Observed in 3rd party Firewall monitoring log files that during the Test
Connection, the PC Client is trying to reach the
Engine Portal in port 54322, instead of 54323 (Image I/O Proxy)
Confirmed in engine-config, that ImageTransferProxyEnabled is set to False.
SOLUTION
To confirm that the ImageTransferProxyEnabled is set to "false", login in
the OLVM Engine Host/VM as root, and execute
the following command:
# engine-config -g ImageTransferProxyEnabled
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
ImageTransferProxyEnabled: false version: general <<< set to false
To enable the Image I/O Proxy and restart the ovirt-engine and
ovirt-imageio services perform the following as root:
# engine-config -s ImageTransferProxyEnabled=true
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
ImageTransferProxyEnabled: true version: general <<< set to true
# systemctl restart ovirt-engine
# systemctl restart ovirt-imageio
Show replies by date
Thanks Mostafa.
However setting was already true
---
# engine-config -g ImageTransferProxyEnabled
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
ImageTransferProxyEnabled: true version: general
---
Also if this wasn't the case it is likely that imageio would not work in the first
cluster (presently it also works in the first cluster) and all clusters show the same
hosts in the drop down screen in the upload page (cluster1: app1+app2) even though the
rest of the clusters have no access to the san cluster 1 uses..
I can confirm on the engine
/etc/ovirt-imageio/conf.d/50-engine.conf
-----
[tls]
enable = true
key_file = /etc/pki/ovirt-engine/keys/apache.key.nopass
cert_file = /etc/pki/ovirt-engine/certs/apache.cer
ca_file = /etc/pki/ovirt-engine/apache-ca.pem
[backend_http]
ca_file = /etc/pki/ovirt-engine/ca.pem
[remote]
port = 54323
[local]
enable = false
[control]
transport = tcp
port = 54324
[handlers]
keys = logfile
[logger_root]
handlers = logfile
level = INFO
-----
and on ovirt hosts (from any cluster - working or not)
-----
[tls]
enable = true
key_file = /etc/pki/vdsm/keys/vdsmkey.pem
cert_file = /etc/pki/vdsm/certs/vdsmcert.pem
ca_file = /etc/pki/vdsm/certs/cacert.pem
[remote]
port = 54322
[local]
enable = true
[control]
transport = unix
-----
Anyone got any suggestions - its been broken now for several months ?
(btw I do not fully get how this mailing list works as this thread no longer links to my
original post.. is it worth reposting again? for technical support forums seem better
(also have code formatting, etc and easier to post images to explain what I am seeing
,etc..)