Foreman: Add external provider (Failed with error PROVIDER_FAILURE and code 5050)
Hello, did anyone actually get this working in oVirt 3.5 / EL6 - Engine? I am trying this for two days now. Setup: Engine; EL6.5 Foreman; EL6.5 Foreman seems to do it's as I can use it to deploy hosts and also smart proxies are running fine. I have opened a BZ [1]; because this really can not work out of the box with EL6 plain vanilla packages. I wonder if this was ever tested... ? Java 7 used i n EL6 [4] does only support DH keys up to 1024byte. This is known issue in Foreman [2] as longer DH keys are now used by default in Foreman / PuppetCA. A dirty fix confirmed working is adding default DH parameters to the foreman cert; effectively disabling it [3]. So I got SSL working and I get beyond the authentication (entering wrong data gets me auth errors)- however, I am still not able to add the external provider. Pressing 'test' results in (Failed with error PROVIDER_FAILURE and code 5050) Sample engine.log 2014-10-28 23:49:40,860 ERROR [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (ajp--127.0.0.1-8702-1) [6a3da4e7] Command org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand throw Vdc Bll exception. With error message VdcBLLException: PROVIDER_FAILURE (Failed with error PROVIDER_FAILURE and code 5050) I can't find any more hints in oVirt; access logs in Foreman are telling me API queries by the engine. Did I miss a crucial step in the foreman setup? How can I debug this issue? I am willing to upgrade openjdk; provided this does not break my engine... Thanks! [1] https://bugzilla.redhat.com/show_bug.cgi?id=1157749 [2] https://tickets.puppetlabs.com/browse/SERVER-17 [3] http://httpd.apache.org/docs/current/ssl/ssl_faq.html#javadh [4] java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5.x86_64 -- Daniel Helgenberger m box bewegtbild GmbH P: +49/30/2408781-22 F: +49/30/2408781-10 ACKERSTR. 19 D-10115 BERLIN www.m-box.de www.monkeymen.tv Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767
Answering my own question; and maybe a very obvious cause for the failing provider: the missing provider plugin in forman! So one needs to do: yum install ruby193-rubygem-ovirt_provision_plugin on the foreman host. After that, the connection test in the engine comes up positive. Sadly, this is not documented anywhere; only on the GitHub repo readme [1]. This is also a little bit outdated, as the rbovirt dependency is resolved now automatically. Also, but I am not sure, the porvider lugin needs the foreman_discovery plugin to work: yum install ruby193-rubygem-foreman_discovery [1] https://github.com/theforeman/ovirt_provision_plugin/blob/master/README.md On 29.10.2014 00:36, Daniel Helgenberger wrote:
Hello,
did anyone actually get this working in oVirt 3.5 / EL6 - Engine? I am trying this for two days now.
Setup: Engine; EL6.5 Foreman; EL6.5
Foreman seems to do it's as I can use it to deploy hosts and also smart proxies are running fine.
I have opened a BZ [1]; because this really can not work out of the box with EL6 plain vanilla packages. I wonder if this was ever tested... ? Java 7 used i n EL6 [4] does only support DH keys up to 1024byte. This is known issue in Foreman [2] as longer DH keys are now used by default in Foreman / PuppetCA. A dirty fix confirmed working is adding default DH parameters to the foreman cert; effectively disabling it [3].
So I got SSL working and I get beyond the authentication (entering wrong data gets me auth errors)- however, I am still not able to add the external provider. Pressing 'test' results in (Failed with error PROVIDER_FAILURE and code 5050)
Sample engine.log 2014-10-28 23:49:40,860 ERROR [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (ajp--127.0.0.1-8702-1) [6a3da4e7] Command org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand throw Vdc Bll exception. With error message VdcBLLException: PROVIDER_FAILURE (Failed with error PROVIDER_FAILURE and code 5050)
I can't find any more hints in oVirt; access logs in Foreman are telling me API queries by the engine. Did I miss a crucial step in the foreman setup? How can I debug this issue?
I am willing to upgrade openjdk; provided this does not break my engine...
Thanks!
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1157749 [2] https://tickets.puppetlabs.com/browse/SERVER-17 [3] http://httpd.apache.org/docs/current/ssl/ssl_faq.html#javadh [4] java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5.x86_64
-- Daniel Helgenberger m box bewegtbild GmbH P: +49/30/2408781-22 F: +49/30/2408781-10 ACKERSTR. 19 D-10115 BERLIN www.m-box.de www.monkeymen.tv Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767
These steps are also in the feature page, but it would be nice if you review them to see nothing is missing. http://www.ovirt.org/Features/AdvancedForemanIntegration Thanks Oved On Nov 6, 2014 12:40 AM, Daniel Helgenberger <daniel.helgenberger@m-box.de> wrote:
Answering my own question; and maybe a very obvious cause for the failing provider: the missiAnswering my own question; and maybe a very obvious cause for the
failing provider: the missing provider plugin in forman! So one needs to do: yum install ruby193-rubygem-ovirt_provision_plugin on the foreman host. After that, the connection test in the engine comes up positive. Sadly, this is not documented anywhere; only on the GitHub repo readme [1]. This is also a little bit outdated, as the rbovirt dependency is resolved now automatically. Also, but I am not sure, the porvider lugin needs the foreman_discovery plugin to work: yum install ruby193-rubygem-foreman_discovery [1] https://github.com/theforeman/ovirt_provision_plugin/blob/master/README.md On 29.10.2014 00:36, Daniel Helgenberger wrote:
Hello,
did anyone actually get this working in oVirt 3.5 / EL6 - Engine? I am trying this for two days now.
Setup: Engine; EL6.5 Foreman; EL6.5
Foreman seems to do it's as I can use it to deploy hosts and also smart proxies are running fine.
I have opened a BZ [1]; because this really can not work out of the box with EL6 plain vanilla packages. I wonder if this was ever tested... ? Java 7 used i n EL6 [4] does only support DH keys up to 1024byte. This is known issue in Foreman [2] as longer DH keys are now used by default in Foreman / PuppetCA. A dirty fix confirmed working is adding default DH parameters to the foreman cert; effectively disabling it [3].
So I got SSL working and I get beyond the authentication (entering wrong data gets me auth errors)- however, I am still not able to add the external provider. Pressing 'test' results in (Failed with error PROVIDER_FAILURE and code 5050)
Sample engine.log 2014-10-28 23:49:40,860 ERROR [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (ajp--127.0.0.1-8702-1) [6a3da4e7] Command org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand throw Vdc Bll exception. With error message VdcBLLException: PROVIDER_FAILURE (Failed with error PROVIDER_FAILURE and code 5050)
I can't find any more hints in oVirt; access logs in Foreman are telling me API queries by the engine. Did I miss a crucial step in the foreman setup? How can I debug this issue?
I am willing to upgrade openjdk; provided this does not break my engine...
Thanks!
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1157749 [2] https://tickets.puppetlabs.com/browse/SERVER-17 [3] http://httpd.apache.org/docs/current/ssl/ssl_faq.html#javadh [4] java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5.x86_64
-- Daniel Helgenberger m box bewegtbild GmbH P: +49/30/2408781-22 F: +49/30/2408781-10 ACKERSTR. 19 D-10115 BERLIN www.m-box.de www.monkeymen.tv Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767 _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
On 06.11.2014 05:47, Oved Ourfali wrote:
These steps are also in the feature page Thanks Oved for pointing to the doc; my bad. I was using the foreman integration document [1]. Maybe the pages should be merged?
, but it would be nice if you review them to see nothing is missing.
http://www.ovirt.org/Features/AdvancedForemanIntegration With foreman 1.6 (at least) there is no need to enable the nightly builds any more as rb-ovirt is resolved by yum.
Lastly, I think you need to enable foreman_discovery with the foreman installer to work and download images: # foreman-installer --enable-foreman-plugin-discovery --foreman-plugin-discovery-install-images=true You have that already listed in the testing env setup; but this needs to be put in context with installing foreman-ovirt on the foreman host.
Thanks Oved
[1] http://www.ovirt.org/Features/ForemanIntegration
On Nov 6, 2014 12:40 AM, Daniel Helgenberger <daniel.helgenberger@m-box.de> wrote:
Answering my own question; and maybe a very obvious cause for the failing provider: the missiAnswering my own question; and maybe a very obvious cause for the
failing provider: the missing provider plugin in forman! So one needs to do:
yum install ruby193-rubygem-ovirt_provision_plugin
on the foreman host.
After that, the connection test in the engine comes up positive. Sadly, this is not documented anywhere; only on the GitHub repo readme [1]. This is also a little bit outdated, as the rbovirt dependency is resolved now automatically.
Also, but I am not sure, the porvider lugin needs the foreman_discovery plugin to work:
yum install ruby193-rubygem-foreman_discovery
[1] https://github.com/theforeman/ovirt_provision_plugin/blob/master/README.md
On 29.10.2014 00:36, Daniel Helgenberger wrote:
Hello,
did anyone actually get this working in oVirt 3.5 / EL6 - Engine? I am trying this for two days now.
Setup: Engine; EL6.5 Foreman; EL6.5
Foreman seems to do it's as I can use it to deploy hosts and also smart proxies are running fine.
I have opened a BZ [1]; because this really can not work out of the box with EL6 plain vanilla packages. I wonder if this was ever tested... ? Java 7 used i n EL6 [4] does only support DH keys up to 1024byte. This is known issue in Foreman [2] as longer DH keys are now used by default in Foreman / PuppetCA. A dirty fix confirmed working is adding default DH parameters to the foreman cert; effectively disabling it [3].
So I got SSL working and I get beyond the authentication (entering wrong data gets me auth errors)- however, I am still not able to add the external provider. Pressing 'test' results in (Failed with error PROVIDER_FAILURE and code 5050)
Sample engine.log 2014-10-28 23:49:40,860 ERROR [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (ajp--127.0.0.1-8702-1) [6a3da4e7] Command org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand throw Vdc Bll exception. With error message VdcBLLException: PROVIDER_FAILURE (Failed with error PROVIDER_FAILURE and code 5050)
I can't find any more hints in oVirt; access logs in Foreman are telling me API queries by the engine. Did I miss a crucial step in the foreman setup? How can I debug this issue?
I am willing to upgrade openjdk; provided this does not break my engine...
Thanks!
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1157749 [2] https://tickets.puppetlabs.com/browse/SERVER-17 [3] http://httpd.apache.org/docs/current/ssl/ssl_faq.html#javadh [4] java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5.x86_64
-- Daniel Helgenberger m box bewegtbild GmbH P: +49/30/2408781-22 F: +49/30/2408781-10 ACKERSTR. 19 D-10115 BERLIN www.m-box.de www.monkeymen.tv Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767
----- Original Message -----
From: "Daniel Helgenberger" <daniel.helgenberger@m-box.de> To: "Oved Ourfali" <oourfali@redhat.com> Cc: users@ovirt.org Sent: Thursday, November 6, 2014 1:29:38 PM Subject: Re: [ovirt-users] Foreman: Add external provider (Failed with error PROVIDER_FAILURE and code 5050)
On 06.11.2014 05:47, Oved Ourfali wrote:
These steps are also in the feature page Thanks Oved for pointing to the doc; my bad. I was using the foreman integration document [1]. Maybe the pages should be merged?
Yaniv - you planned to merge them, right? That would be a good time...
, but it would be nice if you review them to see nothing is missing.
http://www.ovirt.org/Features/AdvancedForemanIntegration With foreman 1.6 (at least) there is no need to enable the nightly builds any more as rb-ovirt is resolved by yum.
Lastly, I think you need to enable foreman_discovery with the foreman installer to work and download images:
# foreman-installer --enable-foreman-plugin-discovery --foreman-plugin-discovery-install-images=true
You have that already listed in the testing env setup; but this needs to be put in context with installing foreman-ovirt on the foreman host.
Yaniv - please add a note there too. Daniel - thanks for the review and the comments! Regards, Oved
Thanks Oved
[1] http://www.ovirt.org/Features/ForemanIntegration
On Nov 6, 2014 12:40 AM, Daniel Helgenberger <daniel.helgenberger@m-box.de> wrote:
Answering my own question; and maybe a very obvious cause for the failing provider: the missiAnswering my own question; and maybe a very obvious cause for the
failing provider: the missing provider plugin in forman! So one needs to do:
yum install ruby193-rubygem-ovirt_provision_plugin
on the foreman host.
After that, the connection test in the engine comes up positive. Sadly, this is not documented anywhere; only on the GitHub repo readme [1]. This is also a little bit outdated, as the rbovirt dependency is resolved now automatically.
Also, but I am not sure, the porvider lugin needs the foreman_discovery plugin to work:
yum install ruby193-rubygem-foreman_discovery
[1] https://github.com/theforeman/ovirt_provision_plugin/blob/master/README.md
On 29.10.2014 00:36, Daniel Helgenberger wrote:
Hello,
did anyone actually get this working in oVirt 3.5 / EL6 - Engine? I am trying this for two days now.
Setup: Engine; EL6.5 Foreman; EL6.5
Foreman seems to do it's as I can use it to deploy hosts and also smart proxies are running fine.
I have opened a BZ [1]; because this really can not work out of the box with EL6 plain vanilla packages. I wonder if this was ever tested... ? Java 7 used i n EL6 [4] does only support DH keys up to 1024byte. This is known issue in Foreman [2] as longer DH keys are now used by default in Foreman / PuppetCA. A dirty fix confirmed working is adding default DH parameters to the foreman cert; effectively disabling it [3].
So I got SSL working and I get beyond the authentication (entering wrong data gets me auth errors)- however, I am still not able to add the external provider. Pressing 'test' results in (Failed with error PROVIDER_FAILURE and code 5050)
Sample engine.log 2014-10-28 23:49:40,860 ERROR [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (ajp--127.0.0.1-8702-1) [6a3da4e7] Command org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand throw Vdc Bll exception. With error message VdcBLLException: PROVIDER_FAILURE (Failed with error PROVIDER_FAILURE and code 5050)
I can't find any more hints in oVirt; access logs in Foreman are telling me API queries by the engine. Did I miss a crucial step in the foreman setup? How can I debug this issue?
I am willing to upgrade openjdk; provided this does not break my engine...
Thanks!
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1157749 [2] https://tickets.puppetlabs.com/browse/SERVER-17 [3] http://httpd.apache.org/docs/current/ssl/ssl_faq.html#javadh [4] java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5.x86_64
-- Daniel Helgenberger m box bewegtbild GmbH
P: +49/30/2408781-22 F: +49/30/2408781-10
ACKERSTR. 19 D-10115 BERLIN
www.m-box.de www.monkeymen.tv
Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767
Hello, I have a working foreman 1.9.1 installed with katello 2.3. ruby193-rubygem-ovirt_provision_plugin-1.0.1-1.el7 is also installed on the same host. But the issue is the same as below when testing in "add external provider" from ovirt 3.5.4. What can I do now? Le 06/11/2014 12:31, Oved Ourfali a écrit :
----- Original Message -----
From: "Daniel Helgenberger" <daniel.helgenberger@m-box.de> To: "Oved Ourfali" <oourfali@redhat.com> Cc: users@ovirt.org Sent: Thursday, November 6, 2014 1:29:38 PM Subject: Re: [ovirt-users] Foreman: Add external provider (Failed with error PROVIDER_FAILURE and code 5050)
On 06.11.2014 05:47, Oved Ourfali wrote:
These steps are also in the feature page Thanks Oved for pointing to the doc; my bad. I was using the foreman integration document [1]. Maybe the pages should be merged?
Yaniv - you planned to merge them, right? That would be a good time...
, but it would be nice if you review them to see nothing is missing.
http://www.ovirt.org/Features/AdvancedForemanIntegration With foreman 1.6 (at least) there is no need to enable the nightly builds any more as rb-ovirt is resolved by yum.
Lastly, I think you need to enable foreman_discovery with the foreman installer to work and download images:
# foreman-installer --enable-foreman-plugin-discovery --foreman-plugin-discovery-install-images=true
You have that already listed in the testing env setup; but this needs to be put in context with installing foreman-ovirt on the foreman host. Yaniv - please add a note there too.
Daniel - thanks for the review and the comments!
Regards, Oved
Thanks Oved
[1] http://www.ovirt.org/Features/ForemanIntegration
On Nov 6, 2014 12:40 AM, Daniel Helgenberger <daniel.helgenberger@m-box.de> wrote:
Answering my own question; and maybe a very obvious cause for the failing provider: the missiAnswering my own question; and maybe a very obvious cause for the failing provider: the missing provider plugin in forman! So one needs to do:
yum install ruby193-rubygem-ovirt_provision_plugin
on the foreman host.
After that, the connection test in the engine comes up positive. Sadly, this is not documented anywhere; only on the GitHub repo readme [1]. This is also a little bit outdated, as the rbovirt dependency is resolved now automatically.
Also, but I am not sure, the porvider lugin needs the foreman_discovery plugin to work:
yum install ruby193-rubygem-foreman_discovery
[1] https://github.com/theforeman/ovirt_provision_plugin/blob/master/README.md
On 29.10.2014 00:36, Daniel Helgenberger wrote:
Hello,
did anyone actually get this working in oVirt 3.5 / EL6 - Engine? I am trying this for two days now.
Setup: Engine; EL6.5 Foreman; EL6.5
Foreman seems to do it's as I can use it to deploy hosts and also smart proxies are running fine.
I have opened a BZ [1]; because this really can not work out of the box with EL6 plain vanilla packages. I wonder if this was ever tested... ? Java 7 used i n EL6 [4] does only support DH keys up to 1024byte. This is known issue in Foreman [2] as longer DH keys are now used by default in Foreman / PuppetCA. A dirty fix confirmed working is adding default DH parameters to the foreman cert; effectively disabling it [3].
So I got SSL working and I get beyond the authentication (entering wrong data gets me auth errors)- however, I am still not able to add the external provider. Pressing 'test' results in (Failed with error PROVIDER_FAILURE and code 5050)
Sample engine.log 2014-10-28 23:49:40,860 ERROR [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (ajp--127.0.0.1-8702-1) [6a3da4e7] Command org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand throw Vdc Bll exception. With error message VdcBLLException: PROVIDER_FAILURE (Failed with error PROVIDER_FAILURE and code 5050)
I can't find any more hints in oVirt; access logs in Foreman are telling me API queries by the engine. Did I miss a crucial step in the foreman setup? How can I debug this issue?
I am willing to upgrade openjdk; provided this does not break my engine...
Thanks!
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1157749 [2] https://tickets.puppetlabs.com/browse/SERVER-17 [3] http://httpd.apache.org/docs/current/ssl/ssl_faq.html#javadh [4] java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5.x86_64
-- Daniel Helgenberger m box bewegtbild GmbH
P: +49/30/2408781-22 F: +49/30/2408781-10
ACKERSTR. 19 D-10115 BERLIN
www.m-box.de www.monkeymen.tv
Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Nathanaël Blanchet Supervision réseau Pôle Infrastrutures Informatiques 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanchet@abes.fr
Hello, I have a working foreman 1.9.1 installed with katello 2.3. As required, ruby193-rubygem-ovirt_provision_plugin-1.0.1-1.el7 is also installed on the same host. But the issue is the same as below when testing in "add external provider" from ovirt 3.5.4. Is it a known bug?
Hi Nathanael, This error means that the restAPI request to foreman returned an error. Most of the time it is a communication issue.. but we can't know much from this report. Can you please share the production.log file from your foreman host? Better to try to add the server as provider, get the error and then check the production.log file - it will show us if engine request got to foreman server, the internal fields and why foreman returned 5050. Greeting, Yaniv Bronhaim. On Wed, Sep 23, 2015 at 5:31 PM, Nathanaël Blanchet <blanchet@abes.fr> wrote:
Hello,
I have a working foreman 1.9.1 installed with katello 2.3. ruby193-rubygem-ovirt_provision_plugin-1.0.1-1.el7 is also installed on the same host. But the issue is the same as below when testing in "add external provider" from ovirt 3.5.4. What can I do now?
Le 06/11/2014 12:31, Oved Ourfali a écrit :
----- Original Message -----
From: "Daniel Helgenberger" <daniel.helgenberger@m-box.de> To: "Oved Ourfali" <oourfali@redhat.com> Cc: users@ovirt.org Sent: Thursday, November 6, 2014 1:29:38 PM Subject: Re: [ovirt-users] Foreman: Add external provider (Failed with error PROVIDER_FAILURE and code 5050)
On 06.11.2014 05:47, Oved Ourfali wrote:
These steps are also in the feature page
Thanks Oved for pointing to the doc; my bad. I was using the foreman integration document [1]. Maybe the pages should be merged?
Yaniv - you planned to merge them, right? That would be a good time...
, but it would be nice if you review them to see nothing is missing.
With foreman 1.6 (at least) there is no need to enable the nightly builds any more as rb-ovirt is resolved by yum.
Lastly, I think you need to enable foreman_discovery with the foreman installer to work and download images:
# foreman-installer --enable-foreman-plugin-discovery --foreman-plugin-discovery-install-images=true
You have that already listed in the testing env setup; but this needs to be put in context with installing foreman-ovirt on the foreman host.
Yaniv - please add a note there too.
Daniel - thanks for the review and the comments!
Regards, Oved
Thanks
Oved
On Nov 6, 2014 12:40 AM, Daniel Helgenberger <
daniel.helgenberger@m-box.de> wrote:
Answering my own question; and maybe a very obvious cause for the failing provider: the missiAnswering my own question; and maybe a very obvious cause for the
failing provider: the missing provider plugin in forman! So one needs to do:
yum install ruby193-rubygem-ovirt_provision_plugin
on the foreman host.
After that, the connection test in the engine comes up positive. Sadly, this is not documented anywhere; only on the GitHub repo readme [1]. This is also a little bit outdated, as the rbovirt dependency is resolved now automatically.
Also, but I am not sure, the porvider lugin needs the foreman_discovery plugin to work:
yum install ruby193-rubygem-foreman_discovery
[1]
https://github.com/theforeman/ovirt_provision_plugin/blob/master/README.md
On 29.10.2014 00:36, Daniel Helgenberger wrote:
Hello,
did anyone actually get this working in oVirt 3.5 / EL6 - Engine? I am trying this for two days now.
Setup: Engine; EL6.5 Foreman; EL6.5
Foreman seems to do it's as I can use it to deploy hosts and also smart proxies are running fine.
I have opened a BZ [1]; because this really can not work out of the box with EL6 plain vanilla packages. I wonder if this was ever tested... ? Java 7 used i n EL6 [4] does only support DH keys up to 1024byte. This is known issue in Foreman [2] as longer DH keys are now used by default in Foreman / PuppetCA. A dirty fix confirmed working is adding default DH parameters to the foreman cert; effectively disabling it [3].
So I got SSL working and I get beyond the authentication (entering wrong data gets me auth errors)- however, I am still not able to add the external provider. Pressing 'test' results in (Failed with error PROVIDER_FAILURE and code 5050)
Sample engine.log 2014-10-28 23:49:40,860 ERROR [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (ajp--127.0.0.1-8702-1) [6a3da4e7] Command org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand throw Vdc Bll exception. With error message VdcBLLException: PROVIDER_FAILURE (Failed with error PROVIDER_FAILURE and code 5050)
I can't find any more hints in oVirt; access logs in Foreman are telling me API queries by the engine. Did I miss a crucial step in the foreman setup? How can I debug this issue?
I am willing to upgrade openjdk; provided this does not break my engine...
Thanks!
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1157749 [2] https://tickets.puppetlabs.com/browse/SERVER-17 [3] http://httpd.apache.org/docs/current/ssl/ssl_faq.html#javadh [4] java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5.x86_64
-- Daniel Helgenberger m box bewegtbild GmbH
P: +49/30/2408781-22 F: +49/30/2408781-10
ACKERSTR. 19 D-10115 BERLIN
www.m-box.de www.monkeymen.tv
Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Nathanaël Blanchet
Supervision réseau Pôle Infrastrutures Informatiques 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanchet@abes.fr
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- *Yaniv Bronhaim.*
This is a multi-part message in MIME format. --------------020700040008040105000200 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable hi Yaniv, When using http request, ovirt tells me " I Failed to communicate with=20 the external provider." and I get this on the foreman side: | Started GET "/api/v2" for 192.168.52.116 at 2015-09-25 11:18:32 +0200 2015-09-25 11:18:32 [app] [I] Processing by=20 Api::V2::HomeController#index as JSON 2015-09-25 11:18:32 [app] [I] Parameters: {"apiv"=3D>"v2", "home"=3D>{}= } 2015-09-25 11:18:32 [app] [I] Redirected to https://euphorbe.v3.abes.fr/a= pi 2015-09-25 11:18:32 [app] [I] Filter chain halted as=20 #<Proc:0x000000093503a0@/opt/rh/ruby193/root/usr/share/gems/gems/actionpa= ck-3.2.8/lib/action_controller/metal/force_ssl.rb:28>=20 rendered or redirected 2015-09-25 11:18:32 [app] [I] Completed 301 Moved Permanently in 1ms=20 (ActiveRecord: 0.0ms) But no log comes using https on the foreman side and I get "Test Failed=20 (unknown error)." with 5-09-25 11:25:31,181 ERROR=20 [org.ovirt.engine.core.bll.GetProviderCertificateChainQuery]=20 (ajp--127.0.0.1-8702-4) Error in encoding certificate. Error is {}=20 java.io.IOException: Keystore was tampered with, or password was incorrec= t. I've just updated to 3.5.4 and otopi asked me for renewing the=20 certificate. May it be the reason of the issue? Le 25/09/2015 11:14, Yaniv Bronheim a =C3=A9crit :
Hi Nathanael,
This error means that the restAPI request to foreman returned an=20 error. Most of the time it is a communication issue.. but we can't=20 know much from this report. Can you please share the production.log file from your foreman host? Better to try to add the server as provider, get the error and then=20 check the production.log file - it will show us if engine request got=20 to foreman server, the internal fields and why foreman returned 5050.
Greeting, Yaniv Bronhaim.
On Wed, Sep 23, 2015 at 5:31 PM, Nathana=C3=ABl Blanchet <blanchet@abes= .fr=20 <mailto:blanchet@abes.fr>> wrote:
Hello,
I have a working foreman 1.9.1 installed with katello 2.3. ruby193-rubygem-ovirt_provision_plugin-1.0.1-1.el7 is also installed on the same host. But the issue is the same as below when testing in "add external provider" from ovirt 3.5.4. What can I do now?
Le 06/11/2014 12:31, Oved Ourfali a =C3=A9crit :
----- Original Message -----
From: "Daniel Helgenberger" <daniel.helgenberger@m-box.de <mailto:daniel.helgenberger@m-box.de>> To: "Oved Ourfali" <oourfali@redhat.com <mailto:oourfali@redhat.com>> Cc: users@ovirt.org <mailto:users@ovirt.org> Sent: Thursday, November 6, 2014 1:29:38 PM Subject: Re: [ovirt-users] Foreman: Add external provider (Failed with error PROVIDER_FAILURE and code 5050)
On 06.11.2014 05:47, Oved Ourfali wrote:
These steps are also in the feature page
Thanks Oved for pointing to the doc; my bad. I was using the foreman integration document [1]. Maybe the pages should be merged?
Yaniv - you planned to merge them, right? That would be a good time...
, but it would be nice if you review them to see nothing is missing.
http://www.ovirt.org/Features/AdvancedForemanIntegratio= n
With foreman 1.6 (at least) there is no need to enable the nightly builds any more as rb-ovirt is resolved by yum.
Lastly, I think you need to enable foreman_discovery with the foreman installer to work and download images:
# foreman-installer --enable-foreman-plugin-discovery --foreman-plugin-discovery-install-images=3Dtrue
You have that already listed in the testing env setup; but this needs to be put in context with installing foreman-ovirt on the foreman host.
Yaniv - please add a note there too.
Daniel - thanks for the review and the comments!
Regards, Oved
Thanks Oved
[1] http://www.ovirt.org/Features/ForemanIntegration
On Nov 6, 2014 12:40 AM, Daniel Helgenberger <daniel.helgenberger@m-box.de <mailto:daniel.helgenberger@m-box.de>> wrote:
Answering my own question; and maybe a very obvious cause for the failing provider: the missiAnswering my own question; and maybe a very obvious cause for the
failing provider: the missing provider plugin in forman= ! So one needs to do:
yum install ruby193-rubygem-ovirt_provision_plugin
on the foreman host.
After that, the connection test in the engine comes up positive. Sadly, this is not documented anywhere; only on the GitHub repo readme [1]. This is also a little bit outdated, as the rbovirt dependency is resolved now automatically.
Also, but I am not sure, the porvider lugin needs the foreman_discovery plugin to work:
yum install ruby193-rubygem-foreman_discovery
[1] https://github.com/theforeman/ovirt_provision_plugin/bl= ob/master/README.md
On 29.10.2014 00:36, Daniel Helgenberger wrote:
Hello,
did anyone actually get this working in oVirt 3.5 / EL6 - Engine? I am trying this for two days now.
Setup: Engine; EL6.5 Foreman; EL6.5
Foreman seems to do it's as I can use it to deploy hosts and also smart proxies are running fine.
I have opened a BZ [1]; because this really can not work out of the box with EL6 plain vanilla packages. I wonder if this was ever tested... ? Java 7 used i n EL6 [4] does only support DH keys up to 1024byte. This is known issue in Foreman [2] as longer DH keys are now used by default in Foreman / PuppetCA. A dirty fix confirmed working is adding default DH parameters to the foreman cert; effectively disabling it [3].
So I got SSL working and I get beyond the authentication (entering wrong data gets me auth errors)- however, I am still not able to add the external provider. Pressing 'test' results in (Failed with error PROVIDER_FAILURE and code 5050)
Sample engine.log 2014-10-28 23:49:40,860 ERROR [org.ovirt.engine.core.bll.provider.TestProviderCon= nectivityCommand] (ajp--127.0.0.1-8702-1) [6a3da4e7] Command org.ovirt.engine.core.bll.provider.TestProviderConn= ectivityCommand throw Vdc Bll exception. With error message VdcBLLException: PROVIDER_FAILURE (Failed with error PROVIDER_FAILURE and code 5050)
I can't find any more hints in oVirt; access logs in Foreman are telling me API queries by the engine. Did I miss a crucial step in the foreman setup? How can I debug this issue?
I am willing to upgrade openjdk; provided this does not break my engine...
Thanks!
[1] https://bugzilla.redhat.com/show_bug.cgi?id=3D11577= 49 [2] https://tickets.puppetlabs.com/browse/SERVER-17 [3] http://httpd.apache.org/docs/current/ssl/ssl_faq.ht= ml#javadh [4] java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5.x86_6= 4
-- Daniel Helgenberger m box bewegtbild GmbH
P: +49/30/2408781-22 F: +49/30/2408781-10
ACKERSTR. 19 D-10115 BERLIN
www.m-box.de <http://www.m-box.de> www.monkeymen.tv <http://www.monkeymen.tv>
Gesch=C3=A4ftsf=C3=BChrer: Martin Retschitzegger / Michaela= G=C3=B6llner Handeslregister: Amtsgericht Charlottenburg / HRB 112767
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
--=20 Nathana=C3=ABl Blanchet
Supervision r=C3=A9seau P=C3=B4le Infrastrutures Informatiques 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 T=C3=A9l. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanchet@abes.fr <mailto:blanchet@abes.fr>
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
--=20 *Yaniv Bronhaim.*
--=20 Nathana=C3=ABl Blanchet Supervision r=C3=A9seau P=C3=B4le Infrastrutures Informatiques 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 =09 T=C3=A9l. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanchet@abes.fr --------------020700040008040105000200 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html> <head> <meta content=3D"text/html; charset=3Dutf-8" http-equiv=3D"Content-Ty= pe"> </head> <body bgcolor=3D"#FFFFFF" text=3D"#000000"> hi Yaniv,<br> <br> When using http request, ovirt tells me " I Failed to communicate with the external provider." and I get this on the foreman side:<br> =C2=A0| Started GET "/api/v2" for 192.168.52.116 at 2015-09-25 11:18:= 32 +0200<br> 2015-09-25 11:18:32 [app] [I] Processing by Api::V2::HomeController#index as JSON<br> 2015-09-25 11:18:32 [app] [I]=C2=A0=C2=A0 Parameters: {"apiv"=3D>"= v2", "home"=3D>{}}<br> 2015-09-25 11:18:32 [app] [I] Redirected to <a class=3D"moz-txt-link-freetext" href=3D"https://euphorbe.v3.abes.f= r/api">https://euphorbe.v3.abes.fr/api</a><br> 2015-09-25 11:18:32 [app] [I] Filter chain halted as #<a class=3D"moz-txt-link-rfc2396E" href=3D"mailto:Proc:0x00000009350= 3a0@/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_= controller/metal/force_ssl.rb:28"><Proc:0x000000093503a0@/opt/rh/ruby1= 93/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_controller/metal/= force_ssl.rb:28></a> rendered or redirected<br> 2015-09-25 11:18:32 [app] [I] Completed 301 Moved Permanently in 1ms (ActiveRecord: 0.0ms)<br> <br> But no log comes using https on the foreman side and I get "Test Failed (unknown error)." with 5-09-25 11:25:31,181 ERROR [org.ovirt.engine.core.bll.GetProviderCertificateChainQuery] (ajp--127.0.0.1-8702-4) Error in encoding certificate. Error is {} java.io.IOException: Keystore was tampered with, or password was incorrect. <br> I've just updated to 3.5.4 and otopi asked me for renewing the certificate. May it be the reason of the issue?<br> <br> <div class=3D"moz-cite-prefix">Le 25/09/2015 11:14, Yaniv Bronheim a =C3=A9crit=C2=A0:<br> </div> <blockquote cite=3D"mid:CANi4b2UqEh5LpbzJi7cYRZnTzNPCD1CAo870tsn+TJ4t5WkTBw@mail.gmai= l.com" type=3D"cite"> <div dir=3D"ltr"> <div>Hi Nathanael,</div> <div><br> </div> This error means that the restAPI request to foreman returned an error. Most of the time it is a communication issue.. but we can't know much from this report. <div>Can you please share the production.log file from your foreman host?=C2=A0</div> <div>Better to try to add the server as provider, get the error and then check the production.log file - it will show us if engine request got to foreman server, the internal fields and why foreman returned 5050.</div> <div><br> </div> <div>Greeting,</div> <div>Yaniv Bronhaim.</div> </div> <div class=3D"gmail_extra"><br> <div class=3D"gmail_quote">On Wed, Sep 23, 2015 at 5:31 PM, Nathana=C3=ABl Blanchet <span dir=3D"ltr"><<a moz-do-not-send=3D"true" href=3D"mailto:blanchet@abes.fr" target=3D"_blank"><a class=3D"moz-txt-link-abbreviated" hre= f=3D"mailto:blanchet@abes.fr">blanchet@abes.fr</a></a>></span> wrote:<= br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br> <br> I have a working foreman 1.9.1 installed with katello 2.3.<br=
ruby193-rubygem-ovirt_provision_plugin-1.0.1-1.el7 is also installed on the same host.<br> But the issue is the same as below when testing=C2=A0 in "add external provider" from ovirt 3.5.4.<br> What can I do now?<br> <br> Le 06/11/2014 12:31, Oved Ourfali a =C3=A9crit :<br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <br> ----- Original Message -----<br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> From: "Daniel Helgenberger" <<a moz-do-not-send=3D"true" href=3D"mailto:daniel.helgenberger@m-box.de" target=3D"_blank"><a class=3D"moz-txt-link-abbreviated"= href=3D"mailto:daniel.helgenberger@m-box.de">daniel.helgenberger@m-box.d= e</a></a>><br> To: "Oved Ourfali" <<a moz-do-not-send=3D"true" href=3D"mailto:oourfali@redhat.com" target=3D"_blank">o= ourfali@redhat.com</a>><br> Cc: <a moz-do-not-send=3D"true" href=3D"mailto:users@ovirt.org" target=3D"_blank">users= @ovirt.org</a><br> Sent: Thursday, November 6, 2014 1:29:38 PM<br> Subject: Re: [ovirt-users] Foreman: Add external provider (Failed with error PROVIDER_FAILURE and code 5050)<br> <br> <br> <br> On 06.11.2014 05:47, Oved Ourfali wrote:<br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> These steps are also in the feature page<br> </blockquote> Thanks Oved for pointing to the doc; my bad. I was using the foreman<br> integration document [1]. Maybe the pages should be merged?<br> <br> </blockquote> Yaniv - you planned to merge them, right? That would be a good time...<br> <br> <br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> , but it would be nice if you review them to see nothing is missing.<br> <br> <a moz-do-not-send=3D"true" href=3D"http://www.ovirt.org/Features/AdvancedForeman= Integration" rel=3D"noreferrer" target=3D"_blank">http://www.ovirt= .org/Features/AdvancedForemanIntegration</a><br> </blockquote> With foreman 1.6 (at least) there is no need to enable the nightly<br> builds any more as rb-ovirt is resolved by yum.<br> <br> Lastly, I think you need to enable foreman_discovery with the foreman<br> installer to work and download images:<br> <br> # foreman-installer --enable-foreman-plugin-discovery<br> --foreman-plugin-discovery-install-images=3Dtrue<br> <br> You have that already listed in the testing env setup; but this needs to<br> be put in context with installing foreman-ovirt on the foreman host.<br> </blockquote> Yaniv - please add a note there too.<br> <br> Daniel - thanks for the review and the comments!<br> <br> Regards,<br> Oved<br> <br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Thanks<br> Oved<br> <br> </blockquote> [1] <a moz-do-not-send=3D"true" href=3D"http://www.ovirt.org/Features/ForemanIntegratio= n" rel=3D"noreferrer" target=3D"_blank">http://www.ovirt.o= rg/Features/ForemanIntegration</a><br> <br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> On Nov 6, 2014 12:40 AM, Daniel Helgenberger <<a moz-do-not-send=3D"true" href=3D"mailto:daniel.helgenberger@m-box.de" target=3D"_blank"><a class=3D"moz-txt-link-abbreviate= d" href=3D"mailto:daniel.helgenberger@m-box.de">daniel.helgenberger@m-box= .de</a></a>><br> wrote:<br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Answering my own question; and maybe a very obvious cause for the<br> failing provider: the missiAnswering my own question; and maybe a very<br> obvious cause for the<br> </blockquote> failing provider: the missing provider plugin in forman!<br> So one needs to do:<br> <br> yum install ruby193-rubygem-ovirt_provision_plugin<br> <br> on the foreman host.<br> <br> After that, the connection test in the engine comes up positive. Sadly,<br> this is not documented anywhere; only on the GitHub repo readme [1].<br> This is also a little bit outdated, as the rbovirt dependency is<br> resolved now automatically.<br> <br> Also, but I am not sure, the porvider lugin needs the foreman_discovery<br> plugin to work:<br> <br> yum install ruby193-rubygem-foreman_discovery<br> <br> [1]<br> <a moz-do-not-send=3D"true" href=3D"https://github.com/theforeman/ovirt_provision_plugin/blob/master/= README.md" rel=3D"noreferrer" target=3D"_blank">https://github.c= om/theforeman/ovirt_provision_plugin/blob/master/README.md</a><br> <br> On 29.10.2014 00:36, Daniel Helgenberger wrote:<br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Hello,<br> <br> did anyone actually get this working in oVirt 3.5 / EL6 - Engine? I am<br> trying this for two days now.<br> <br> Setup:<br> Engine; EL6.5<br> Foreman; EL6.5<br> <br> Foreman seems to do it's as I can use it to deploy hosts and also smart<br> proxies are running fine.<br> <br> I have opened a BZ [1]; because this really can not work out of the box<br> with EL6 plain vanilla packages. I wonder if this was ever tested... ?<br> Java 7 used i n EL6 [4] does only support DH keys up to 1024byte. This<br> is known issue in Foreman [2] as longer DH keys are now used by default<br> in Foreman / PuppetCA.<br> A dirty fix confirmed working is adding default DH parameters to the<br> foreman cert; effectively disabling it [3].<br> <br> So I got SSL working and I get beyond the authentication (entering wrong<br> data gets me auth errors)- however, I am still not able to add the<br> external provider. Pressing 'test' results in<br> (Failed with error PROVIDER_FAILURE and code 5050)<br=
<br> Sample engine.log<br> 2014-10-28 23:49:40,860 ERROR<br> [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand]<br> (ajp--127.0.0.1-8702-1) [6a3da4e7] Command<br> org.ovirt.engine.core.bll.provider.TestProviderConnec= tivityCommand throw<br> Vdc Bll exception. With error message VdcBLLException: PROVIDER_FAILURE<br> (Failed with error PROVIDER_FAILURE and code 5050)<br=
<br> I can't find any more hints in oVirt; access logs in Foreman are telling<br> me API queries by the engine. Did I miss a crucial step in the foreman<br> setup? How can I debug this issue?<br> <br> I am willing to upgrade openjdk; provided this does not break my engine...<br> <br> Thanks!<br> <br> [1] <a moz-do-not-send=3D"true" href=3D"https://bugzilla.redhat.com/show_bug.cgi?id= =3D1157749" rel=3D"noreferrer" target=3D"_blank">https://bugzil= la.redhat.com/show_bug.cgi?id=3D1157749</a><br> [2] <a moz-do-not-send=3D"true" href=3D"https://tickets.puppetlabs.com/browse/SERVE= R-17" rel=3D"noreferrer" target=3D"_blank">https://ticket= s.puppetlabs.com/browse/SERVER-17</a><br> [3] <a moz-do-not-send=3D"true" href=3D"http://httpd.apache.org/docs/current/ssl/ss= l_faq.html#javadh" rel=3D"noreferrer" target=3D"_blank">http://httpd.a= pache.org/docs/current/ssl/ssl_faq.html#javadh</a><br> [4] java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5.x86_64<= br> <br> </blockquote> </blockquote> --<br> Daniel Helgenberger<br> m box bewegtbild GmbH<br> <br> P: +49/30/2408781-22<br> F: +49/30/2408781-10<br> <br> ACKERSTR. 19<br> D-10115 BERLIN<br> <br> <br> <a moz-do-not-send=3D"true" href=3D"http://www.m-box.de" rel=3D"noreferrer" target=3D"_blank">www.m-box.de</a>=C2= =A0 <a moz-do-not-send=3D"true" href=3D"http://www.monkeymen.t= v" rel=3D"noreferrer" target=3D"_blank"><a class=3D"moz-tx= t-link-abbreviated" href=3D"http://www.monkeymen.tv">www.monkeymen.tv</a>= </a><br> <br> Gesch=C3=A4ftsf=C3=BChrer: Martin Retschitzegger / Michae= la G=C3=B6llner<br> Handeslregister: Amtsgericht Charlottenburg / HRB 112767<= br> <br> </blockquote> _______________________________________________<br> Users mailing list<br> <a moz-do-not-send=3D"true" href=3D"mailto:Users@ovirt.org" target=3D"_blank">Users@ovirt.org</a><br> <a moz-do-not-send=3D"true" href=3D"http://lists.ovirt.org/mailman/listinfo/users" rel=3D"noreferrer" target=3D"_blank">http://lists.ovirt.o= rg/mailman/listinfo/users</a><br> </blockquote> <br> -- <br> Nathana=C3=ABl Blanchet<br> <br> Supervision r=C3=A9seau<br> P=C3=B4le Infrastrutures Informatiques<br> 227 avenue Professeur-Jean-Louis-Viala<br> 34193 MONTPELLIER CEDEX 5=C2=A0 =C2=A0 =C2=A0 =C2=A0<br> T=C3=A9l. 33 (0)4 67 54 84 55<br> Fax=C2=A0 33 (0)4 67 54 84 14<br> <a moz-do-not-send=3D"true" href=3D"mailto:blanchet@abes.fr" target=3D"_blank">blanchet@abes.fr</a><br> <br> _______________________________________________<br> Users mailing list<br> <a moz-do-not-send=3D"true" href=3D"mailto:Users@ovirt.org" target=3D"_blank">Users@ovirt.org</a><br> <a moz-do-not-send=3D"true" href=3D"http://lists.ovirt.org/mailman/listinfo/users" rel=3D"noreferrer" target=3D"_blank">http://lists.ovirt.org= /mailman/listinfo/users</a><br> </blockquote> </div> <br> <br clear=3D"all"> <div><br> </div> -- <br> <div class=3D"gmail_signature"> <div dir=3D"ltr"> <div> <div dir=3D"ltr"> <div><span style=3D"font-size:12.8px"><b>Yaniv Bronhaim.<= /b></span><br> </div> </div> </div> </div> </div> </div> </blockquote> <br> <pre class=3D"moz-signature" cols=3D"72">--=20 Nathana=C3=ABl Blanchet Supervision r=C3=A9seau P=C3=B4le Infrastrutures Informatiques 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 =09 T=C3=A9l. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:blanchet@abes.fr">bl= anchet@abes.fr</a> </pre> </body> </html> --------------020700040008040105000200--
On Friday, September 25, 2015 11:27:11 AM Nathanaël Blanchet wrote:
hi Yaniv,
When using http request, ovirt tells me " I Failed to communicate with
the external provider." and I get this on the foreman side: | Started GET "/api/v2" for 192.168.52.116 at 2015-09-25 11:18:32 +0200
2015-09-25 11:18:32 [app] [I] Processing by Api::V2::HomeController#index as JSON 2015-09-25 11:18:32 [app] [I] Parameters: {"apiv"=>"v2", "home"=>{}} 2015-09-25 11:18:32 [app] [I] Redirected to https://euphorbe.v3.abes.fr/api 2015-09-25 11:18:32 [app] [I] Filter chain halted as #<Proc:0x000000093503a0@/opt/rh/ruby193/root/usr/share/gems/gems/actionpack- 3.2.8/lib/action_controller/metal/force_ssl.rb:28> rendered or redirected 2015-09-25 11:18:32 [app] [I] Completed 301 Moved Permanently in 1ms (ActiveRecord: 0.0ms)
But no log comes using https on the foreman side and I get "Test Failed (unknown error)." with 5-09-25 11:25:31,181 ERROR [org.ovirt.engine.core.bll.GetProviderCertificateChainQuery] (ajp--127.0.0.1-8702-4) Error in encoding certificate. Error is {} java.io.IOException: Keystore was tampered with, or password was incorrect. I've just updated to 3.5.4 and otopi asked me for renewing the certificate. May it be the reason of the issue?
I actually just had a similar issue, basically if I tried to make a http connection and clicked the test button. The foreman side would show me it is doing a redirect (presumably to https), which the ovirt side doesn't handle very well. And if I tried to make a https request I would get the IOException Keystore has been tampered with, or password was incorrect. For me it turned out the /var/lib/ovirt-engine/external_truststore was corrupted. What normally will happen when trying to make an https connection to foreman is it will receive certificate from foreman, notice it is not trusted and ask the user to trust it (and it will put it in the external_truststore, if the user trusts it). Since it was corrupted it was unable to properly open the trust store and the mentioned IOException would get logged. Assuming your trust store is corrupted (Mine was only 32 bytes, it should be much bigger), you can just rename it or delete it. And a new one will be created when you try to make an HTTPS connection to foreman. Once I did both (remove the corrupted trust store, and make an HTTPS connection). Everything started working correctly for me.
Le 25/09/2015 11:14, Yaniv Bronheim a écrit :
Hi Nathanael,
This error means that the restAPI request to foreman returned an error. Most of the time it is a communication issue.. but we can't know much from this report. Can you please share the production.log file from your foreman host? Better to try to add the server as provider, get the error and then check the production.log file - it will show us if engine request got to foreman server, the internal fields and why foreman returned 5050.
Greeting, Yaniv Bronhaim.
On Wed, Sep 23, 2015 at 5:31 PM, Nathanaël Blanchet <blanchet@abes.fr
<mailto:blanchet@abes.fr>> wrote: Hello,
I have a working foreman 1.9.1 installed with katello 2.3. ruby193-rubygem-ovirt_provision_plugin-1.0.1-1.el7 is also installed on the same host. But the issue is the same as below when testing in "add external provider" from ovirt 3.5.4. What can I do now?
Le 06/11/2014 12:31, Oved Ourfali a écrit : ----- Original Message -----
From: "Daniel Helgenberger" <daniel.helgenberger@m-box.de <mailto:daniel.helgenberger@m-box.de>> To: "Oved Ourfali" <oourfali@redhat.com <mailto:oourfali@redhat.com>> Cc: users@ovirt.org <mailto:users@ovirt.org> Sent: Thursday, November 6, 2014 1:29:38 PM Subject: Re: [ovirt-users] Foreman: Add external provider (Failed with error PROVIDER_FAILURE and code 5050)
On 06.11.2014 05:47, Oved Ourfali wrote: These steps are also in the feature page
Thanks Oved for pointing to the doc; my bad. I was using the foreman integration document [1]. Maybe the pages should be merged?
Yaniv - you planned to merge them, right? That would be a good time...
, but it would be nice if you review them to see nothing is missing.
http://www.ovirt.org/Features/AdvancedForemanIntegration
With foreman 1.6 (at least) there is no need to enable the nightly builds any more as rb-ovirt is resolved by yum.
Lastly, I think you need to enable foreman_discovery with the foreman installer to work and download images:
# foreman-installer --enable-foreman-plugin-discovery --foreman-plugin-discovery-install-images=true
You have that already listed in the testing env setup; but this needs to be put in context with installing foreman-ovirt on the foreman host.
Yaniv - please add a note there too.
Daniel - thanks for the review and the comments!
Regards, Oved
Thanks Oved
[1] http://www.ovirt.org/Features/ForemanIntegration
On Nov 6, 2014 12:40 AM, Daniel Helgenberger <daniel.helgenberger@m-box.de <mailto:daniel.helgenberger@m-box.de>>
wrote: Answering my own question; and maybe a very obvious cause for the failing provider: the missiAnswering my own question; and maybe a very obvious cause for the
failing provider: the missing provider plugin in forman! So one needs to do:
yum install ruby193-rubygem-ovirt_provision_plugin
on the foreman host.
After that, the connection test in the engine comes up positive. Sadly, this is not documented anywhere; only on the GitHub repo readme [1]. This is also a little bit outdated, as the rbovirt dependency is resolved now automatically.
Also, but I am not sure, the porvider lugin needs the foreman_discovery plugin to work:
yum install ruby193-rubygem-foreman_discovery
[1] https://github.com/theforeman/ovirt_provision_plugin/blob/ master/README.md
On 29.10.2014 00:36, Daniel Helgenberger wrote: Hello,
did anyone actually get this working in oVirt 3.5 / EL6 - Engine? I am trying this for two days now.
Setup: Engine; EL6.5 Foreman; EL6.5
Foreman seems to do it's as I can use it to deploy hosts and also smart proxies are running fine.
I have opened a BZ [1]; because this really can not work out of the box with EL6 plain vanilla packages. I wonder if this was ever tested... ? Java 7 used i n EL6 [4] does only support DH keys up to 1024byte. This is known issue in Foreman [2] as longer DH keys are now used by default in Foreman / PuppetCA. A dirty fix confirmed working is adding default DH parameters to the foreman cert; effectively disabling it [3].
So I got SSL working and I get beyond the authentication (entering wrong data gets me auth errors)- however, I am still not able to add the external provider. Pressing 'test' results in (Failed with error PROVIDER_FAILURE and code 5050)
Sample engine.log 2014-10-28 23:49:40,860 ERROR [org.ovirt.engine.core.bll.provider.TestProviderConnec tivityCommand] (ajp--127.0.0.1-8702-1) [6a3da4e7] Command org.ovirt.engine.core.bll.provider.TestProviderConnect ivityCommand throw Vdc Bll exception. With error message VdcBLLException: PROVIDER_FAILURE (Failed with error PROVIDER_FAILURE and code 5050)
I can't find any more hints in oVirt; access logs in Foreman are telling me API queries by the engine. Did I miss a crucial step in the foreman setup? How can I debug this issue?
I am willing to upgrade openjdk; provided this does not break my engine...
Thanks!
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1157749 [2] https://tickets.puppetlabs.com/browse/SERVER-17 [3] http://httpd.apache.org/docs/current/ssl/ssl_faq.html# javadh [4] java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5.x86_64
-- Daniel Helgenberger m box bewegtbild GmbH
P: +49/30/2408781-22 F: +49/30/2408781-10
ACKERSTR. 19 D-10115 BERLIN
www.m-box.de <http://www.m-box.de> www.monkeymen.tv <http://www.monkeymen.tv>
Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
Supervision réseau Pôle Infrastrutures Informatiques 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanchet@abes.fr <mailto:blanchet@abes.fr>
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
Thank you so much Alexander, everyhting works as expected now :) Le 25/09/2015 16:14, Alexander Wels a écrit :
On Friday, September 25, 2015 11:27:11 AM Nathanaël Blanchet wrote:
hi Yaniv,
When using http request, ovirt tells me " I Failed to communicate with
the external provider." and I get this on the foreman side: | Started GET "/api/v2" for 192.168.52.116 at 2015-09-25 11:18:32 +0200
2015-09-25 11:18:32 [app] [I] Processing by Api::V2::HomeController#index as JSON 2015-09-25 11:18:32 [app] [I] Parameters: {"apiv"=>"v2", "home"=>{}} 2015-09-25 11:18:32 [app] [I] Redirected to https://euphorbe.v3.abes.fr/api 2015-09-25 11:18:32 [app] [I] Filter chain halted as #<Proc:0x000000093503a0@/opt/rh/ruby193/root/usr/share/gems/gems/actionpack- 3.2.8/lib/action_controller/metal/force_ssl.rb:28> rendered or redirected 2015-09-25 11:18:32 [app] [I] Completed 301 Moved Permanently in 1ms (ActiveRecord: 0.0ms)
But no log comes using https on the foreman side and I get "Test Failed (unknown error)." with 5-09-25 11:25:31,181 ERROR [org.ovirt.engine.core.bll.GetProviderCertificateChainQuery] (ajp--127.0.0.1-8702-4) Error in encoding certificate. Error is {} java.io.IOException: Keystore was tampered with, or password was incorrect. I've just updated to 3.5.4 and otopi asked me for renewing the certificate. May it be the reason of the issue?
I actually just had a similar issue, basically if I tried to make a http connection and clicked the test button. The foreman side would show me it is doing a redirect (presumably to https), which the ovirt side doesn't handle very well.
And if I tried to make a https request I would get the IOException Keystore has been tampered with, or password was incorrect. For me it turned out the /var/lib/ovirt-engine/external_truststore was corrupted. What normally will happen when trying to make an https connection to foreman is it will receive certificate from foreman, notice it is not trusted and ask the user to trust it (and it will put it in the external_truststore, if the user trusts it). Since it was corrupted it was unable to properly open the trust store and the mentioned IOException would get logged.
Assuming your trust store is corrupted (Mine was only 32 bytes, it should be much bigger), you can just rename it or delete it. And a new one will be created when you try to make an HTTPS connection to foreman. Once I did both (remove the corrupted trust store, and make an HTTPS connection). Everything started working correctly for me.
Le 25/09/2015 11:14, Yaniv Bronheim a écrit :
Hi Nathanael,
This error means that the restAPI request to foreman returned an error. Most of the time it is a communication issue.. but we can't know much from this report. Can you please share the production.log file from your foreman host? Better to try to add the server as provider, get the error and then check the production.log file - it will show us if engine request got to foreman server, the internal fields and why foreman returned 5050.
Greeting, Yaniv Bronhaim.
On Wed, Sep 23, 2015 at 5:31 PM, Nathanaël Blanchet <blanchet@abes.fr
<mailto:blanchet@abes.fr>> wrote: Hello,
I have a working foreman 1.9.1 installed with katello 2.3. ruby193-rubygem-ovirt_provision_plugin-1.0.1-1.el7 is also installed on the same host. But the issue is the same as below when testing in "add external provider" from ovirt 3.5.4. What can I do now?
Le 06/11/2014 12:31, Oved Ourfali a écrit : ----- Original Message -----
From: "Daniel Helgenberger" <daniel.helgenberger@m-box.de <mailto:daniel.helgenberger@m-box.de>> To: "Oved Ourfali" <oourfali@redhat.com <mailto:oourfali@redhat.com>> Cc: users@ovirt.org <mailto:users@ovirt.org> Sent: Thursday, November 6, 2014 1:29:38 PM Subject: Re: [ovirt-users] Foreman: Add external provider (Failed with error PROVIDER_FAILURE and code 5050)
On 06.11.2014 05:47, Oved Ourfali wrote: These steps are also in the feature page
Thanks Oved for pointing to the doc; my bad. I was using the foreman integration document [1]. Maybe the pages should be merged?
Yaniv - you planned to merge them, right? That would be a good time...
, but it would be nice if you review them to see nothing is missing.
http://www.ovirt.org/Features/AdvancedForemanIntegration
With foreman 1.6 (at least) there is no need to enable the nightly builds any more as rb-ovirt is resolved by yum.
Lastly, I think you need to enable foreman_discovery with the foreman installer to work and download images:
# foreman-installer --enable-foreman-plugin-discovery --foreman-plugin-discovery-install-images=true
You have that already listed in the testing env setup; but this needs to be put in context with installing foreman-ovirt on the foreman host.
Yaniv - please add a note there too.
Daniel - thanks for the review and the comments!
Regards, Oved
Thanks Oved
[1] http://www.ovirt.org/Features/ForemanIntegration
On Nov 6, 2014 12:40 AM, Daniel Helgenberger <daniel.helgenberger@m-box.de <mailto:daniel.helgenberger@m-box.de>>
wrote: Answering my own question; and maybe a very obvious cause for the failing provider: the missiAnswering my own question; and maybe a very obvious cause for the
failing provider: the missing provider plugin in forman! So one needs to do:
yum install ruby193-rubygem-ovirt_provision_plugin
on the foreman host.
After that, the connection test in the engine comes up positive. Sadly, this is not documented anywhere; only on the GitHub repo readme [1]. This is also a little bit outdated, as the rbovirt dependency is resolved now automatically.
Also, but I am not sure, the porvider lugin needs the foreman_discovery plugin to work:
yum install ruby193-rubygem-foreman_discovery
[1] https://github.com/theforeman/ovirt_provision_plugin/blob/ master/README.md
On 29.10.2014 00:36, Daniel Helgenberger wrote: Hello,
did anyone actually get this working in oVirt 3.5 / EL6 - Engine? I am trying this for two days now.
Setup: Engine; EL6.5 Foreman; EL6.5
Foreman seems to do it's as I can use it to deploy hosts and also smart proxies are running fine.
I have opened a BZ [1]; because this really can not work out of the box with EL6 plain vanilla packages. I wonder if this was ever tested... ? Java 7 used i n EL6 [4] does only support DH keys up to 1024byte. This is known issue in Foreman [2] as longer DH keys are now used by default in Foreman / PuppetCA. A dirty fix confirmed working is adding default DH parameters to the foreman cert; effectively disabling it [3].
So I got SSL working and I get beyond the authentication (entering wrong data gets me auth errors)- however, I am still not able to add the external provider. Pressing 'test' results in (Failed with error PROVIDER_FAILURE and code 5050)
Sample engine.log 2014-10-28 23:49:40,860 ERROR [org.ovirt.engine.core.bll.provider.TestProviderConnec tivityCommand] (ajp--127.0.0.1-8702-1) [6a3da4e7] Command org.ovirt.engine.core.bll.provider.TestProviderConnect ivityCommand throw Vdc Bll exception. With error message VdcBLLException: PROVIDER_FAILURE (Failed with error PROVIDER_FAILURE and code 5050)
I can't find any more hints in oVirt; access logs in Foreman are telling me API queries by the engine. Did I miss a crucial step in the foreman setup? How can I debug this issue?
I am willing to upgrade openjdk; provided this does not break my engine...
Thanks!
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1157749 [2] https://tickets.puppetlabs.com/browse/SERVER-17 [3] http://httpd.apache.org/docs/current/ssl/ssl_faq.html# javadh [4] java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5.x86_64
-- Daniel Helgenberger m box bewegtbild GmbH
P: +49/30/2408781-22 F: +49/30/2408781-10
ACKERSTR. 19 D-10115 BERLIN
www.m-box.de <http://www.m-box.de> www.monkeymen.tv <http://www.monkeymen.tv>
Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
Supervision réseau Pôle Infrastrutures Informatiques 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanchet@abes.fr <mailto:blanchet@abes.fr>
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
-- Nathanaël Blanchet Supervision réseau Pôle Infrastrutures Informatiques 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanchet@abes.fr
participants (6)
-
Alexander Wels -
Daniel Helgenberger -
Nathanaël Blanchet -
Oved Ourfali -
Oved Ourfali -
Yaniv Bronheim