Re: Failed to synchronize networks of Provider ovirt-provider-ovn
Yes, i use same manual to change WebUI SSL. ovirt-ca-file= is a same SSL file which use WebUI. Yes, i restart ovirt-provider-ovn, i restart engine, i restart all what i can restart. Nothing...
12 сент. 2018 г., в 16:11, Dominik Holler <dholler@redhat.com> написал(а):
On Wed, 12 Sep 2018 14:23:54 +0300 "Mail SET Inc. Group" <mail@set-pro.net> wrote:
Ok!
Not exactly, please use users@ovirt.org for such questions. Other should benefit from this questions, too. Please write the next mail to users@ovirt.org and keep me in CC.
What i did:
1) install oVirt «from box» (4.2.5.2-1.el7); 2) generate own ssl for my engine using my FreeIPA CA, Install it and
What means "Install it"? You can use the doc from the following link https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2/htm...
Ensure that ovirt-ca-file= in /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf points to the correct file and ovirt-provider-ovn is restarted.
get tis issue;
[root@engine ~]# tail -n 50 /var/log/ovirt-provider-ovn.log 2018-09-12 14:10:23,828 root [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579) Traceback (most recent call last): File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 133, in _handle_request method, path_parts, content File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, in handle_request return self.call_response_handler(handler, content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in call_response_handler return response_handler(content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line 62, in post_tokens user_password=user_password) File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 26, in create_token return auth.core.plugin.create_token(user_at_domain, user_password) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/plugin.py", line 48, in create_token timeout=self._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, in create_token username, password, engine_url, ca_file, timeout) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91, in _get_sso_token timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, in wrapper response = func(*args, **kwargs) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, in wrapper raise BadGateway(e) BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
[root@engine ~]# tail -n 20 /var/log/ovirt-engine/engine.log 2018-09-12 14:10:23,773+03 INFO [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-47) [316db685] Lock Acquired to object 'EngineLock:{exclusiveLocks='[14e4fb72-9764-4757-b37d-4d487995571a=PROVIDER]', sharedLocks=''}' 2018-09-12 14:10:23,778+03 INFO [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-47) [316db685] Running command: SyncNetworkProviderCommand internal: true. 2018-09-12 14:10:23,836+03 ERROR [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-47) [316db685] Command 'org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand' failed: EngineException: (Failed with error Bad Gateway and code 5050) 2018-09-12 14:10:23,837+03 INFO [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-47) [316db685] Lock freed to object 'EngineLock:{exclusiveLocks='[14e4fb72-9764-4757-b37d-4d487995571a=PROVIDER]', sharedLocks=''}' 2018-09-12 14:14:12,477+03 INFO [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-6) [] User admin@internal successfully logged in with scopes: ovirt-app-admin ovirt-app-api ovirt-app-portal ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovirt-ext=token:password-access 2018-09-12 14:14:12,587+03 INFO [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-6) [1bf1b763] Running command: CreateUserSessionCommand internal: false. 2018-09-12 14:14:12,628+03 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-6) [1bf1b763] EVENT_ID: USER_VDC_LOGIN(30), User admin@internal-authz connecting from '10.0.3.61' using session 's8jAm7BUJGlicthm6yZBA3CUM8QpRdtwFaK3M/IppfhB3fHFB9gmNf0cAlbl1xIhcJ2WX+ww7e71Ri+MxJSsIg==' logged in. 2018-09-12 14:14:30,972+03 INFO [org.ovirt.engine.core.bll.provider.ImportProviderCertificateCommand] (default task-6) [ee3cc8a7-4485-4fdf-a0c2-e9d67b5cfcd3] Running command: ImportProviderCertificateCommand internal: false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group CREATE_STORAGE_POOL with role type ADMIN 2018-09-12 14:14:30,982+03 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-6) [ee3cc8a7-4485-4fdf-a0c2-e9d67b5cfcd3] EVENT_ID: PROVIDER_CERTIFICATE_IMPORTED(213), Certificate for provider ovirt-provider-ovn was imported. (User: admin@internal-authz) 2018-09-12 14:14:31,006+03 INFO [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default task-6) [a48d94ab-b0b2-42a2-a667-0525b4c652ea] Running command: TestProviderConnectivityCommand internal: false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group CREATE_STORAGE_POOL with role type ADMIN 2018-09-12 14:14:31,058+03 ERROR [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default task-6) [a48d94ab-b0b2-42a2-a667-0525b4c652ea] Command 'org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand' failed: EngineException: (Failed with error Bad Gateway and code 5050) 2018-09-12 14:15:10,954+03 INFO [org.ovirt.engine.core.bll.utils.ThreadPoolMonitoringService] (EE-ManagedThreadFactory-engineThreadMonitoring-Thread-1) [] Thread pool 'default' is using 0 threads out of 1, 5 threads waiting for tasks. 2018-09-12 14:15:10,954+03 INFO [org.ovirt.engine.core.bll.utils.ThreadPoolMonitoringService] (EE-ManagedThreadFactory-engineThreadMonitoring-Thread-1) [] Thread pool 'engine' is using 0 threads out of 500, 16 threads waiting for tasks and 0 tasks in queue. 2018-09-12 14:15:10,954+03 INFO [org.ovirt.engine.core.bll.utils.ThreadPoolMonitoringService] (EE-ManagedThreadFactory-engineThreadMonitoring-Thread-1) [] Thread pool 'engineScheduled' is using 0 threads out of 100, 100 threads waiting for tasks. 2018-09-12 14:15:10,954+03 INFO [org.ovirt.engine.core.bll.utils.ThreadPoolMonitoringService] (EE-ManagedThreadFactory-engineThreadMonitoring-Thread-1) [] Thread pool 'engineThreadMonitoring' is using 1 threads out of 1, 0 threads waiting for tasks. 2018-09-12 14:15:10,954+03 INFO [org.ovirt.engine.core.bll.utils.ThreadPoolMonitoringService] (EE-ManagedThreadFactory-engineThreadMonitoring-Thread-1) [] Thread pool 'hostUpdatesChecker' is using 0 threads out of 5, 2 threads waiting for tasks. 2018-09-12 14:15:23,843+03 INFO [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-61) [2455041f] Lock Acquired to object 'EngineLock:{exclusiveLocks='[14e4fb72-9764-4757-b37d-4d487995571a=PROVIDER]', sharedLocks=''}' 2018-09-12 14:15:23,849+03 INFO [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-61) [2455041f] Running command: SyncNetworkProviderCommand internal: true. 2018-09-12 14:15:23,900+03 ERROR [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-61) [2455041f] Command 'org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand' failed: EngineException: (Failed with error Bad Gateway and code 5050) 2018-09-12 14:15:23,901+03 INFO [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-61) [2455041f] Lock freed to object 'EngineLock:{exclusiveLocks='[14e4fb72-9764-4757-b37d-4d487995571a=PROVIDER]', sharedLocks=''}'
[root@engine ~]# cat /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf # This file is automatically generated by engine-setup. Please do not edit manually [OVN REMOTE] ovn-remote=ssl:127.0.0.1:6641 [SSL] https-enabled=true ssl-cacert-file=/etc/pki/ovirt-engine/ca.pem ssl-cert-file=/etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer ssl-key-file=/etc/pki/ovirt-engine/keys/ovirt-provider-ovn.key.nopass [OVIRT] ovirt-sso-client-secret=Ms7Gw9qNT6IkXu7oA54tDmxaZDIukABV ovirt-host=https://engine.set.local:443 ovirt-sso-client-id=ovirt-provider-ovn ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem [PROVIDER] provider-host=engine.set.local
12 сент. 2018 г., в 13:59, Dominik Holler <dholler@redhat.com> написал(а):
On Wed, 12 Sep 2018 13:04:53 +0300 "Mail SET Inc. Group" <mail@set-pro.net> wrote:
Hello Dominik! I have a same issue with OVN provider and SSL https://www.mail-archive.com/users@ovirt.org/msg47020.html <https://www.mail-archive.com/users@ovirt.org/msg47020.html> But certificate changes not helps to resolve it. Maybe you can help me with this?
Sure. Can you please share the relevant lines of ovirt-provider-ovn.log and engine.log, and the information if you are using the certificates generated by engine-setup with users@ovirt.org ? Thanks, Dominik
Hello! Get problems with clean installation 4.3.6.6-1.el7 and OVN When i try to test OVN get notification: «Import provider certificate» Do you approve trusting self signed certificate subject CN=Certificate Authority, O=SET.LOCAL, SHA-1 fingerprint a9d9b91160bb306667a521e6f2c66037ddc437cb? When i’m press «Yes», see old problem: Failed to communicate with the external provider, see log for additional details. [root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log timeout=self._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, in create_token username, password, engine_url, ca_file, timeout) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91, in _get_sso_token timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, in wrapper response = func(*args, **kwargs) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, in wrapper raise BadGateway(e) BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618) [root@engine ~]# cat /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf # This file is automatically generated by engine-setup. Please do not edit manually [OVN REMOTE] ovn-remote=ssl:127.0.0.1:6641 [SSL] https-enabled=true ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem ssl-cert-file=/etc/pki/ovirt-engine/certs/apache.cer ssl-key-file=/etc/pki/ovirt-engine/keys/apache.key.nopass [OVIRT] ovirt-sso-client-id=ovirt-provider-ovn ovirt-ca-file=/etc/pki/ovirt-engine/certs/engine.cer ovirt-host=https://engine.set.local:443/ovirt-engine/ ovirt-sso-client-secret=vy80-QmCNNv6wP7JFvN9GWhPmYvo0lBNl5J8hpiGRa4 [NETWORK] port-security-enabled-default=True [PROVIDER] provider-host=engine.set.local [root@engine ~]# python -c "import requests; \ print requests.get('https://engine.set.local', \ verify='/etc/pki/ovirt-engine/apache-ca.pem')" <Response [200]> What’s wrong ?
Few hours later i'm fixed SSL error, but get a new error 2019-10-02 01:02:38,369 root Starting server 2019-10-02 01:02:38,369 root Version: 1.2.22-1 2019-10-02 01:02:38,369 root Build date: 20190509114402 2019-10-02 01:02:38,369 root Githash: 38acbde 2019-10-02 01:02:46,471 root From: ::ffff:172.19.0.10:33644 Request: POST /v2.0/tokens 2019-10-02 01:02:46,471 root Request body: {"auth": {"passwordCredentials": {"username": "admin@internal", "password": "<PASSWORD_HIDDEN>"}}} 2019-10-02 01:02:46,472 root Error during SSO authentication invalid_request : Missing parameter: 'client_secret' Traceback (most recent call last): File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 138, in _handle_request method, path_parts, content File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, in handle_request return self.call_response_handler(handler, content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in call_response_handler return response_handler(content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line 69, in post_tokens if not auth.validate_token(token): File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 31, in validate_token return auth.core.plugin.validate_token(token) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", line 36, in validate_token return self._is_user_name(token, _admin_user_name()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", line 47, in _is_user_name timeout=AuthorizationByUserName._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 131, in get_token_info timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 55, in wrapper _check_for_error(response) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 181, in _check_for_error result['error'], details)) Unauthorized: Error during SSO authentication invalid_request : Missing parameter: 'client_secret'
1 окт. 2019 г., в 22:53, Mail SET Inc. Group <mail@set-pro.net> написал(а):
Hello! Get problems with clean installation 4.3.6.6-1.el7 and OVN
When i try to test OVN get notification: «Import provider certificate» Do you approve trusting self signed certificate subject CN=Certificate Authority, O=SET.LOCAL, SHA-1 fingerprint a9d9b91160bb306667a521e6f2c66037ddc437cb?
When i’m press «Yes», see old problem: Failed to communicate with the external provider, see log for additional details.
[root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log timeout=self._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, in create_token username, password, engine_url, ca_file, timeout) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91, in _get_sso_token timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, in wrapper response = func(*args, **kwargs) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, in wrapper raise BadGateway(e) BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)
[root@engine ~]# cat /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf # This file is automatically generated by engine-setup. Please do not edit manually [OVN REMOTE] ovn-remote=ssl:127.0.0.1:6641 [SSL] https-enabled=true ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem ssl-cert-file=/etc/pki/ovirt-engine/certs/apache.cer ssl-key-file=/etc/pki/ovirt-engine/keys/apache.key.nopass [OVIRT] ovirt-sso-client-id=ovirt-provider-ovn ovirt-ca-file=/etc/pki/ovirt-engine/certs/engine.cer ovirt-host=https://engine.set.local:443/ovirt-engine/ <https://engine.set.local/ovirt-engine/> ovirt-sso-client-secret=vy80-QmCNNv6wP7JFvN9GWhPmYvo0lBNl5J8hpiGRa4 [NETWORK] port-security-enabled-default=True [PROVIDER] provider-host=engine.set.local
[root@engine ~]# python -c "import requests; \ print requests.get('https://engine.set.local <https://engine.set.local/>', \ verify='/etc/pki/ovirt-engine/apache-ca.pem')" <Response [200]>
What’s wrong ?
On Wed, Oct 2, 2019 at 12:13 AM Mail SET Inc. Group <mail@set-pro.net> wrote:
Few hours later i'm fixed SSL error,
Would you share how you fixed the error? This might also help to understand the next issue.
but get a new error
2019-10-02 01:02:38,369 root Starting server 2019-10-02 01:02:38,369 root Version: 1.2.22-1 2019-10-02 01:02:38,369 root Build date: 20190509114402 2019-10-02 01:02:38,369 root Githash: 38acbde 2019-10-02 01:02:46,471 root From: ::ffff:172.19.0.10:33644 Request: POST /v2.0/tokens 2019-10-02 01:02:46,471 root Request body: {"auth": {"passwordCredentials": {"username": "admin@internal", "password": "<PASSWORD_HIDDEN>"}}} 2019-10-02 01:02:46,472 root Error during SSO authentication invalid_request : Missing parameter: 'client_secret' Traceback (most recent call last): File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 138, in _handle_request method, path_parts, content File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, in handle_request return self.call_response_handler(handler, content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in call_response_handler return response_handler(content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line 69, in post_tokens if not auth.validate_token(token): File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 31, in validate_token return auth.core.plugin.validate_token(token) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", line 36, in validate_token return self._is_user_name(token, _admin_user_name()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", line 47, in _is_user_name timeout=AuthorizationByUserName._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 131, in get_token_info timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 55, in wrapper _check_for_error(response) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 181, in _check_for_error result['error'], details)) Unauthorized: Error during SSO authentication invalid_request : Missing parameter: 'client_secret'
looks like the /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf does not fit to engine's db. Maybe most easy would be to move the current /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf away from /etc/ovirt-provider-ovn/conf.d/ and re-trigger the configuration by using the parameter '--reconfigure-optional-components' of engine-setup. Was the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf modified outside engine-setup?
1 окт. 2019 г., в 22:53, Mail SET Inc. Group <mail@set-pro.net> написал(а):
Hello! Get problems with clean installation 4.3.6.6-1.el7 and OVN
When i try to test OVN get notification: «Import provider certificate» Do you approve trusting self signed certificate subject CN=Certificate Authority, O=SET.LOCAL, SHA-1 fingerprint a9d9b91160bb306667a521e6f2c66037ddc437cb?
When i’m press «Yes», see old problem: Failed to communicate with the external provider, see log for additional details.
[root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log timeout=self._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, in create_token username, password, engine_url, ca_file, timeout) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91, in _get_sso_token timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, in wrapper response = func(*args, **kwargs) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, in wrapper raise BadGateway(e) BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)
[root@engine ~]# cat /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf # This file is automatically generated by engine-setup. Please do not edit manually [OVN REMOTE] ovn-remote=ssl:127.0.0.1:6641 [SSL] https-enabled=true ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem ssl-cert-file=/etc/pki/ovirt-engine/certs/apache.cer ssl-key-file=/etc/pki/ovirt-engine/keys/apache.key.nopass [OVIRT] ovirt-sso-client-id=ovirt-provider-ovn ovirt-ca-file=/etc/pki/ovirt-engine/certs/engine.cer ovirt-host=https://engine.set.local:443/ovirt-engine/ <https://engine.set.local/ovirt-engine/> ovirt-sso-client-secret=vy80-QmCNNv6wP7JFvN9GWhPmYvo0lBNl5J8hpiGRa4 [NETWORK] port-security-enabled-default=True [PROVIDER] provider-host=engine.set.local
[root@engine ~]# python -c "import requests; \ print requests.get('https://engine.set.local', \ verify='/etc/pki/ovirt-engine/apache-ca.pem')" <Response [200]>
What’s wrong ?
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/IDUB3LOJHLRQVC...
Something strange happens.. What changes i do. I change Engine SSL using this https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL.html <https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL.html> manual I'm don’t checked how work OVN before changes. Of course i modiied '/etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf' because i changed engine certificate. What i see today: 2019-10-02 13:02:47,854 root From: ::ffff:172.19.0.10:60482 Request: GET /v2.0/ 2019-10-02 13:02:47,854 root [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')] Traceback (most recent call last): File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 138, in _handle_request method, path_parts, content File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, in handle_request return self.call_response_handler(handler, content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/neutron.py", line 35, in call_response_handler with NeutronApi() as ovn_north: File "/usr/share/ovirt-provider-ovn/neutron/neutron_api.py", line 77, in __init__ self.ovsidl, self.idl = ovn_connection.connect() File "/usr/share/ovirt-provider-ovn/ovn_connection.py", line 43, in connect ovnconst.OVN_NORTHBOUND File "/usr/lib/python2.7/site-packages/ovsdbapp/backend/ovs_idl/connection.py", line 127, in from_server helper = idlutils.get_schema_helper(connection_string, schema_name) File "/usr/lib/python2.7/site-packages/ovsdbapp/backend/ovs_idl/idlutils.py", line 118, in get_schema_helper stream.Stream.open(connection)) File "/usr/lib64/python2.7/site-packages/ovs/stream.py", line 226, in open_block error = stream.connect() File "/usr/lib64/python2.7/site-packages/ovs/stream.py", line 802, in connect self.socket.do_handshake() File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1716, in do_handshake self._raise_ssl_error(self._ssl, result) File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1456, in _raise_ssl_error _raise_current_error() File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue raise exception_type(errors) Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')] My config: # This file is automatically generated by engine-setup. Please do not edit manually [OVN REMOTE] ovn-remote=ssl:127.0.0.1:6641 [SSL] https-enabled=true #ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem #ssl-cert-file=/etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer #ssl-key-file=/etc/pki/ovirt-engine/keys/ovirt-provider-ovn.key.nopass ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem ssl-cert-file=/etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer ssl-key-file=/etc/pki/ovirt-engine/keys/ovirt-provider-ovn.key.nopass [OVIRT] ovirt-host=https://engine.set.local:443 ovirt-base=/ovirt-engine ovirt-auth-timeout=110 ovirt-sso-client-id=ovirt-provider-ovn ovirt-sso-client-secret=PzrrA0GBGwBzlKcf2s3j6PZK1BONTQG6FR6UxPWNqYY #ovirt-sso-client-secret=HO0GftT4aT1SvuDZhqB0NInAeHr5OsNu ovirt-admin-user-name=admin@internal ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem [NETWORK] port-security-enabled-default=True [PROVIDER] provider-host=engine.set.local Now try '--reconfigure-optional-components' of engine-setup.
2 окт. 2019 г., в 10:11, Dominik Holler <dholler@redhat.com> написал(а):
On Wed, Oct 2, 2019 at 12:13 AM Mail SET Inc. Group <mail@set-pro.net <mailto:mail@set-pro.net>> wrote: Few hours later i'm fixed SSL error,
Would you share how you fixed the error? This might also help to understand the next issue.
but get a new error
2019-10-02 01:02:38,369 root Starting server 2019-10-02 01:02:38,369 root Version: 1.2.22-1 2019-10-02 01:02:38,369 root Build date: 20190509114402 2019-10-02 01:02:38,369 root Githash: 38acbde 2019-10-02 01:02:46,471 root From: ::ffff:172.19.0.10:33644 <http://172.19.0.10:33644/> Request: POST /v2.0/tokens 2019-10-02 01:02:46,471 root Request body: {"auth": {"passwordCredentials": {"username": "admin@internal", "password": "<PASSWORD_HIDDEN>"}}} 2019-10-02 01:02:46,472 root Error during SSO authentication invalid_request : Missing parameter: 'client_secret' Traceback (most recent call last): File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 138, in _handle_request method, path_parts, content File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, in handle_request return self.call_response_handler(handler, content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in call_response_handler return response_handler(content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line 69, in post_tokens if not auth.validate_token(token): File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 31, in validate_token return auth.core.plugin.validate_token(token) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", line 36, in validate_token return self._is_user_name(token, _admin_user_name()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", line 47, in _is_user_name timeout=AuthorizationByUserName._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 131, in get_token_info timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 55, in wrapper _check_for_error(response) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 181, in _check_for_error result['error'], details)) Unauthorized: Error during SSO authentication invalid_request : Missing parameter: 'client_secret'
looks like the /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf does not fit to engine's db.
Maybe most easy would be to move the current /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf away from /etc/ovirt-provider-ovn/conf.d/ and re-trigger the configuration by using the parameter '--reconfigure-optional-components' of engine-setup.
Was the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf modified outside engine-setup?
1 окт. 2019 г., в 22:53, Mail SET Inc. Group <mail@set-pro.net <mailto:mail@set-pro.net>> написал(а):
Hello! Get problems with clean installation 4.3.6.6-1.el7 and OVN
When i try to test OVN get notification: «Import provider certificate» Do you approve trusting self signed certificate subject CN=Certificate Authority, O=SET.LOCAL, SHA-1 fingerprint a9d9b91160bb306667a521e6f2c66037ddc437cb?
When i’m press «Yes», see old problem: Failed to communicate with the external provider, see log for additional details.
[root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log timeout=self._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, in create_token username, password, engine_url, ca_file, timeout) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91, in _get_sso_token timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, in wrapper response = func(*args, **kwargs) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, in wrapper raise BadGateway(e) BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)
[root@engine ~]# cat /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf # This file is automatically generated by engine-setup. Please do not edit manually [OVN REMOTE] ovn-remote=ssl:127.0.0.1:6641 <http://127.0.0.1:6641/> [SSL] https-enabled=true ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem ssl-cert-file=/etc/pki/ovirt-engine/certs/apache.cer ssl-key-file=/etc/pki/ovirt-engine/keys/apache.key.nopass [OVIRT] ovirt-sso-client-id=ovirt-provider-ovn ovirt-ca-file=/etc/pki/ovirt-engine/certs/engine.cer ovirt-host=https://engine.set.local:443/ovirt-engine/ <https://engine.set.local/ovirt-engine/> ovirt-sso-client-secret=vy80-QmCNNv6wP7JFvN9GWhPmYvo0lBNl5J8hpiGRa4 [NETWORK] port-security-enabled-default=True [PROVIDER] provider-host=engine.set.local
[root@engine ~]# python -c "import requests; \ print requests.get('https://engine.set.local <https://engine.set.local/>', \ verify='/etc/pki/ovirt-engine/apache-ca.pem')" <Response [200]>
What’s wrong ?
_______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ <https://www.ovirt.org/site/privacy-policy/> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/IDUB3LOJHLRQVC... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/IDUB3LOJHLRQVC2EFLSCN3MKYDEPZIRZ/>
--reconfigure-optional-components not helps. And the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf not exists after setup. [root@engine ~]# rm /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf [root@engine ~]# engine-setup --reconfigure-optional-components [ INFO ] Stage: Initializing [ INFO ] Stage: Environment setup Configuration files: ['/etc/ovirt-engine-setup.conf.d/10-packaging-jboss.conf', '/etc/ovirt-engine-setup.conf.d/10-packaging.conf', '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf'] Log file: /var/log/ovirt-engine/setup/ovirt-engine-setup-20191002131904-4iwth0.log Version: otopi-1.8.3 (otopi-1.8.3-1.el7) [ INFO ] Stage: Environment packages setup [ INFO ] Stage: Programs detection [ INFO ] Stage: Environment setup (late) [ INFO ] Stage: Environment customization --== PRODUCT OPTIONS ==-- Set up Cinderlib integration (Currently in tech preview) (Yes, No) [No]: [ INFO ] ovirt-provider-ovn already installed, skipping. --== PACKAGES ==-- [ INFO ] Checking for product updates... [ INFO ] No product updates found --== NETWORK CONFIGURATION ==-- Setup can automatically configure the firewall on this system. Note: automatic configuration of the firewall may overwrite current settings. NOTICE: iptables is deprecated and will be removed in future releases Do you want Setup to configure the firewall? (Yes, No) [Yes]: [ INFO ] firewalld will be configured as firewall manager. --== DATABASE CONFIGURATION ==-- The detected DWH database size is 111 MB. Setup can backup the existing database. The time and space required for the database backup depend on its size. This process takes time, and in some cases (for instance, when the size is few GBs) may take several hours to complete. If you choose to not back up the database, and Setup later fails for some reason, it will not be able to restore the database and all DWH data will be lost. Would you like to backup the existing database before upgrading it? (Yes, No) [Yes]: Perform full vacuum on the oVirt engine history database ovirt_engine_history@localhost? This operation may take a while depending on this setup health and the configuration of the db vacuum process. See https://www.postgresql.org/docs/10/sql-vacuum.html (Yes, No) [No]: --== OVIRT ENGINE CONFIGURATION ==-- Perform full vacuum on the engine database engine@localhost? This operation may take a while depending on this setup health and the configuration of the db vacuum process. See https://www.postgresql.org/docs/10/sql-vacuum.html (Yes, No) [No]: --== STORAGE CONFIGURATION ==-- --== PKI CONFIGURATION ==-- [WARNING] Failed to read or parse '/etc/pki/ovirt-engine/keys/apache.p12' Perhaps it was changed since last Setup. Error was: Mac verify error: invalid password? --== APACHE CONFIGURATION ==-- --== SYSTEM CONFIGURATION ==-- --== MISC CONFIGURATION ==-- --== END OF CONFIGURATION ==-- [ INFO ] Stage: Setup validation During execution engine service will be stopped (OK, Cancel) [OK]: [ INFO ] Hosted Engine HA is in Global Maintenance mode. [WARNING] Less than 16384MB of memory is available [ INFO ] Cleaning stale zombie tasks and commands --== CONFIGURATION PREVIEW ==-- Default SAN wipe after delete : False Firewall manager : firewalld Update Firewall : True Host FQDN : engine.set.local Set up Cinderlib integration : False Engine database secured connection : False Engine database user name : engine Engine database name : engine Engine database host : localhost Engine database port : 5432 Engine database host name validation : False Engine installation : True PKI organization : set.local Set up ovirt-provider-ovn : True Configure WebSocket Proxy : True DWH installation : True DWH database secured connection : False DWH database host : localhost DWH database user name : ovirt_engine_history DWH database name : ovirt_engine_history Backup DWH database : True DWH database port : 5432 DWH database host name validation : False Configure Image I/O Proxy : True Configure VMConsole Proxy : True Please confirm installation settings (OK, Cancel) [OK]: [ INFO ] Cleaning async tasks and compensations [ INFO ] Unlocking existing entities [ INFO ] Checking the Engine database consistency [ INFO ] Stage: Transaction setup [ INFO ] Stopping engine service [ INFO ] Stopping ovirt-fence-kdump-listener service [ INFO ] Stopping dwh service [ INFO ] Stopping Image I/O Proxy service [ INFO ] Stopping vmconsole-proxy service [ INFO ] Stopping websocket-proxy service [ INFO ] Stage: Misc configuration (early) [ INFO ] Stage: Package installation [ INFO ] Stage: Misc configuration [ INFO ] Upgrading CA [ INFO ] Updating /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf to use apache key and certificate [ INFO ] Backing up database localhost:ovirt_engine_history to '/var/lib/ovirt-engine-dwh/backups/dwh-20191002132135.4DV89M.dump'. [ INFO ] Creating/refreshing DWH database schema [ INFO ] Configuring Image I/O Proxy [ INFO ] Configuring WebSocket Proxy [ INFO ] Backing up database localhost:engine to '/var/lib/ovirt-engine/backups/engine-20191002132145.CzmG31.dump'. [ INFO ] Creating/refreshing Engine database schema [ INFO ] Creating/refreshing Engine 'internal' domain database schema Unregistering existing client registration info. [ INFO ] Generating post install configuration file '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf' [ INFO ] Stage: Transaction commit [ INFO ] Stage: Closing up [ INFO ] Starting engine service [ INFO ] Starting dwh service [ INFO ] Restarting ovirt-vmconsole proxy service --== SUMMARY ==-- [ INFO ] Restarting httpd Web access is enabled at: http://engine.set.local:80/ovirt-engine https://engine.set.local:443/ovirt-engine Internal CA 98:A1:43:62:A6:0E:FE:4E:13:FA:0E:3F:F8:68:0C:62:01:31:16:BA SSH fingerprint: SHA256:NrIqDX9x7XrqE7CXpm/D9xpqnF9J162+42xiFiR5m1s [WARNING] Less than 16384MB of memory is available --== END OF SUMMARY ==-- [ INFO ] Stage: Clean up Log file is located at /var/log/ovirt-engine/setup/ovirt-engine-setup-20191002131904-4iwth0.log [ INFO ] Generating answer file '/var/lib/ovirt-engine/setup/answers/20191002132222-setup.conf' [ INFO ] Stage: Pre-termination [ INFO ] Stage: Termination [ INFO ] Execution of setup completed successfully [root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log error = stream.connect() File "/usr/lib64/python2.7/site-packages/ovs/stream.py", line 802, in connect self.socket.do_handshake() File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1716, in do_handshake self._raise_ssl_error(self._ssl, result) File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1456, in _raise_ssl_error _raise_current_error() File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue raise exception_type(errors) Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed’)] [root@engine ~]# ls -la /etc/ovirt-provider-ovn/conf.d/ итого 4 drwxr-xr-x. 2 root root 20 окт 2 13:19 . drwxr-xr-x. 3 root root 70 окт 2 01:14 .. -rw-r--r--. 1 root root 194 май 9 14:44 README
2 окт. 2019 г., в 10:11, Dominik Holler <dholler@redhat.com> написал(а):
On Wed, Oct 2, 2019 at 12:13 AM Mail SET Inc. Group <mail@set-pro.net <mailto:mail@set-pro.net>> wrote: Few hours later i'm fixed SSL error,
Would you share how you fixed the error? This might also help to understand the next issue.
but get a new error
2019-10-02 01:02:38,369 root Starting server 2019-10-02 01:02:38,369 root Version: 1.2.22-1 2019-10-02 01:02:38,369 root Build date: 20190509114402 2019-10-02 01:02:38,369 root Githash: 38acbde 2019-10-02 01:02:46,471 root From: ::ffff:172.19.0.10:33644 <http://172.19.0.10:33644/> Request: POST /v2.0/tokens 2019-10-02 01:02:46,471 root Request body: {"auth": {"passwordCredentials": {"username": "admin@internal", "password": "<PASSWORD_HIDDEN>"}}} 2019-10-02 01:02:46,472 root Error during SSO authentication invalid_request : Missing parameter: 'client_secret' Traceback (most recent call last): File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 138, in _handle_request method, path_parts, content File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, in handle_request return self.call_response_handler(handler, content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in call_response_handler return response_handler(content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line 69, in post_tokens if not auth.validate_token(token): File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 31, in validate_token return auth.core.plugin.validate_token(token) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", line 36, in validate_token return self._is_user_name(token, _admin_user_name()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", line 47, in _is_user_name timeout=AuthorizationByUserName._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 131, in get_token_info timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 55, in wrapper _check_for_error(response) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 181, in _check_for_error result['error'], details)) Unauthorized: Error during SSO authentication invalid_request : Missing parameter: 'client_secret'
looks like the /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf does not fit to engine's db.
Maybe most easy would be to move the current /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf away from /etc/ovirt-provider-ovn/conf.d/ and re-trigger the configuration by using the parameter '--reconfigure-optional-components' of engine-setup.
Was the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf modified outside engine-setup?
1 окт. 2019 г., в 22:53, Mail SET Inc. Group <mail@set-pro.net <mailto:mail@set-pro.net>> написал(а):
Hello! Get problems with clean installation 4.3.6.6-1.el7 and OVN
When i try to test OVN get notification: «Import provider certificate» Do you approve trusting self signed certificate subject CN=Certificate Authority, O=SET.LOCAL, SHA-1 fingerprint a9d9b91160bb306667a521e6f2c66037ddc437cb?
When i’m press «Yes», see old problem: Failed to communicate with the external provider, see log for additional details.
[root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log timeout=self._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, in create_token username, password, engine_url, ca_file, timeout) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91, in _get_sso_token timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, in wrapper response = func(*args, **kwargs) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, in wrapper raise BadGateway(e) BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)
[root@engine ~]# cat /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf # This file is automatically generated by engine-setup. Please do not edit manually [OVN REMOTE] ovn-remote=ssl:127.0.0.1:6641 <http://127.0.0.1:6641/> [SSL] https-enabled=true ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem ssl-cert-file=/etc/pki/ovirt-engine/certs/apache.cer ssl-key-file=/etc/pki/ovirt-engine/keys/apache.key.nopass [OVIRT] ovirt-sso-client-id=ovirt-provider-ovn ovirt-ca-file=/etc/pki/ovirt-engine/certs/engine.cer ovirt-host=https://engine.set.local:443/ovirt-engine/ <https://engine.set.local/ovirt-engine/> ovirt-sso-client-secret=vy80-QmCNNv6wP7JFvN9GWhPmYvo0lBNl5J8hpiGRa4 [NETWORK] port-security-enabled-default=True [PROVIDER] provider-host=engine.set.local
[root@engine ~]# python -c "import requests; \ print requests.get('https://engine.set.local <https://engine.set.local/>', \ verify='/etc/pki/ovirt-engine/apache-ca.pem')" <Response [200]>
What’s wrong ?
_______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ <https://www.ovirt.org/site/privacy-policy/> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/IDUB3LOJHLRQVC... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/IDUB3LOJHLRQVC2EFLSCN3MKYDEPZIRZ/>
Hello! Still have this problem. After updates and searching for resolution.. Need help with this.
On Wed, Oct 2, 2019 at 12:29 PM Mail SET Inc. Group <mail@set-pro.net> wrote:
--reconfigure-optional-components not helps. And the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf not exists after setup.
[root@engine ~]# rm /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
[root@engine ~]# engine-setup --reconfigure-optional-components [ INFO ] Stage: Initializing [ INFO ] Stage: Environment setup Configuration files: ['/etc/ovirt-engine-setup.conf.d/10-packaging-jboss.conf', '/etc/ovirt-engine-setup.conf.d/10-packaging.conf', '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf'] Log file: /var/log/ovirt-engine/setup/ovirt-engine-setup-20191002131904-4iwth0.log Version: otopi-1.8.3 (otopi-1.8.3-1.el7) [ INFO ] Stage: Environment packages setup [ INFO ] Stage: Programs detection [ INFO ] Stage: Environment setup (late) [ INFO ] Stage: Environment customization
--== PRODUCT OPTIONS ==--
Set up Cinderlib integration (Currently in tech preview) (Yes, No) [No]: [ INFO ] ovirt-provider-ovn already installed, skipping.
The old installation is still detected. 1. backup /etc/ovirt-provider-ovn/ 2. restore the original /etc/ovirt-provider-ovn/ovirt-provider-ovn.conf, e.g. to https://github.com/oVirt/ovirt-provider-ovn/blob/master/provider/ovirt-provi... 3. /backup etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf, 4. rename ovirt-provider-ovn external provider entity in oVirt webadmin, 5. comment OVESETUP_OVN/ovirtProviderOvnId in /etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf 6. engine-setup --reconfigure-optional-components 7. If modifications of the certificates are required, please create a new file in /etc/ovirt-provider-ovn/conf.d/ , e.g. 50-ssl-modifications Do these steps solve the problem for you? Dec 18 21:01:02 <dholler> password should be the usual admin@interal password
--== PACKAGES ==--
[ INFO ] Checking for product updates... [ INFO ] No product updates found
--== NETWORK CONFIGURATION ==--
Setup can automatically configure the firewall on this system. Note: automatic configuration of the firewall may overwrite current settings. NOTICE: iptables is deprecated and will be removed in future releases Do you want Setup to configure the firewall? (Yes, No) [Yes]: [ INFO ] firewalld will be configured as firewall manager.
--== DATABASE CONFIGURATION ==--
The detected DWH database size is 111 MB. Setup can backup the existing database. The time and space required for the database backup depend on its size. This process takes time, and in some cases (for instance, when the size is few GBs) may take several hours to complete. If you choose to not back up the database, and Setup later fails for some reason, it will not be able to restore the database and all DWH data will be lost. Would you like to backup the existing database before upgrading it? (Yes, No) [Yes]: Perform full vacuum on the oVirt engine history database ovirt_engine_history@localhost? This operation may take a while depending on this setup health and the configuration of the db vacuum process. See https://www.postgresql.org/docs/10/sql-vacuum.html (Yes, No) [No]:
--== OVIRT ENGINE CONFIGURATION ==--
Perform full vacuum on the engine database engine@localhost? This operation may take a while depending on this setup health and the configuration of the db vacuum process. See https://www.postgresql.org/docs/10/sql-vacuum.html (Yes, No) [No]:
--== STORAGE CONFIGURATION ==--
--== PKI CONFIGURATION ==--
[WARNING] Failed to read or parse '/etc/pki/ovirt-engine/keys/apache.p12' Perhaps it was changed since last Setup. Error was: Mac verify error: invalid password?
--== APACHE CONFIGURATION ==--
--== SYSTEM CONFIGURATION ==--
--== MISC CONFIGURATION ==--
--== END OF CONFIGURATION ==--
[ INFO ] Stage: Setup validation During execution engine service will be stopped (OK, Cancel) [OK]: [ INFO ] Hosted Engine HA is in Global Maintenance mode. [WARNING] Less than 16384MB of memory is available [ INFO ] Cleaning stale zombie tasks and commands
--== CONFIGURATION PREVIEW ==--
Default SAN wipe after delete : False Firewall manager : firewalld Update Firewall : True Host FQDN : engine.set.local Set up Cinderlib integration : False Engine database secured connection : False Engine database user name : engine Engine database name : engine Engine database host : localhost Engine database port : 5432 Engine database host name validation : False Engine installation : True PKI organization : set.local Set up ovirt-provider-ovn : True Configure WebSocket Proxy : True DWH installation : True DWH database secured connection : False DWH database host : localhost DWH database user name : ovirt_engine_history DWH database name : ovirt_engine_history Backup DWH database : True DWH database port : 5432 DWH database host name validation : False Configure Image I/O Proxy : True Configure VMConsole Proxy : True
Please confirm installation settings (OK, Cancel) [OK]: [ INFO ] Cleaning async tasks and compensations [ INFO ] Unlocking existing entities [ INFO ] Checking the Engine database consistency [ INFO ] Stage: Transaction setup [ INFO ] Stopping engine service [ INFO ] Stopping ovirt-fence-kdump-listener service [ INFO ] Stopping dwh service [ INFO ] Stopping Image I/O Proxy service [ INFO ] Stopping vmconsole-proxy service [ INFO ] Stopping websocket-proxy service [ INFO ] Stage: Misc configuration (early) [ INFO ] Stage: Package installation [ INFO ] Stage: Misc configuration [ INFO ] Upgrading CA [ INFO ] Updating /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf to use apache key and certificate [ INFO ] Backing up database localhost:ovirt_engine_history to '/var/lib/ovirt-engine-dwh/backups/dwh-20191002132135.4DV89M.dump'. [ INFO ] Creating/refreshing DWH database schema [ INFO ] Configuring Image I/O Proxy [ INFO ] Configuring WebSocket Proxy [ INFO ] Backing up database localhost:engine to '/var/lib/ovirt-engine/backups/engine-20191002132145.CzmG31.dump'. [ INFO ] Creating/refreshing Engine database schema [ INFO ] Creating/refreshing Engine 'internal' domain database schema Unregistering existing client registration info. [ INFO ] Generating post install configuration file '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf' [ INFO ] Stage: Transaction commit [ INFO ] Stage: Closing up [ INFO ] Starting engine service [ INFO ] Starting dwh service [ INFO ] Restarting ovirt-vmconsole proxy service
--== SUMMARY ==--
[ INFO ] Restarting httpd Web access is enabled at: http://engine.set.local:80/ovirt-engine https://engine.set.local:443/ovirt-engine Internal CA 98:A1:43:62:A6:0E:FE:4E:13:FA:0E:3F:F8:68:0C:62:01:31:16:BA SSH fingerprint: SHA256:NrIqDX9x7XrqE7CXpm/D9xpqnF9J162+42xiFiR5m1s [WARNING] Less than 16384MB of memory is available
--== END OF SUMMARY ==--
[ INFO ] Stage: Clean up Log file is located at /var/log/ovirt-engine/setup/ovirt-engine-setup-20191002131904-4iwth0.log [ INFO ] Generating answer file '/var/lib/ovirt-engine/setup/answers/20191002132222-setup.conf' [ INFO ] Stage: Pre-termination [ INFO ] Stage: Termination [ INFO ] Execution of setup completed successfully
[root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log error = stream.connect() File "/usr/lib64/python2.7/site-packages/ovs/stream.py", line 802, in connect self.socket.do_handshake() File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1716, in do_handshake self._raise_ssl_error(self._ssl, result) File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1456, in _raise_ssl_error _raise_current_error() File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue raise exception_type(errors) Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed’)]
[root@engine ~]# ls -la /etc/ovirt-provider-ovn/conf.d/ итого 4 drwxr-xr-x. 2 root root 20 окт 2 13:19 . drwxr-xr-x. 3 root root 70 окт 2 01:14 .. -rw-r--r--. 1 root root 194 май 9 14:44 README
2 окт. 2019 г., в 10:11, Dominik Holler <dholler@redhat.com> написал(а):
On Wed, Oct 2, 2019 at 12:13 AM Mail SET Inc. Group <mail@set-pro.net> wrote:
Few hours later i'm fixed SSL error,
Would you share how you fixed the error? This might also help to understand the next issue.
but get a new error
2019-10-02 01:02:38,369 root Starting server 2019-10-02 01:02:38,369 root Version: 1.2.22-1 2019-10-02 01:02:38,369 root Build date: 20190509114402 2019-10-02 01:02:38,369 root Githash: 38acbde 2019-10-02 01:02:46,471 root From: ::ffff:172.19.0.10:33644 Request: POST /v2.0/tokens 2019-10-02 01:02:46,471 root Request body: {"auth": {"passwordCredentials": {"username": "admin@internal", "password": "<PASSWORD_HIDDEN>"}}} 2019-10-02 01:02:46,472 root Error during SSO authentication invalid_request : Missing parameter: 'client_secret' Traceback (most recent call last): File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 138, in _handle_request method, path_parts, content File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, in handle_request return self.call_response_handler(handler, content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in call_response_handler return response_handler(content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line 69, in post_tokens if not auth.validate_token(token): File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 31, in validate_token return auth.core.plugin.validate_token(token) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", line 36, in validate_token return self._is_user_name(token, _admin_user_name()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", line 47, in _is_user_name timeout=AuthorizationByUserName._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 131, in get_token_info timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 55, in wrapper _check_for_error(response) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 181, in _check_for_error result['error'], details)) Unauthorized: Error during SSO authentication invalid_request : Missing parameter: 'client_secret'
looks like the /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf does not fit to engine's db.
Maybe most easy would be to move the current /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf away from /etc/ovirt-provider-ovn/conf.d/ and re-trigger the configuration by using the parameter '--reconfigure-optional-components' of engine-setup.
Was the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf modified outside engine-setup?
1 окт. 2019 г., в 22:53, Mail SET Inc. Group <mail@set-pro.net> написал(а):
Hello! Get problems with clean installation 4.3.6.6-1.el7 and OVN
When i try to test OVN get notification: «Import provider certificate» Do you approve trusting self signed certificate subject CN=Certificate Authority, O=SET.LOCAL, SHA-1 fingerprint a9d9b91160bb306667a521e6f2c66037ddc437cb?
When i’m press «Yes», see old problem: Failed to communicate with the external provider, see log for additional details.
[root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log timeout=self._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, in create_token username, password, engine_url, ca_file, timeout) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91, in _get_sso_token timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, in wrapper response = func(*args, **kwargs) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, in wrapper raise BadGateway(e) BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)
[root@engine ~]# cat /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf # This file is automatically generated by engine-setup. Please do not edit manually [OVN REMOTE] ovn-remote=ssl:127.0.0.1:6641 [SSL] https-enabled=true ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem ssl-cert-file=/etc/pki/ovirt-engine/certs/apache.cer ssl-key-file=/etc/pki/ovirt-engine/keys/apache.key.nopass [OVIRT] ovirt-sso-client-id=ovirt-provider-ovn ovirt-ca-file=/etc/pki/ovirt-engine/certs/engine.cer ovirt-host=https://engine.set.local:443/ovirt-engine/ <https://engine.set.local/ovirt-engine/> ovirt-sso-client-secret=vy80-QmCNNv6wP7JFvN9GWhPmYvo0lBNl5J8hpiGRa4 [NETWORK] port-security-enabled-default=True [PROVIDER] provider-host=engine.set.local
[root@engine ~]# python -c "import requests; \ print requests.get('https://engine.set.local', \ verify='/etc/pki/ovirt-engine/apache-ca.pem')" <Response [200]>
What’s wrong ?
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/IDUB3LOJHLRQVC...
On February 3, 2020 11:23:57 AM GMT+02:00, Dominik Holler <dholler@redhat.com> wrote:
On Wed, Oct 2, 2019 at 12:29 PM Mail SET Inc. Group <mail@set-pro.net> wrote:
--reconfigure-optional-components not helps. And the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf not exists after setup.
[root@engine ~]# rm /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
[root@engine ~]# engine-setup --reconfigure-optional-components [ INFO ] Stage: Initializing [ INFO ] Stage: Environment setup Configuration files: ['/etc/ovirt-engine-setup.conf.d/10-packaging-jboss.conf', '/etc/ovirt-engine-setup.conf.d/10-packaging.conf', '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf'] Log file:
/var/log/ovirt-engine/setup/ovirt-engine-setup-20191002131904-4iwth0.log
Version: otopi-1.8.3 (otopi-1.8.3-1.el7) [ INFO ] Stage: Environment packages setup [ INFO ] Stage: Programs detection [ INFO ] Stage: Environment setup (late) [ INFO ] Stage: Environment customization
--== PRODUCT OPTIONS ==--
Set up Cinderlib integration (Currently in tech preview) (Yes, No) [No]: [ INFO ] ovirt-provider-ovn already installed, skipping.
The old installation is still detected.
1. backup /etc/ovirt-provider-ovn/ 2. restore the original /etc/ovirt-provider-ovn/ovirt-provider-ovn.conf, e.g. to https://github.com/oVirt/ovirt-provider-ovn/blob/master/provider/ovirt-provi... 3. /backup etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf, 4. rename ovirt-provider-ovn external provider entity in oVirt webadmin, 5. comment OVESETUP_OVN/ovirtProviderOvnId in /etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf 6. engine-setup --reconfigure-optional-components 7. If modifications of the certificates are required, please create a new file in /etc/ovirt-provider-ovn/conf.d/ , e.g. 50-ssl-modifications
Do these steps solve the problem for you?
Dec 18 21:01:02 <dholler> password should be the usual admin@interal password
--== PACKAGES ==--
[ INFO ] Checking for product updates... [ INFO ] No product updates found
--== NETWORK CONFIGURATION ==--
Setup can automatically configure the firewall on this
system.
Note: automatic configuration of the firewall may overwrite current settings. NOTICE: iptables is deprecated and will be removed in
future
releases Do you want Setup to configure the firewall? (Yes, No) [Yes]: [ INFO ] firewalld will be configured as firewall manager.
--== DATABASE CONFIGURATION ==--
The detected DWH database size is 111 MB. Setup can backup the existing database. The time and space required for the database backup depend on its size. This process takes time, and in some cases (for instance, when the size is few GBs) may take several hours to complete. If you choose to not back up the database, and Setup later fails for some reason, it will not be able to restore the database and all DWH data will be lost. Would you like to backup the existing database before upgrading it? (Yes, No) [Yes]: Perform full vacuum on the oVirt engine history database ovirt_engine_history@localhost? This operation may take a while depending on this setup health and the configuration of the db vacuum process. See https://www.postgresql.org/docs/10/sql-vacuum.html (Yes, No) [No]:
--== OVIRT ENGINE CONFIGURATION ==--
Perform full vacuum on the engine database engine@localhost? This operation may take a while depending on this setup health and the configuration of the db vacuum process. See https://www.postgresql.org/docs/10/sql-vacuum.html (Yes, No) [No]:
--== STORAGE CONFIGURATION ==--
--== PKI CONFIGURATION ==--
[WARNING] Failed to read or parse '/etc/pki/ovirt-engine/keys/apache.p12' Perhaps it was changed since last Setup. Error was: Mac verify error: invalid password?
--== APACHE CONFIGURATION ==--
--== SYSTEM CONFIGURATION ==--
--== MISC CONFIGURATION ==--
--== END OF CONFIGURATION ==--
[ INFO ] Stage: Setup validation During execution engine service will be stopped (OK, Cancel) [OK]: [ INFO ] Hosted Engine HA is in Global Maintenance mode. [WARNING] Less than 16384MB of memory is available [ INFO ] Cleaning stale zombie tasks and commands
--== CONFIGURATION PREVIEW ==--
Default SAN wipe after delete : False Firewall manager : firewalld Update Firewall : True Host FQDN : engine.set.local Set up Cinderlib integration : False Engine database secured connection : False Engine database user name : engine Engine database name : engine Engine database host : localhost Engine database port : 5432 Engine database host name validation : False Engine installation : True PKI organization : set.local Set up ovirt-provider-ovn : True Configure WebSocket Proxy : True DWH installation : True DWH database secured connection : False DWH database host : localhost DWH database user name : ovirt_engine_history DWH database name : ovirt_engine_history Backup DWH database : True DWH database port : 5432 DWH database host name validation : False Configure Image I/O Proxy : True Configure VMConsole Proxy : True
Please confirm installation settings (OK, Cancel) [OK]: [ INFO ] Cleaning async tasks and compensations [ INFO ] Unlocking existing entities [ INFO ] Checking the Engine database consistency [ INFO ] Stage: Transaction setup [ INFO ] Stopping engine service [ INFO ] Stopping ovirt-fence-kdump-listener service [ INFO ] Stopping dwh service [ INFO ] Stopping Image I/O Proxy service [ INFO ] Stopping vmconsole-proxy service [ INFO ] Stopping websocket-proxy service [ INFO ] Stage: Misc configuration (early) [ INFO ] Stage: Package installation [ INFO ] Stage: Misc configuration [ INFO ] Upgrading CA [ INFO ] Updating /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf to use apache key and certificate [ INFO ] Backing up database localhost:ovirt_engine_history to '/var/lib/ovirt-engine-dwh/backups/dwh-20191002132135.4DV89M.dump'. [ INFO ] Creating/refreshing DWH database schema [ INFO ] Configuring Image I/O Proxy [ INFO ] Configuring WebSocket Proxy [ INFO ] Backing up database localhost:engine to '/var/lib/ovirt-engine/backups/engine-20191002132145.CzmG31.dump'. [ INFO ] Creating/refreshing Engine database schema [ INFO ] Creating/refreshing Engine 'internal' domain database schema Unregistering existing client registration info. [ INFO ] Generating post install configuration file '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf' [ INFO ] Stage: Transaction commit [ INFO ] Stage: Closing up [ INFO ] Starting engine service [ INFO ] Starting dwh service [ INFO ] Restarting ovirt-vmconsole proxy service
--== SUMMARY ==--
[ INFO ] Restarting httpd Web access is enabled at: http://engine.set.local:80/ovirt-engine https://engine.set.local:443/ovirt-engine Internal CA 98:A1:43:62:A6:0E:FE:4E:13:FA:0E:3F:F8:68:0C:62:01:31:16:BA SSH fingerprint: SHA256:NrIqDX9x7XrqE7CXpm/D9xpqnF9J162+42xiFiR5m1s [WARNING] Less than 16384MB of memory is available
--== END OF SUMMARY ==--
[ INFO ] Stage: Clean up Log file is located at
[ INFO ] Generating answer file '/var/lib/ovirt-engine/setup/answers/20191002132222-setup.conf' [ INFO ] Stage: Pre-termination [ INFO ] Stage: Termination [ INFO ] Execution of setup completed successfully
[root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log error = stream.connect() File "/usr/lib64/python2.7/site-packages/ovs/stream.py", line 802, in connect self.socket.do_handshake() File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1716, in do_handshake self._raise_ssl_error(self._ssl, result) File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1456, in _raise_ssl_error _raise_current_error() File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue raise exception_type(errors) Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed’)]
[root@engine ~]# ls -la /etc/ovirt-provider-ovn/conf.d/ итого 4 drwxr-xr-x. 2 root root 20 окт 2 13:19 . drwxr-xr-x. 3 root root 70 окт 2 01:14 .. -rw-r--r--. 1 root root 194 май 9 14:44 README
2 окт. 2019 г., в 10:11, Dominik Holler <dholler@redhat.com> написал(а):
On Wed, Oct 2, 2019 at 12:13 AM Mail SET Inc. Group <mail@set-pro.net> wrote:
Few hours later i'm fixed SSL error,
Would you share how you fixed the error? This might also help to understand the next issue.
but get a new error
2019-10-02 01:02:38,369 root Starting server 2019-10-02 01:02:38,369 root Version: 1.2.22-1 2019-10-02 01:02:38,369 root Build date: 20190509114402 2019-10-02 01:02:38,369 root Githash: 38acbde 2019-10-02 01:02:46,471 root From: ::ffff:172.19.0.10:33644 Request: POST /v2.0/tokens 2019-10-02 01:02:46,471 root Request body: {"auth": {"passwordCredentials": {"username": "admin@internal", "password": "<PASSWORD_HIDDEN>"}}} 2019-10-02 01:02:46,472 root Error during SSO authentication invalid_request : Missing parameter: 'client_secret' Traceback (most recent call last): File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py",
138, in _handle_request method, path_parts, content File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, in handle_request return self.call_response_handler(handler, content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in call_response_handler return response_handler(content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line 69, in post_tokens if not auth.validate_token(token): File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 31, in validate_token return auth.core.plugin.validate_token(token) File
"/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py",
line 36, in validate_token return self._is_user_name(token, _admin_user_name()) File
"/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py",
line 47, in _is_user_name timeout=AuthorizationByUserName._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py",
131, in get_token_info timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py",
55, in wrapper _check_for_error(response) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py",
181, in _check_for_error result['error'], details)) Unauthorized: Error during SSO authentication invalid_request : Missing parameter: 'client_secret'
looks like the /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf does not fit to engine's db.
Maybe most easy would be to move the current /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf away from /etc/ovirt-provider-ovn/conf.d/ and re-trigger the configuration by using the parameter '--reconfigure-optional-components' of engine-setup.
Was the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf modified outside engine-setup?
1 окт. 2019 г., в 22:53, Mail SET Inc. Group <mail@set-pro.net> написал(а):
Hello! Get problems with clean installation 4.3.6.6-1.el7 and OVN
When i try to test OVN get notification: «Import provider certificate» Do you approve trusting self signed certificate subject CN=Certificate Authority, O=SET.LOCAL, SHA-1 fingerprint a9d9b91160bb306667a521e6f2c66037ddc437cb?
When i’m press «Yes», see old problem: Failed to communicate with the external provider, see log for additional details.
[root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log timeout=self._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py",
75, in create_token username, password, engine_url, ca_file, timeout) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py",
91, in _get_sso_token timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py",
54, in wrapper response = func(*args, **kwargs) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py",
/var/log/ovirt-engine/setup/ovirt-engine-setup-20191002131904-4iwth0.log line line line line line line line line
47, in wrapper raise BadGateway(e) BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)
[root@engine ~]# cat /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf # This file is automatically generated by engine-setup. Please do not edit manually [OVN REMOTE] ovn-remote=ssl:127.0.0.1:6641 [SSL] https-enabled=true ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem ssl-cert-file=/etc/pki/ovirt-engine/certs/apache.cer ssl-key-file=/etc/pki/ovirt-engine/keys/apache.key.nopass [OVIRT] ovirt-sso-client-id=ovirt-provider-ovn ovirt-ca-file=/etc/pki/ovirt-engine/certs/engine.cer ovirt-host=https://engine.set.local:443/ovirt-engine/ <https://engine.set.local/ovirt-engine/> ovirt-sso-client-secret=vy80-QmCNNv6wP7JFvN9GWhPmYvo0lBNl5J8hpiGRa4 [NETWORK] port-security-enabled-default=True [PROVIDER] provider-host=engine.set.local
[root@engine ~]# python -c "import requests; \ print requests.get('https://engine.set.local', \ verify='/etc/pki/ovirt-engine/apache-ca.pem')" <Response [200]>
What’s wrong ?
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/IDUB3LOJHLRQVC...
Hi Dominik, Can this approach be used to 'reset' OVN to original state ? Best Regards, Strahil Nikolov
On Mon, Feb 3, 2020 at 11:39 AM Strahil Nikolov <hunter86_bg@yahoo.com> wrote:
On February 3, 2020 11:23:57 AM GMT+02:00, Dominik Holler < dholler@redhat.com> wrote:
On Wed, Oct 2, 2019 at 12:29 PM Mail SET Inc. Group <mail@set-pro.net> wrote:
--reconfigure-optional-components not helps. And the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf not exists after setup.
[root@engine ~]# rm /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
[root@engine ~]# engine-setup --reconfigure-optional-components [ INFO ] Stage: Initializing [ INFO ] Stage: Environment setup Configuration files: ['/etc/ovirt-engine-setup.conf.d/10-packaging-jboss.conf', '/etc/ovirt-engine-setup.conf.d/10-packaging.conf', '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf'] Log file:
/var/log/ovirt-engine/setup/ovirt-engine-setup-20191002131904-4iwth0.log
Version: otopi-1.8.3 (otopi-1.8.3-1.el7) [ INFO ] Stage: Environment packages setup [ INFO ] Stage: Programs detection [ INFO ] Stage: Environment setup (late) [ INFO ] Stage: Environment customization
--== PRODUCT OPTIONS ==--
Set up Cinderlib integration (Currently in tech preview) (Yes, No) [No]: [ INFO ] ovirt-provider-ovn already installed, skipping.
The old installation is still detected.
1. backup /etc/ovirt-provider-ovn/ 2. restore the original /etc/ovirt-provider-ovn/ovirt-provider-ovn.conf, e.g. to
https://github.com/oVirt/ovirt-provider-ovn/blob/master/provider/ovirt-provi...
3. /backup etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf, 4. rename ovirt-provider-ovn external provider entity in oVirt webadmin, 5. comment OVESETUP_OVN/ovirtProviderOvnId in /etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf 6. engine-setup --reconfigure-optional-components 7. If modifications of the certificates are required, please create a new file in /etc/ovirt-provider-ovn/conf.d/ , e.g. 50-ssl-modifications
Do these steps solve the problem for you?
Dec 18 21:01:02 <dholler> password should be the usual admin@interal password
--== PACKAGES ==--
[ INFO ] Checking for product updates... [ INFO ] No product updates found
--== NETWORK CONFIGURATION ==--
Setup can automatically configure the firewall on this
system.
Note: automatic configuration of the firewall may overwrite current settings. NOTICE: iptables is deprecated and will be removed in
future
releases Do you want Setup to configure the firewall? (Yes, No) [Yes]: [ INFO ] firewalld will be configured as firewall manager.
--== DATABASE CONFIGURATION ==--
The detected DWH database size is 111 MB. Setup can backup the existing database. The time and space required for the database backup depend on its size. This process takes time, and in some cases (for instance, when the size is few GBs) may take several hours to complete. If you choose to not back up the database, and Setup later fails for some reason, it will not be able to restore the database and all DWH data will be lost. Would you like to backup the existing database before upgrading it? (Yes, No) [Yes]: Perform full vacuum on the oVirt engine history database ovirt_engine_history@localhost? This operation may take a while depending on this setup health and the configuration of the db vacuum process. See https://www.postgresql.org/docs/10/sql-vacuum.html (Yes, No) [No]:
--== OVIRT ENGINE CONFIGURATION ==--
Perform full vacuum on the engine database engine@localhost? This operation may take a while depending on this setup health and the configuration of the db vacuum process. See https://www.postgresql.org/docs/10/sql-vacuum.html (Yes, No) [No]:
--== STORAGE CONFIGURATION ==--
--== PKI CONFIGURATION ==--
[WARNING] Failed to read or parse '/etc/pki/ovirt-engine/keys/apache.p12' Perhaps it was changed since last Setup. Error was: Mac verify error: invalid password?
--== APACHE CONFIGURATION ==--
--== SYSTEM CONFIGURATION ==--
--== MISC CONFIGURATION ==--
--== END OF CONFIGURATION ==--
[ INFO ] Stage: Setup validation During execution engine service will be stopped (OK, Cancel) [OK]: [ INFO ] Hosted Engine HA is in Global Maintenance mode. [WARNING] Less than 16384MB of memory is available [ INFO ] Cleaning stale zombie tasks and commands
--== CONFIGURATION PREVIEW ==--
Default SAN wipe after delete : False Firewall manager : firewalld Update Firewall : True Host FQDN : engine.set.local Set up Cinderlib integration : False Engine database secured connection : False Engine database user name : engine Engine database name : engine Engine database host : localhost Engine database port : 5432 Engine database host name validation : False Engine installation : True PKI organization : set.local Set up ovirt-provider-ovn : True Configure WebSocket Proxy : True DWH installation : True DWH database secured connection : False DWH database host : localhost DWH database user name : ovirt_engine_history DWH database name : ovirt_engine_history Backup DWH database : True DWH database port : 5432 DWH database host name validation : False Configure Image I/O Proxy : True Configure VMConsole Proxy : True
Please confirm installation settings (OK, Cancel) [OK]: [ INFO ] Cleaning async tasks and compensations [ INFO ] Unlocking existing entities [ INFO ] Checking the Engine database consistency [ INFO ] Stage: Transaction setup [ INFO ] Stopping engine service [ INFO ] Stopping ovirt-fence-kdump-listener service [ INFO ] Stopping dwh service [ INFO ] Stopping Image I/O Proxy service [ INFO ] Stopping vmconsole-proxy service [ INFO ] Stopping websocket-proxy service [ INFO ] Stage: Misc configuration (early) [ INFO ] Stage: Package installation [ INFO ] Stage: Misc configuration [ INFO ] Upgrading CA [ INFO ] Updating /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf to use apache key and certificate [ INFO ] Backing up database localhost:ovirt_engine_history to '/var/lib/ovirt-engine-dwh/backups/dwh-20191002132135.4DV89M.dump'. [ INFO ] Creating/refreshing DWH database schema [ INFO ] Configuring Image I/O Proxy [ INFO ] Configuring WebSocket Proxy [ INFO ] Backing up database localhost:engine to '/var/lib/ovirt-engine/backups/engine-20191002132145.CzmG31.dump'. [ INFO ] Creating/refreshing Engine database schema [ INFO ] Creating/refreshing Engine 'internal' domain database schema Unregistering existing client registration info. [ INFO ] Generating post install configuration file '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf' [ INFO ] Stage: Transaction commit [ INFO ] Stage: Closing up [ INFO ] Starting engine service [ INFO ] Starting dwh service [ INFO ] Restarting ovirt-vmconsole proxy service
--== SUMMARY ==--
[ INFO ] Restarting httpd Web access is enabled at: http://engine.set.local:80/ovirt-engine https://engine.set.local:443/ovirt-engine Internal CA 98:A1:43:62:A6:0E:FE:4E:13:FA:0E:3F:F8:68:0C:62:01:31:16:BA SSH fingerprint: SHA256:NrIqDX9x7XrqE7CXpm/D9xpqnF9J162+42xiFiR5m1s [WARNING] Less than 16384MB of memory is available
--== END OF SUMMARY ==--
[ INFO ] Stage: Clean up Log file is located at
[ INFO ] Generating answer file '/var/lib/ovirt-engine/setup/answers/20191002132222-setup.conf' [ INFO ] Stage: Pre-termination [ INFO ] Stage: Termination [ INFO ] Execution of setup completed successfully
[root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log error = stream.connect() File "/usr/lib64/python2.7/site-packages/ovs/stream.py", line 802, in connect self.socket.do_handshake() File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1716, in do_handshake self._raise_ssl_error(self._ssl, result) File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1456, in _raise_ssl_error _raise_current_error() File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue raise exception_type(errors) Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed’)]
[root@engine ~]# ls -la /etc/ovirt-provider-ovn/conf.d/ итого 4 drwxr-xr-x. 2 root root 20 окт 2 13:19 . drwxr-xr-x. 3 root root 70 окт 2 01:14 .. -rw-r--r--. 1 root root 194 май 9 14:44 README
2 окт. 2019 г., в 10:11, Dominik Holler <dholler@redhat.com> написал(а):
On Wed, Oct 2, 2019 at 12:13 AM Mail SET Inc. Group <mail@set-pro.net> wrote:
Few hours later i'm fixed SSL error,
Would you share how you fixed the error? This might also help to understand the next issue.
but get a new error
2019-10-02 01:02:38,369 root Starting server 2019-10-02 01:02:38,369 root Version: 1.2.22-1 2019-10-02 01:02:38,369 root Build date: 20190509114402 2019-10-02 01:02:38,369 root Githash: 38acbde 2019-10-02 01:02:46,471 root From: ::ffff:172.19.0.10:33644 Request: POST /v2.0/tokens 2019-10-02 01:02:46,471 root Request body: {"auth": {"passwordCredentials": {"username": "admin@internal", "password": "<PASSWORD_HIDDEN>"}}} 2019-10-02 01:02:46,472 root Error during SSO authentication invalid_request : Missing parameter: 'client_secret' Traceback (most recent call last): File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py",
/var/log/ovirt-engine/setup/ovirt-engine-setup-20191002131904-4iwth0.log line
138, in _handle_request method, path_parts, content File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, in handle_request return self.call_response_handler(handler, content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in call_response_handler return response_handler(content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line 69, in post_tokens if not auth.validate_token(token): File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 31, in validate_token return auth.core.plugin.validate_token(token) File
"/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py",
line 36, in validate_token return self._is_user_name(token, _admin_user_name()) File
line 47, in _is_user_name timeout=AuthorizationByUserName._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py",
131, in get_token_info timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py",
55, in wrapper _check_for_error(response) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py",
181, in _check_for_error result['error'], details)) Unauthorized: Error during SSO authentication invalid_request : Missing parameter: 'client_secret'
looks like the /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf does not fit to engine's db.
Maybe most easy would be to move the current /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf away from /etc/ovirt-provider-ovn/conf.d/ and re-trigger the configuration by using the parameter '--reconfigure-optional-components' of engine-setup.
Was the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf modified outside engine-setup?
1 окт. 2019 г., в 22:53, Mail SET Inc. Group <mail@set-pro.net> написал(а):
Hello! Get problems with clean installation 4.3.6.6-1.el7 and OVN
When i try to test OVN get notification: «Import provider certificate» Do you approve trusting self signed certificate subject CN=Certificate Authority, O=SET.LOCAL, SHA-1 fingerprint a9d9b91160bb306667a521e6f2c66037ddc437cb?
When i’m press «Yes», see old problem: Failed to communicate with the external provider, see log for additional details.
[root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log timeout=self._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py",
75, in create_token username, password, engine_url, ca_file, timeout) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py",
91, in _get_sso_token timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py",
54, in wrapper response = func(*args, **kwargs) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py",
"/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", line line line line line line line
47, in wrapper raise BadGateway(e) BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)
[root@engine ~]# cat /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf # This file is automatically generated by engine-setup. Please do not edit manually [OVN REMOTE] ovn-remote=ssl:127.0.0.1:6641 [SSL] https-enabled=true ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem ssl-cert-file=/etc/pki/ovirt-engine/certs/apache.cer ssl-key-file=/etc/pki/ovirt-engine/keys/apache.key.nopass [OVIRT] ovirt-sso-client-id=ovirt-provider-ovn ovirt-ca-file=/etc/pki/ovirt-engine/certs/engine.cer ovirt-host=https://engine.set.local:443/ovirt-engine/ <https://engine.set.local/ovirt-engine/> ovirt-sso-client-secret=vy80-QmCNNv6wP7JFvN9GWhPmYvo0lBNl5J8hpiGRa4 [NETWORK] port-security-enabled-default=True [PROVIDER] provider-host=engine.set.local
[root@engine ~]# python -c "import requests; \ print requests.get('https://engine.set.local', \ verify='/etc/pki/ovirt-engine/apache-ca.pem')" <Response [200]>
What’s wrong ?
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/IDUB3LOJHLRQVC...
Hi Dominik,
Can this approach be used to 'reset' OVN to original state ?
No, this would just reset the integration into oVirt. If you like to reset the ovn-nb, I would use ovn-nbctl on command line to delete all entities in the nb data base. Just be aware that this could create inconsistent states, but if you delete all logical network entities, this is no problem. I recommend to create a backup with engine-backup before using ovn-nbct.
Best Regards, Strahil Nikolov
Hi Dominik! So, this solution helps! But, if i do step #7 it returns to pervious (bad) state and i need to do all 6 steps again. Thank u 4 help!!!
On Mon, Feb 3, 2020 at 1:07 PM <mail@set-pro.net> wrote:
Hi Dominik! So, this solution helps! But, if i do step #7 it returns to pervious (bad) state and i need to do all 6 steps again.
Step 7 is now independent from the other steps. You are welcome to post the error message where the certificates fail. https://github.com/oVirt/ovirt-provider-ovn/blob/master/README.adoc explains the ssl configuration of the ovirt-provider-ovn.
Thank u 4 help!!! _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/LQAQFSSPE6EBCU...
Installation log: engine-setup --reconfigure-optional-components [ INFO ] Stage: Initializing [ INFO ] Stage: Environment setup Configuration files: ['/etc/ovirt-engine-setup.conf.d/10-packaging-jboss.conf', '/etc/ovirt-engine-setup.conf.d/10-packaging.conf', '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf'] Log file: /var/log/ovirt-engine/setup/ovirt-engine-setup-20200203141445-e8fjh7.log Version: otopi-1.8.4 (otopi-1.8.4-1.el7) [ INFO ] Stage: Environment packages setup [ INFO ] Stage: Programs detection [ INFO ] Stage: Environment setup (late) [ INFO ] Stage: Environment customization --== PRODUCT OPTIONS ==-- Set up Cinderlib integration (Currently in tech preview) (Yes, No) [No]: --== PACKAGES ==-- [ INFO ] Checking for product updates... [ INFO ] No product updates found --== NETWORK CONFIGURATION ==-- Setup can automatically configure the firewall on this system. Note: automatic configuration of the firewall may overwrite current settings. NOTICE: iptables is deprecated and will be removed in future releases Do you want Setup to configure the firewall? (Yes, No) [Yes]: [ INFO ] firewalld will be configured as firewall manager. --== DATABASE CONFIGURATION ==-- The detected DWH database size is 327 MB. Setup can backup the existing database. The time and space required for the database backup depend on its size. This process takes time, and in some cases (for instance, when the size is few GBs) may take several hours to complete. If you choose to not back up the database, and Setup later fails for some reason, it will not be able to restore the database and all DWH data will be lost. Would you like to backup the existing database before upgrading it? (Yes, No) [Yes]: Perform full vacuum on the oVirt engine history database ovirt_engine_history@localhost? This operation may take a while depending on this setup health and the configuration of the db vacuum process. See https://www.postgresql.org/docs/10/sql-vacuum.html (Yes, No) [No]: --== OVIRT ENGINE CONFIGURATION ==-- Perform full vacuum on the engine database engine@localhost? This operation may take a while depending on this setup health and the configuration of the db vacuum process. See https://www.postgresql.org/docs/10/sql-vacuum.html (Yes, No) [No]: oVirt OVN provider user[admin@internal]: oVirt OVN provider password: --== STORAGE CONFIGURATION ==-- --== PKI CONFIGURATION ==-- [WARNING] Failed to read or parse '/etc/pki/ovirt-engine/keys/apache.p12' Perhaps it was changed since last Setup. Error was: Mac verify error: invalid password? --== APACHE CONFIGURATION ==-- --== SYSTEM CONFIGURATION ==-- --== MISC CONFIGURATION ==-- --== END OF CONFIGURATION ==-- [ INFO ] Stage: Setup validation During execution engine service will be stopped (OK, Cancel) [OK]: [ INFO ] Hosted Engine HA is in Global Maintenance mode. [WARNING] Less than 16384MB of memory is available [ INFO ] Cleaning stale zombie tasks and commands --== CONFIGURATION PREVIEW ==-- Default SAN wipe after delete : False Firewall manager : firewalld Update Firewall : True Host FQDN : engine.set.local Set up Cinderlib integration : False Engine database secured connection : False Engine database user name : engine Engine database name : engine Engine database host : localhost Engine database port : 5432 Engine database host name validation : False Engine installation : True PKI organization : set.local Set up ovirt-provider-ovn : True Configure WebSocket Proxy : True DWH installation : True DWH database secured connection : False DWH database host : localhost DWH database user name : ovirt_engine_history DWH database name : ovirt_engine_history Backup DWH database : True DWH database port : 5432 DWH database host name validation : False Configure Image I/O Proxy : True Configure VMConsole Proxy : True Please confirm installation settings (OK, Cancel) [OK]: [ INFO ] Cleaning async tasks and compensations [ INFO ] Unlocking existing entities [ INFO ] Checking the Engine database consistency [ INFO ] Stage: Transaction setup [ INFO ] Stopping engine service [ INFO ] Stopping ovirt-fence-kdump-listener service [ INFO ] Stopping dwh service [ INFO ] Stopping Image I/O Proxy service [ INFO ] Stopping vmconsole-proxy service [ INFO ] Stopping websocket-proxy service [ INFO ] Stage: Misc configuration (early) [ INFO ] Stage: Package installation [ INFO ] Stage: Misc configuration [ INFO ] Upgrading CA [ INFO ] Updating /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf to use apache key and certificate [ ERROR ] Failed to import provider certificate into the external provider keystore [ INFO ] Backing up database localhost:ovirt_engine_history to '/var/lib/ovirt-engine-dwh/backups/dwh-20200203143914.gWtVQt.dump'. [ INFO ] Creating/refreshing DWH database schema [ INFO ] Configuring Image I/O Proxy [ INFO ] Configuring WebSocket Proxy [ INFO ] Backing up database localhost:engine to '/var/lib/ovirt-engine/backups/engine-20200203143933.zqclHW.dump'. [ INFO ] Creating/refreshing Engine database schema [ INFO ] Creating/refreshing Engine 'internal' domain database schema Unregistering existing client registration info. [ INFO ] Adding default OVN provider to database [ INFO ] Adding OVN provider secret to database [ INFO ] Generating post install configuration file '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf' [ INFO ] Stage: Transaction commit [ INFO ] Stage: Closing up [ INFO ] Starting engine service [ INFO ] Starting dwh service [ INFO ] Restarting ovirt-vmconsole proxy service --== SUMMARY ==-- [ INFO ] Restarting httpd Web access is enabled at: http://engine.set.local:80/ovirt-engine https://engine.set.local:443/ovirt-engine ovirt-provider-ovn configuration file was created in: /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf A sample configuration file for future reference was created in: /etc/ovirt-engine/ovirt-provider-ovn-conf.example The following commands failed to execute. Please execute them manually as root: . /usr/share/ovirt-engine/bin/engine-prolog.sh export pass="${ENGINE_EXTERNAL_PROVIDERS_TRUST_STORE_PASSWORD}" keytool -import -alias ovirt-provider-ovn -keystore /var/lib/ovirt-engine/external_truststore -file /etc/pki/ovirt-engine/ca.pem -noprompt -storepass:env pass Internal CA 98:A1:43:62:A6:0E:FE:4E:13:FA:0E:3F:F8:68:0C:62:01:31:16:BA SSH fingerprint: SHA256:NrIqDX9x7XrqE7CXpm/D9xpqnF9J162+42xiFiR5m1s [WARNING] Less than 16384MB of memory is available --== END OF SUMMARY ==-- [ INFO ] Stage: Clean up Log file is located at /var/log/ovirt-engine/setup/ovirt-engine-setup-20200203141445-e8fjh7.log [ INFO ] Generating answer file '/var/lib/ovirt-engine/setup/answers/20200203144041-setup.conf' [ INFO ] Stage: Pre-termination [ INFO ] Stage: Termination [ INFO ] Execution of setup completed successfully Ffter install i'm test provider and it's ok. Then i create /etc/ovirt-provider-ovn/conf.d/50-ssl-modifications.conf with this content: [SSL] ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem ssl-cert-file=/etc/pki/ovirt-engine/certs/apache.cer ssl-key-file=/etc/pki/ovirt-engine/keys/apache.key.nopass [OVIRT] ovirt-sso-client-secret=PzrrA0GBGwBzlKcf2s3j6PZK1BONTQG6FR6UxPWNqYY Restart provider and test again. Got message "Failed to communicate with the external provider, see log for additional details." I try to delete created file^ but it not help, and i do your 6 steps again.
Hi! Can you tell me how to do step 4 "rename ovirt-provider-ovn external provider entity in oVirt webadmin"
participants (5)
-
Dominik Holler -
grig.4n@gmail.com -
Mail SET Inc. Group -
mail@set-pro.net
-
Strahil Nikolov