Re: not able to upload disks, iso - Connection to ovirt-imageio service has failed. Ensure that ovirt-engine certificate is registered as a valid CA in the browser.
Observed in 3rd party Firewall monitoring log files that during the Test Connection, the PC Client is trying to reach the Engine Portal in port 54322, instead of 54323 (Image I/O Proxy) Confirmed in engine-config, that ImageTransferProxyEnabled is set to False. SOLUTION To confirm that the ImageTransferProxyEnabled is set to "false", login in the OLVM Engine Host/VM as root, and execute the following command: # engine-config -g ImageTransferProxyEnabled Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false ImageTransferProxyEnabled: false version: general <<< set to false To enable the Image I/O Proxy and restart the ovirt-engine and ovirt-imageio services perform the following as root: # engine-config -s ImageTransferProxyEnabled=true Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false ImageTransferProxyEnabled: true version: general <<< set to true # systemctl restart ovirt-engine # systemctl restart ovirt-imageio
Thanks Mostafa. However setting was already true --- # engine-config -g ImageTransferProxyEnabled Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false ImageTransferProxyEnabled: true version: general --- Also if this wasn't the case it is likely that imageio would not work in the first cluster (presently it also works in the first cluster) and all clusters show the same hosts in the drop down screen in the upload page (cluster1: app1+app2) even though the rest of the clusters have no access to the san cluster 1 uses.. I can confirm on the engine /etc/ovirt-imageio/conf.d/50-engine.conf ----- [tls] enable = true key_file = /etc/pki/ovirt-engine/keys/apache.key.nopass cert_file = /etc/pki/ovirt-engine/certs/apache.cer ca_file = /etc/pki/ovirt-engine/apache-ca.pem [backend_http] ca_file = /etc/pki/ovirt-engine/ca.pem [remote] port = 54323 [local] enable = false [control] transport = tcp port = 54324 [handlers] keys = logfile [logger_root] handlers = logfile level = INFO ----- and on ovirt hosts (from any cluster - working or not) ----- [tls] enable = true key_file = /etc/pki/vdsm/keys/vdsmkey.pem cert_file = /etc/pki/vdsm/certs/vdsmcert.pem ca_file = /etc/pki/vdsm/certs/cacert.pem [remote] port = 54322 [local] enable = true [control] transport = unix ----- Anyone got any suggestions - its been broken now for several months ? (btw I do not fully get how this mailing list works as this thread no longer links to my original post.. is it worth reposting again? for technical support forums seem better (also have code formatting, etc and easier to post images to explain what I am seeing ,etc..)
participants (2)
-
morgan cox -
Mostafa Md Arefin