconsole-1.0.4-1.el7.centos.noarch
ovirt-engine-cli-3.6.8.1-1.el7.centos.noarch
ovirt-engine-dwh-setup-4.0.5-1.el7.centos.noarch
ovirt-engine-tools-backup-4.0.5.5-1.el7.centos.noarch
ovirt-image-uploader-4.0.1-1.el7.centos.noarch
ovirt-engine-tools-4.0.5.5-1.el7.centos.noarch
ovirt-engine-setup-plugin-ovirt-engine-4.0.5.5-1.el7.centos.noarch
ovirt-engine-4.0.5.5-1.el7.centos.noarch

[root@ovirt ovirt-engine]# tail -33f server.log
2017-01-07 07:44:08,843 INFO
 [org.apache.sshd.client.session.ClientSessionImpl]
(sshd-SshClient[4b16ff17]-nio2-thread-2) Server version string:
SSH-2.0-OpenSSH_6.6.1
2017-01-07 07:44:08,844 WARN
 [org.apache.sshd.client.session.ClientSessionImpl]
(sshd-SshClient[4b16ff17]-nio2-thread-2) Exception caught:
java.lang.IllegalStateException: Unable to negotiate key exchange for kex
algorithms (client:
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1
/ server:
diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1)
        at
org.apache.sshd.common.session.AbstractSession.negotiate(AbstractSession.java:1109)
        at
org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:357)
        at
org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:295)
        at
org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:256)
        at
org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:731)
        at
org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:277)
        at
org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)
        at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:187)
        at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173)
        at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
        at java.security.AccessController.doPrivileged(Native Method)
[rt.jar:1.8.0_111]
        at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)
        at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
[rt.jar:1.8.0_111]
        at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157)
[rt.jar:1.8.0_111]
        at
sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553)
[rt.jar:1.8.0_111]
        at
sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:276)
[rt.jar:1.8.0_111]
        at
sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:297)
[rt.jar:1.8.0_111]
        at
java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:420)
[rt.jar:1.8.0_111]
        at
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:173)
        at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:189)
        at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173)
        at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
        at java.security.AccessController.doPrivileged(Native Method)
[rt.jar:1.8.0_111]
        at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)
        at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
[rt.jar:1.8.0_111]
        at sun.nio.ch.Invoker$2.run(Invoker.java:218) [rt.jar:1.8.0_111]
        at
sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
[rt.jar:1.8.0_111]
        at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_111]
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_111]
        at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_111]

In the end server (oVirt Node) in /var/log/secure.log:

Jan  7 08:10:26 ns3047117 sshd[30377]: fatal: Unable to negotiate a key
exchange method [preauth]

2016-12-01 8:22 GMT+01:00 Yedidyah Bar David <didi@redhat.com>:
...
(Adding the list. Please reply also to the list and not only
to specific people. Thanks).
On Wed, Nov 30, 2016 at 9:01 PM, Grzegorz Szypa
<grzegorz.szypa@gmail.com> wrote:
...
Hi.
It works.
Problem I think are in other side, maybe I explain my landscape:
oVirt Engine is VM on after NAT, but currectly this way are disabled and
now
only work direct access to Internet via dedicated WAN IP, and oVirt Node
are
VM also under separat WAN IP, but still the same problem. I think there
is
no problem with SSH configuration because setting it as self-hosted
engine
work fine
What OS is on each of the engine and host?
Did you change any configuration of sshd on the host,
compared to the OS's defaults?
Please check/share the output of previous ssh command, but
with '-v' appended.
Please also share more of the engine log, starting with a line
containing 'AddVdsCommand'.
Please attach output of: 'rpm -qa | grep ovirt'.
Thanks,
...
2016-11-30 14:18 GMT+01:00 Yedidyah Bar David <didi@redhat.com>:
...
On Wed, Nov 30, 2016 at 1:58 PM, Grzegorz Szypa
<grzegorz.szypa@gmail.com> wrote:
...
Hi.
Did you meet ever with  problem, when you try to add new node to quite
new
oVirt Engine via Gui and get Error :
engine.log:
2016-11-30 12:50:55,453 ERROR
[org.ovirt.engine.core.bll.hostdeploy.AddVdsCommand] (default
task-23)
...
...
...
[178c9385] Failed to establish session with host 'node1': SSH session
closed
during connection '["my new node"]'
2016-11-30 12:50:55,453 WARN
[org.ovirt.engine.core.bll.hostdeploy.AddVdsCommand] (default
task-23)
[178c9385] Validation of action 'AddVds' failed for user
admin@internal-authz. Reasons: VAR__ACTION__ADD,VAR__TYPE__
HOST,$server
vmsrv1.szypa.net,VDS_CANNOT_CONNECT_TO_SERVER
in the end node I only got error that there is not possible, to
exchange
key
between two hosts:
there is log form /var/log/secure:
fatal: Unable to negotiate a key exchange method [preauth]
In network I found that it could be a problem with key exchange
method,
which is not available on some host.
SSH connection between this two hosts work fine so I do not understand
why
it does not work?
Please try this, from the engine machine, as user root:
ssh -i /etc/pki/ovirt-engine/keys/engine_id_rsa HOST
Replace "HOST" with the name or address you input in the field "Address"
in the "New Host" dialog. I think that's 'node1', from above.
Does it work? If not, please check sshd configuration/logs on the host.
Best,
--
Didi
--
G.Sz.
--
Didi
-- 
G.Sz.

Re: [ovirt-users] adding new node through WAN - fatal: Unable to negotiate a key exchange method [preauth]

Grzegorz Szypa

tags

participants (1)