Re: [ovirt-users] adding new node through WAN - fatal: Unable to negotiate a key exchange method [preauth]
9:22 a.m.
Hi.
I made some changes and now there are fresh installations, and durring add
new node I got the same issue:
2017-01-07 07:44:08,847 ERROR
[org.ovirt.engine.core.bll.hostdeploy.AddVdsCommand] (default task-49)
[c5fb7a0] Failed to establish session with host 'node1': SSH session closed
during connection 'root(a)10.30.30.51'
2017-01-07 07:44:08,847 WARN
[org.ovirt.engine.core.bll.hostdeploy.AddVdsCommand] (default task-49)
[c5fb7a0] Validation of action 'AddVds' failed for user
admin@internal-authz. Reasons: VAR__ACTION__ADD,VAR__TYPE__HOST,$server
10.30.30
.51,VDS_CANNOT_CONNECT_TO_SERVER
on both servers are this fresh installed system:
CentOS Linux release 7.3.1611 (Core)
Here are some informations about you asked last time:
[root@ovirt ovirt-engine]# rpm -qa | grep ovirt
ovirt-imageio-common-0.4.0-1.el7.noarch
python-ovirt-engine-sdk4-4.0.2-1.el7.centos.x86_64
ovirt-imageio-proxy-setup-0.4.0-0.201608310602.gita9b573b.el7.centos.noarch
ovirt-engine-websocket-proxy-4.0.5.5-1.el7.centos.noarch
ovirt-engine-dashboard-1.0.5-1.el7.centos.noarch
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.0.5.5-1.el7.centos.noarch
ovirt-engine-backend-4.0.5.5-1.el7.centos.noarch
ovirt-engine-extension-aaa-jdbc-1.1.1-1.el7.noarch
ovirt-host-deploy-1.5.3-1.el7.centos.noarch
ovirt-engine-wildfly-overlay-10.0.0-1.el7.noarch
ovirt-engine-setup-base-4.0.5.5-1.el7.centos.noarch
ovirt-vmconsole-proxy-1.0.4-1.el7.centos.noarch
ovirt-host-deploy-java-1.5.3-1.el7.centos.noarch
ovirt-release40-4.0.5-2.noarch
ovirt-engine-setup-plugin-ovirt-engine-common-4.0.5.5-1.el7.centos.noarch
ovirt-engine-dwh-4.0.5-1.el7.centos.noarch
ovirt-imageio-proxy-0.4.0-0.201608310602.gita9b573b.el7.centos.noarch
ovirt-engine-setup-plugin-websocket-proxy-4.0.5.5-1.el7.centos.noarch
ovirt-iso-uploader-4.0.2-1.el7.centos.noarch
ovirt-engine-dbscripts-4.0.5.5-1.el7.centos.noarch
ovirt-engine-webadmin-portal-4.0.5.5-1.el7.centos.noarch
ovirt-engine-setup-4.0.5.5-1.el7.centos.noarch
ovirt-engine-vmconsole-proxy-helper-4.0.5.5-1.el7.centos.noarch
ovirt-engine-userportal-4.0.5.5-1.el7.centos.noarch
ovirt-engine-restapi-4.0.5.5-1.el7.centos.noarch
ovirt-setup-lib-1.0.2-1.el7.centos.noarch
ovirt-engine-sdk-python-3.6.9.1-1.el7.centos.noarch
ovirt-engine-extensions-api-impl-4.0.5.5-1.el7.centos.noarch
ovirt-engine-wildfly-10.1.0-1.el7.x86_64
ovirt-engine-lib-4.0.5.5-1.el7.centos.noarch
ovirt-vmconsole-1.0.4-1.el7.centos.noarch
ovirt-engine-cli-3.6.8.1-1.el7.centos.noarch
ovirt-engine-dwh-setup-4.0.5-1.el7.centos.noarch
ovirt-engine-tools-backup-4.0.5.5-1.el7.centos.noarch
ovirt-image-uploader-4.0.1-1.el7.centos.noarch
ovirt-engine-tools-4.0.5.5-1.el7.centos.noarch
ovirt-engine-setup-plugin-ovirt-engine-4.0.5.5-1.el7.centos.noarch
ovirt-engine-4.0.5.5-1.el7.centos.noarch
[root@ovirt ovirt-engine]# tail -33f server.log
2017-01-07 07:44:08,843 INFO
[org.apache.sshd.client.session.ClientSessionImpl]
(sshd-SshClient[4b16ff17]-nio2-thread-2) Server version string:
SSH-2.0-OpenSSH_6.6.1
2017-01-07 07:44:08,844 WARN
[org.apache.sshd.client.session.ClientSessionImpl]
(sshd-SshClient[4b16ff17]-nio2-thread-2) Exception caught:
java.lang.IllegalStateException: Unable to negotiate key exchange for kex
algorithms (client:
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1
/ server:
diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1)
at
org.apache.sshd.common.session.AbstractSession.negotiate(AbstractSession.java:1109)
at
org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:357)
at
org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:295)
at
org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:256)
at
org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:731)
at
org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:277)
at
org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:187)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173)
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
at java.security.AccessController.doPrivileged(Native Method)
[rt.jar:1.8.0_111]
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
[rt.jar:1.8.0_111]
at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157)
[rt.jar:1.8.0_111]
at
sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553)
[rt.jar:1.8.0_111]
at
sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:276)
[rt.jar:1.8.0_111]
at
sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:297)
[rt.jar:1.8.0_111]
at
java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:420)
[rt.jar:1.8.0_111]
at
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:173)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:189)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173)
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
at java.security.AccessController.doPrivileged(Native Method)
[rt.jar:1.8.0_111]
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
[rt.jar:1.8.0_111]
at sun.nio.ch.Invoker$2.run(Invoker.java:218) [rt.jar:1.8.0_111]
at
sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
[rt.jar:1.8.0_111]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_111]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_111]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_111]
In the end server (oVirt Node) in /var/log/secure.log:
Jan 7 08:10:26 ns3047117 sshd[30377]: fatal: Unable to negotiate a key
exchange method [preauth]
2016-12-01 8:22 GMT+01:00 Yedidyah Bar David <didi(a)redhat.com>:
(Adding the list. Please reply also to the list and not only
to specific people. Thanks).
On Wed, Nov 30, 2016 at 9:01 PM, Grzegorz Szypa
<grzegorz.szypa(a)gmail.com> wrote:
> Hi.
>
> It works.
>
> Problem I think are in other side, maybe I explain my landscape:
>
> oVirt Engine is VM on after NAT, but currectly this way are disabled and
now
> only work direct access to Internet via dedicated WAN IP, and oVirt Node
are
> VM also under separat WAN IP, but still the same problem. I think there
is
> no problem with SSH configuration because setting it as self-hosted
engine
> work fine
What OS is on each of the engine and host?
Did you change any configuration of sshd on the host,
compared to the OS's defaults?
Please check/share the output of previous ssh command, but
with '-v' appended.
Please also share more of the engine log, starting with a line
containing 'AddVdsCommand'.
Please attach output of: 'rpm -qa | grep ovirt'.
Thanks,
>
>
> 2016-11-30 14:18 GMT+01:00 Yedidyah Bar David <didi(a)redhat.com>:
>>
>> On Wed, Nov 30, 2016 at 1:58 PM, Grzegorz Szypa
>> <grzegorz.szypa(a)gmail.com> wrote:
>> > Hi.
>> >
>> > Did you meet ever with problem, when you try to add new node to quite
>> > new
>> > oVirt Engine via Gui and get Error :
>> >
>> > engine.log:
>> >
>> > 2016-11-30 12:50:55,453 ERROR
>> > [org.ovirt.engine.core.bll.hostdeploy.AddVdsCommand] (default
task-23)
>> > [178c9385] Failed to establish session with host 'node1': SSH
session
>> > closed
>> > during connection '["my new node"]'
>> > 2016-11-30 12:50:55,453 WARN
>> > [org.ovirt.engine.core.bll.hostdeploy.AddVdsCommand] (default
task-23)
>> > [178c9385] Validation of action 'AddVds' failed for user
>> > admin@internal-authz. Reasons: VAR__ACTION__ADD,VAR__TYPE__
HOST,$server
>> > vmsrv1.szypa.net,VDS_CANNOT_CONNECT_TO_SERVER
>> >
>> >
>> >
>> > in the end node I only got error that there is not possible, to
exchange
>> > key
>> > between two hosts:
>> >
>> > there is log form /var/log/secure:
>> >
>> > fatal: Unable to negotiate a key exchange method [preauth]
>> >
>> > In network I found that it could be a problem with key exchange
method,
>> > which is not available on some host.
>> >
>> > SSH connection between this two hosts work fine so I do not understand
>> > why
>> > it does not work?
>>
>> Please try this, from the engine machine, as user root:
>>
>> ssh -i /etc/pki/ovirt-engine/keys/engine_id_rsa HOST
>>
>> Replace "HOST" with the name or address you input in the field
"Address"
>> in the "New Host" dialog. I think that's 'node1', from
above.
>>
>> Does it work? If not, please check sshd configuration/logs on the host.
>>
>> Best,
>> --
>> Didi
>
>
>
>
> --
> G.Sz.
--
Didi
--
G.Sz.
2877
days inactive
2877
days old
0 comments
1 participants
participants (1)
-
Grzegorz Szypa