4:22 p.m.
Yes, i use same manual to change WebUI SSL.
ovirt-ca-file= is a same SSL file which use WebUI.
Yes, i restart ovirt-provider-ovn, i restart engine, i restart all what i can restart.
Nothing...
10:53 p.m.
New subject: Failed to synchronize networks of Provider ovirt-provider-ovn
Hello!
Get problems with clean installation 4.3.6.6-1.el7 and OVN
When i try to test OVN get notification:
«Import provider certificate»
Do you approve trusting self signed certificate subject CN=Certificate Authority,
O=SET.LOCAL, SHA-1 fingerprint a9d9b91160bb306667a521e6f2c66037ddc437cb?
When i’m press «Yes», see old problem:
Failed to communicate with the external provider, see log for additional details.
[root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log
timeout=self._timeout())
File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, in
create_token
username, password, engine_url, ca_file, timeout)
File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91, in
_get_sso_token
timeout=timeout
File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, in
wrapper
response = func(*args, **kwargs)
File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, in
wrapper
raise BadGateway(e)
BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)
[root@engine ~]# cat /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
# This file is automatically generated by engine-setup. Please do not edit manually
[OVN REMOTE]
ovn-remote=ssl:127.0.0.1:6641
[SSL]
https-enabled=true
ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem
ssl-cert-file=/etc/pki/ovirt-engine/certs/apache.cer
ssl-key-file=/etc/pki/ovirt-engine/keys/apache.key.nopass
[OVIRT]
ovirt-sso-client-id=ovirt-provider-ovn
ovirt-ca-file=/etc/pki/ovirt-engine/certs/engine.cer
ovirt-host=https://engine.set.local:443/ovirt-engine/
ovirt-sso-client-secret=vy80-QmCNNv6wP7JFvN9GWhPmYvo0lBNl5J8hpiGRa4
[NETWORK]
port-security-enabled-default=True
[PROVIDER]
provider-host=engine.set.local
[root@engine ~]# python -c "import requests; \
print requests.get('https://engine.set.local', \
verify='/etc/pki/ovirt-engine/apache-ca.pem')"
<Response [200]>
What’s wrong ?
1:07 a.m.
New subject: Failed to synchronize networks of Provider ovirt-provider-ovn
Few hours later i'm fixed SSL error, but get a new error
2019-10-02 01:02:38,369 root Starting server
2019-10-02 01:02:38,369 root Version: 1.2.22-1
2019-10-02 01:02:38,369 root Build date: 20190509114402
2019-10-02 01:02:38,369 root Githash: 38acbde
2019-10-02 01:02:46,471 root From: ::ffff:172.19.0.10:33644 Request: POST /v2.0/tokens
2019-10-02 01:02:46,471 root Request body:
{"auth": {"passwordCredentials": {"username":
"admin@internal", "password": "<PASSWORD_HIDDEN>"}}}
2019-10-02 01:02:46,472 root Error during SSO authentication invalid_request : Missing
parameter: 'client_secret'
Traceback (most recent call last):
File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 138, in
_handle_request
method, path_parts, content
File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175,
in handle_request
return self.call_response_handler(handler, content, parameters)
File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in
call_response_handler
return response_handler(content, parameters)
File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line 69,
in post_tokens
if not auth.validate_token(token):
File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 31, in
validate_token
return auth.core.plugin.validate_token(token)
File
"/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py",
line 36, in validate_token
return self._is_user_name(token, _admin_user_name())
File
"/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py",
line 47, in _is_user_name
timeout=AuthorizationByUserName._timeout())
File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 131, in
get_token_info
timeout=timeout
File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 55, in
wrapper
_check_for_error(response)
File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 181, in
_check_for_error
result['error'], details))
Unauthorized: Error during SSO authentication invalid_request : Missing parameter:
'client_secret'
10:11 a.m.
New subject: Failed to synchronize networks of Provider ovirt-provider-ovn
On Wed, Oct 2, 2019 at 12:13 AM Mail SET Inc. Group <mail(a)set-pro.net>
wrote:
Few hours later i'm fixed SSL error,
Would you share how you fixed the error?
This might also help to understand the next issue.
looks like the
/etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
does not fit to engine's db.
Maybe most easy would be to move the current
/etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
away from /etc/ovirt-provider-ovn/conf.d/ and re-trigger the configuration
by using the
parameter '--reconfigure-optional-components' of engine-setup.
Was the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
modified outside engine-setup?
1:17 p.m.
New subject: Failed to synchronize networks of Provider ovirt-provider-ovn
Something strange happens..
What changes i do. I change Engine SSL using this
https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL.html
<https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL.html> manual
I'm don’t checked how work OVN before changes. Of course i modiied
'/etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf' because i
changed engine certificate.
What i see today:
2019-10-02 13:02:47,854 root From: ::ffff:172.19.0.10:60482 Request: GET /v2.0/
2019-10-02 13:02:47,854 root [('SSL routines',
'ssl3_get_server_certificate', 'certificate verify failed')]
Traceback (most recent call last):
File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 138, in
_handle_request
method, path_parts, content
File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175,
in handle_request
return self.call_response_handler(handler, content, parameters)
File "/usr/share/ovirt-provider-ovn/handlers/neutron.py", line 35, in
call_response_handler
with NeutronApi() as ovn_north:
File "/usr/share/ovirt-provider-ovn/neutron/neutron_api.py", line 77, in
__init__
self.ovsidl, self.idl = ovn_connection.connect()
File "/usr/share/ovirt-provider-ovn/ovn_connection.py", line 43, in connect
ovnconst.OVN_NORTHBOUND
File
"/usr/lib/python2.7/site-packages/ovsdbapp/backend/ovs_idl/connection.py", line
127, in from_server
helper = idlutils.get_schema_helper(connection_string, schema_name)
File "/usr/lib/python2.7/site-packages/ovsdbapp/backend/ovs_idl/idlutils.py",
line 118, in get_schema_helper
stream.Stream.open(connection))
File "/usr/lib64/python2.7/site-packages/ovs/stream.py", line 226, in
open_block
error = stream.connect()
File "/usr/lib64/python2.7/site-packages/ovs/stream.py", line 802, in connect
self.socket.do_handshake()
File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1716, in
do_handshake
self._raise_ssl_error(self._ssl, result)
File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1456, in
_raise_ssl_error
_raise_current_error()
File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in
exception_from_error_queue
raise exception_type(errors)
Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate
verify failed')]
My config:
# This file is automatically generated by engine-setup. Please do not edit manually
[OVN REMOTE]
ovn-remote=ssl:127.0.0.1:6641
[SSL]
https-enabled=true
#ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem
#ssl-cert-file=/etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer
#ssl-key-file=/etc/pki/ovirt-engine/keys/ovirt-provider-ovn.key.nopass
ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem
ssl-cert-file=/etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer
ssl-key-file=/etc/pki/ovirt-engine/keys/ovirt-provider-ovn.key.nopass
[OVIRT]
ovirt-host=https://engine.set.local:443
ovirt-base=/ovirt-engine
ovirt-auth-timeout=110
ovirt-sso-client-id=ovirt-provider-ovn
ovirt-sso-client-secret=PzrrA0GBGwBzlKcf2s3j6PZK1BONTQG6FR6UxPWNqYY
#ovirt-sso-client-secret=HO0GftT4aT1SvuDZhqB0NInAeHr5OsNu
ovirt-admin-user-name=admin@internal
ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem
[NETWORK]
port-security-enabled-default=True
[PROVIDER]
provider-host=engine.set.local
Now try '--reconfigure-optional-components' of engine-setup.
1:29 p.m.
New subject: Failed to synchronize networks of Provider ovirt-provider-ovn
--reconfigure-optional-components not helps. And the file
/etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf not exists after setup.
[root@engine ~]# rm /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
[root@engine ~]# engine-setup --reconfigure-optional-components
[ INFO ] Stage: Initializing
[ INFO ] Stage: Environment setup
Configuration files:
['/etc/ovirt-engine-setup.conf.d/10-packaging-jboss.conf',
'/etc/ovirt-engine-setup.conf.d/10-packaging.conf',
'/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf']
Log file:
/var/log/ovirt-engine/setup/ovirt-engine-setup-20191002131904-4iwth0.log
Version: otopi-1.8.3 (otopi-1.8.3-1.el7)
[ INFO ] Stage: Environment packages setup
[ INFO ] Stage: Programs detection
[ INFO ] Stage: Environment setup (late)
[ INFO ] Stage: Environment customization
--== PRODUCT OPTIONS ==--
Set up Cinderlib integration
(Currently in tech preview)
(Yes, No) [No]:
[ INFO ] ovirt-provider-ovn already installed, skipping.
--== PACKAGES ==--
[ INFO ] Checking for product updates...
[ INFO ] No product updates found
--== NETWORK CONFIGURATION ==--
Setup can automatically configure the firewall on this system.
Note: automatic configuration of the firewall may overwrite current settings.
NOTICE: iptables is deprecated and will be removed in future releases
Do you want Setup to configure the firewall? (Yes, No) [Yes]:
[ INFO ] firewalld will be configured as firewall manager.
--== DATABASE CONFIGURATION ==--
The detected DWH database size is 111 MB.
Setup can backup the existing database. The time and space required for the
database backup depend on its size. This process takes time, and in some cases (for
instance, when the size is few GBs) may take several hours to complete.
If you choose to not back up the database, and Setup later fails for some
reason, it will not be able to restore the database and all DWH data will be lost.
Would you like to backup the existing database before upgrading it? (Yes, No)
[Yes]:
Perform full vacuum on the oVirt engine history
database ovirt_engine_history@localhost?
This operation may take a while depending on this setup health and the
configuration of the db vacuum process.
See https://www.postgresql.org/docs/10/sql-vacuum.html
(Yes, No) [No]:
--== OVIRT ENGINE CONFIGURATION ==--
Perform full vacuum on the engine database engine@localhost?
This operation may take a while depending on this setup health and the
configuration of the db vacuum process.
See https://www.postgresql.org/docs/10/sql-vacuum.html
(Yes, No) [No]:
--== STORAGE CONFIGURATION ==--
--== PKI CONFIGURATION ==--
[WARNING] Failed to read or parse '/etc/pki/ovirt-engine/keys/apache.p12'
Perhaps it was changed since last Setup.
Error was:
Mac verify error: invalid password?
--== APACHE CONFIGURATION ==--
--== SYSTEM CONFIGURATION ==--
--== MISC CONFIGURATION ==--
--== END OF CONFIGURATION ==--
[ INFO ] Stage: Setup validation
During execution engine service will be stopped (OK, Cancel) [OK]:
[ INFO ] Hosted Engine HA is in Global Maintenance mode.
[WARNING] Less than 16384MB of memory is available
[ INFO ] Cleaning stale zombie tasks and commands
--== CONFIGURATION PREVIEW ==--
Default SAN wipe after delete : False
Firewall manager : firewalld
Update Firewall : True
Host FQDN : engine.set.local
Set up Cinderlib integration : False
Engine database secured connection : False
Engine database user name : engine
Engine database name : engine
Engine database host : localhost
Engine database port : 5432
Engine database host name validation : False
Engine installation : True
PKI organization : set.local
Set up ovirt-provider-ovn : True
Configure WebSocket Proxy : True
DWH installation : True
DWH database secured connection : False
DWH database host : localhost
DWH database user name : ovirt_engine_history
DWH database name : ovirt_engine_history
Backup DWH database : True
DWH database port : 5432
DWH database host name validation : False
Configure Image I/O Proxy : True
Configure VMConsole Proxy : True
Please confirm installation settings (OK, Cancel) [OK]:
[ INFO ] Cleaning async tasks and compensations
[ INFO ] Unlocking existing entities
[ INFO ] Checking the Engine database consistency
[ INFO ] Stage: Transaction setup
[ INFO ] Stopping engine service
[ INFO ] Stopping ovirt-fence-kdump-listener service
[ INFO ] Stopping dwh service
[ INFO ] Stopping Image I/O Proxy service
[ INFO ] Stopping vmconsole-proxy service
[ INFO ] Stopping websocket-proxy service
[ INFO ] Stage: Misc configuration (early)
[ INFO ] Stage: Package installation
[ INFO ] Stage: Misc configuration
[ INFO ] Upgrading CA
[ INFO ] Updating /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf to use apache key and
certificate
[ INFO ] Backing up database localhost:ovirt_engine_history to
'/var/lib/ovirt-engine-dwh/backups/dwh-20191002132135.4DV89M.dump'.
[ INFO ] Creating/refreshing DWH database schema
[ INFO ] Configuring Image I/O Proxy
[ INFO ] Configuring WebSocket Proxy
[ INFO ] Backing up database localhost:engine to
'/var/lib/ovirt-engine/backups/engine-20191002132145.CzmG31.dump'.
[ INFO ] Creating/refreshing Engine database schema
[ INFO ] Creating/refreshing Engine 'internal' domain database schema
Unregistering existing client registration info.
[ INFO ] Generating post install configuration file
'/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf'
[ INFO ] Stage: Transaction commit
[ INFO ] Stage: Closing up
[ INFO ] Starting engine service
[ INFO ] Starting dwh service
[ INFO ] Restarting ovirt-vmconsole proxy service
--== SUMMARY ==--
[ INFO ] Restarting httpd
Web access is enabled at:
http://engine.set.local:80/ovirt-engine
https://engine.set.local:443/ovirt-engine
Internal CA 98:A1:43:62:A6:0E:FE:4E:13:FA:0E:3F:F8:68:0C:62:01:31:16:BA
SSH fingerprint: SHA256:NrIqDX9x7XrqE7CXpm/D9xpqnF9J162+42xiFiR5m1s
[WARNING] Less than 16384MB of memory is available
--== END OF SUMMARY ==--
[ INFO ] Stage: Clean up
Log file is located at
/var/log/ovirt-engine/setup/ovirt-engine-setup-20191002131904-4iwth0.log
[ INFO ] Generating answer file
'/var/lib/ovirt-engine/setup/answers/20191002132222-setup.conf'
[ INFO ] Stage: Pre-termination
[ INFO ] Stage: Termination
[ INFO ] Execution of setup completed successfully
[root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log
error = stream.connect()
File "/usr/lib64/python2.7/site-packages/ovs/stream.py", line 802, in connect
self.socket.do_handshake()
File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1716, in
do_handshake
self._raise_ssl_error(self._ssl, result)
File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1456, in
_raise_ssl_error
_raise_current_error()
File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in
exception_from_error_queue
raise exception_type(errors)
Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate
verify failed’)]
[root@engine ~]# ls -la /etc/ovirt-provider-ovn/conf.d/
итого 4
drwxr-xr-x. 2 root root 20 окт 2 13:19 .
drwxr-xr-x. 3 root root 70 окт 2 01:14 ..
-rw-r--r--. 1 root root 194 май 9 14:44 README
10:33 p.m.
New subject: Failed to synchronize networks of Provider ovirt-provider-ovn
Hello!
Still have this problem. After updates and searching for resolution.. Need help with this.
11:23 a.m.
New subject: Failed to synchronize networks of Provider ovirt-provider-ovn
On Wed, Oct 2, 2019 at 12:29 PM Mail SET Inc. Group <mail(a)set-pro.net>
wrote:
The old installation is still detected.
1. backup /etc/ovirt-provider-ovn/
2. restore the original /etc/ovirt-provider-ovn/ovirt-provider-ovn.conf,
e.g. to
https://github.com/oVirt/ovirt-provider-ovn/blob/master/provider/ovirt-pr...
3. /backup etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf,
4. rename ovirt-provider-ovn external provider entity in oVirt webadmin,
5. comment OVESETUP_OVN/ovirtProviderOvnId
in /etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf
6. engine-setup --reconfigure-optional-components
7. If modifications of the certificates are required, please create a new
file in /etc/ovirt-provider-ovn/conf.d/ , e.g. 50-ssl-modifications
Do these steps solve the problem for you?
Dec 18 21:01:02 <dholler> password should be the usual admin@interal
password
1:06 p.m.
New subject: Failed to synchronize networks of Provider ovirt-provider-ovn
On Mon, Feb 3, 2020 at 11:39 AM Strahil Nikolov <hunter86_bg(a)yahoo.com>
wrote:
No, this would just reset the integration into oVirt.
If you like to reset the ovn-nb,
I would use ovn-nbctl on command line to delete all entities in the nb data
base.
Just be aware that this could create inconsistent states, but if you delete
all logical network entities, this is no problem.
I recommend to create a backup with engine-backup before using ovn-nbct.
2:05 p.m.
New subject: Failed to synchronize networks of Provider ovirt-provider-ovn
Hi Dominik!
So, this solution helps!
But, if i do step #7 it returns to pervious (bad) state and i need to do all 6 steps
again.
Thank u 4 help!!!
2:35 p.m.
New subject: Failed to synchronize networks of Provider ovirt-provider-ovn
On Mon, Feb 3, 2020 at 1:07 PM <mail(a)set-pro.net> wrote:
Step 7 is now independent from the other steps.
You are welcome to post the error message where the certificates fail.
https://github.com/oVirt/ovirt-provider-ovn/blob/master/README.adoc
explains the ssl configuration of the ovirt-provider-ovn.
2:43 p.m.
New subject: Failed to synchronize networks of Provider ovirt-provider-ovn
Installation log:
engine-setup --reconfigure-optional-components
[ INFO ] Stage: Initializing
[ INFO ] Stage: Environment setup
Configuration files:
['/etc/ovirt-engine-setup.conf.d/10-packaging-jboss.conf',
'/etc/ovirt-engine-setup.conf.d/10-packaging.conf',
'/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf']
Log file:
/var/log/ovirt-engine/setup/ovirt-engine-setup-20200203141445-e8fjh7.log
Version: otopi-1.8.4 (otopi-1.8.4-1.el7)
[ INFO ] Stage: Environment packages setup
[ INFO ] Stage: Programs detection
[ INFO ] Stage: Environment setup (late)
[ INFO ] Stage: Environment customization
--== PRODUCT OPTIONS ==--
Set up Cinderlib integration
(Currently in tech preview)
(Yes, No) [No]:
--== PACKAGES ==--
[ INFO ] Checking for product updates...
[ INFO ] No product updates found
--== NETWORK CONFIGURATION ==--
Setup can automatically configure the firewall on this system.
Note: automatic configuration of the firewall may overwrite current settings.
NOTICE: iptables is deprecated and will be removed in future releases
Do you want Setup to configure the firewall? (Yes, No) [Yes]:
[ INFO ] firewalld will be configured as firewall manager.
--== DATABASE CONFIGURATION ==--
The detected DWH database size is 327 MB.
Setup can backup the existing database. The time and space required for the
database backup depend on its size. This process takes time, and in some cases (for
instance, when the size is few GBs) may take several hours to complete.
If you choose to not back up the database, and Setup later fails for some
reason, it will not be able to restore the database and all DWH data will be lost.
Would you like to backup the existing database before upgrading it? (Yes, No)
[Yes]:
Perform full vacuum on the oVirt engine history
database ovirt_engine_history@localhost?
This operation may take a while depending on this setup health and the
configuration of the db vacuum process.
See https://www.postgresql.org/docs/10/sql-vacuum.html
(Yes, No) [No]:
--== OVIRT ENGINE CONFIGURATION ==--
Perform full vacuum on the engine database engine@localhost?
This operation may take a while depending on this setup health and the
configuration of the db vacuum process.
See https://www.postgresql.org/docs/10/sql-vacuum.html
(Yes, No) [No]:
oVirt OVN provider user[admin@internal]:
oVirt OVN provider password:
--== STORAGE CONFIGURATION ==--
--== PKI CONFIGURATION ==--
[WARNING] Failed to read or parse '/etc/pki/ovirt-engine/keys/apache.p12'
Perhaps it was changed since last Setup.
Error was:
Mac verify error: invalid password?
--== APACHE CONFIGURATION ==--
--== SYSTEM CONFIGURATION ==--
--== MISC CONFIGURATION ==--
--== END OF CONFIGURATION ==--
[ INFO ] Stage: Setup validation
During execution engine service will be stopped (OK, Cancel) [OK]:
[ INFO ] Hosted Engine HA is in Global Maintenance mode.
[WARNING] Less than 16384MB of memory is available
[ INFO ] Cleaning stale zombie tasks and commands
--== CONFIGURATION PREVIEW ==--
Default SAN wipe after delete : False
Firewall manager : firewalld
Update Firewall : True
Host FQDN : engine.set.local
Set up Cinderlib integration : False
Engine database secured connection : False
Engine database user name : engine
Engine database name : engine
Engine database host : localhost
Engine database port : 5432
Engine database host name validation : False
Engine installation : True
PKI organization : set.local
Set up ovirt-provider-ovn : True
Configure WebSocket Proxy : True
DWH installation : True
DWH database secured connection : False
DWH database host : localhost
DWH database user name : ovirt_engine_history
DWH database name : ovirt_engine_history
Backup DWH database : True
DWH database port : 5432
DWH database host name validation : False
Configure Image I/O Proxy : True
Configure VMConsole Proxy : True
Please confirm installation settings (OK, Cancel) [OK]:
[ INFO ] Cleaning async tasks and compensations
[ INFO ] Unlocking existing entities
[ INFO ] Checking the Engine database consistency
[ INFO ] Stage: Transaction setup
[ INFO ] Stopping engine service
[ INFO ] Stopping ovirt-fence-kdump-listener service
[ INFO ] Stopping dwh service
[ INFO ] Stopping Image I/O Proxy service
[ INFO ] Stopping vmconsole-proxy service
[ INFO ] Stopping websocket-proxy service
[ INFO ] Stage: Misc configuration (early)
[ INFO ] Stage: Package installation
[ INFO ] Stage: Misc configuration
[ INFO ] Upgrading CA
[ INFO ] Updating /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf to use apache key and
certificate
[ ERROR ] Failed to import provider certificate into the external provider keystore
[ INFO ] Backing up database localhost:ovirt_engine_history to
'/var/lib/ovirt-engine-dwh/backups/dwh-20200203143914.gWtVQt.dump'.
[ INFO ] Creating/refreshing DWH database schema
[ INFO ] Configuring Image I/O Proxy
[ INFO ] Configuring WebSocket Proxy
[ INFO ] Backing up database localhost:engine to
'/var/lib/ovirt-engine/backups/engine-20200203143933.zqclHW.dump'.
[ INFO ] Creating/refreshing Engine database schema
[ INFO ] Creating/refreshing Engine 'internal' domain database schema
Unregistering existing client registration info.
[ INFO ] Adding default OVN provider to database
[ INFO ] Adding OVN provider secret to database
[ INFO ] Generating post install configuration file
'/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf'
[ INFO ] Stage: Transaction commit
[ INFO ] Stage: Closing up
[ INFO ] Starting engine service
[ INFO ] Starting dwh service
[ INFO ] Restarting ovirt-vmconsole proxy service
--== SUMMARY ==--
[ INFO ] Restarting httpd
Web access is enabled at:
http://engine.set.local:80/ovirt-engine
https://engine.set.local:443/ovirt-engine
ovirt-provider-ovn configuration file was created in:
/etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
A sample configuration file for future reference was created in:
/etc/ovirt-engine/ovirt-provider-ovn-conf.example
The following commands failed to execute.
Please execute them manually as root:
. /usr/share/ovirt-engine/bin/engine-prolog.sh
export pass="${ENGINE_EXTERNAL_PROVIDERS_TRUST_STORE_PASSWORD}"
keytool -import -alias ovirt-provider-ovn -keystore
/var/lib/ovirt-engine/external_truststore -file /etc/pki/ovirt-engine/ca.pem -noprompt
-storepass:env pass
Internal CA 98:A1:43:62:A6:0E:FE:4E:13:FA:0E:3F:F8:68:0C:62:01:31:16:BA
SSH fingerprint: SHA256:NrIqDX9x7XrqE7CXpm/D9xpqnF9J162+42xiFiR5m1s
[WARNING] Less than 16384MB of memory is available
--== END OF SUMMARY ==--
[ INFO ] Stage: Clean up
Log file is located at
/var/log/ovirt-engine/setup/ovirt-engine-setup-20200203141445-e8fjh7.log
[ INFO ] Generating answer file
'/var/lib/ovirt-engine/setup/answers/20200203144041-setup.conf'
[ INFO ] Stage: Pre-termination
[ INFO ] Stage: Termination
[ INFO ] Execution of setup completed successfully
Ffter install i'm test provider and it's ok. Then i create
/etc/ovirt-provider-ovn/conf.d/50-ssl-modifications.conf with this content:
[SSL]
ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem
ssl-cert-file=/etc/pki/ovirt-engine/certs/apache.cer
ssl-key-file=/etc/pki/ovirt-engine/keys/apache.key.nopass
[OVIRT]
ovirt-sso-client-secret=PzrrA0GBGwBzlKcf2s3j6PZK1BONTQG6FR6UxPWNqYY
Restart provider and test again. Got message "Failed to communicate with the external
provider, see log for additional details."
I try to delete created file^ but it not help, and i do your 6 steps again.
2:01 p.m.
New subject: Failed to synchronize networks of Provider ovirt-provider-ovn
Hi!
Can you tell me how to do step 4
"rename ovirt-provider-ovn external provider entity in oVirt webadmin"
583
days inactive
2454
days old
13 comments
5 participants
participants (5)
-
Dominik Holler -
grig.4n@gmail.com -
Mail SET Inc. Group -
mail@set-pro.net
-
Strahil Nikolov