Few hours later i'm fixed SSL error, but get a new error 2019-10-02 01:02:38,369 root Starting server 2019-10-02 01:02:38,369 root Version: 1.2.22-1 2019-10-02 01:02:38,369 root Build date: 20190509114402 2019-10-02 01:02:38,369 root Githash: 38acbde 2019-10-02 01:02:46,471 root From: ::ffff:172.19.0.10:33644 Request: POST /v2.0/tokens 2019-10-02 01:02:46,471 root Request body: {"auth": {"passwordCredentials": {"username": "admin@internal", "password": "<PASSWORD_HIDDEN>"}}} 2019-10-02 01:02:46,472 root Error during SSO authentication invalid_request : Missing parameter: 'client_secret' Traceback (most recent call last): File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 138, in _handle_request method, path_parts, content File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, in handle_request return self.call_response_handler(handler, content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in call_response_handler return response_handler(content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line 69, in post_tokens if not auth.validate_token(token): File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 31, in validate_token return auth.core.plugin.validate_token(token) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", line 36, in validate_token return self._is_user_name(token, _admin_user_name()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", line 47, in _is_user_name timeout=AuthorizationByUserName._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 131, in get_token_info timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 55, in wrapper _check_for_error(response) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 181, in _check_for_error result['error'], details)) Unauthorized: Error during SSO authentication invalid_request : Missing parameter: 'client_secret'
1 окт. 2019 г., в 22:53, Mail SET Inc. Group <mail@set-pro.net> написал(а):
Hello! Get problems with clean installation 4.3.6.6-1.el7 and OVN
When i try to test OVN get notification: «Import provider certificate» Do you approve trusting self signed certificate subject CN=Certificate Authority, O=SET.LOCAL, SHA-1 fingerprint a9d9b91160bb306667a521e6f2c66037ddc437cb?
When i’m press «Yes», see old problem: Failed to communicate with the external provider, see log for additional details.
[root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log timeout=self._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, in create_token username, password, engine_url, ca_file, timeout) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91, in _get_sso_token timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, in wrapper response = func(*args, **kwargs) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, in wrapper raise BadGateway(e) BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)
[root@engine ~]# cat /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf # This file is automatically generated by engine-setup. Please do not edit manually [OVN REMOTE] ovn-remote=ssl:127.0.0.1:6641 [SSL] https-enabled=true ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem ssl-cert-file=/etc/pki/ovirt-engine/certs/apache.cer ssl-key-file=/etc/pki/ovirt-engine/keys/apache.key.nopass [OVIRT] ovirt-sso-client-id=ovirt-provider-ovn ovirt-ca-file=/etc/pki/ovirt-engine/certs/engine.cer ovirt-host=https://engine.set.local:443/ovirt-engine/ <https://engine.set.local/ovirt-engine/> ovirt-sso-client-secret=vy80-QmCNNv6wP7JFvN9GWhPmYvo0lBNl5J8hpiGRa4 [NETWORK] port-security-enabled-default=True [PROVIDER] provider-host=engine.set.local
[root@engine ~]# python -c "import requests; \ print requests.get('https://engine.set.local <https://engine.set.local/>', \ verify='/etc/pki/ovirt-engine/apache-ca.pem')" <Response [200]>
What’s wrong ?