[ovirt-devel] No migration in master (WrongHost: Peer certificate commonName does not match host, expected 10.35.0.112, got xxxxxx.tlv.redhat.com)

Piotr Kliczewski piotr.kliczewski at gmail.com
Thu Feb 11 10:25:44 UTC 2016


Nir

I pushed a patch [1] which uses ssl custom code to verify the
certificates. I customized it a bit
to work with m2c. Can you please verify whether it works in your setup?

Thanks,
Piotr


[1] https://gerrit.ovirt.org/53398

On Wed, Feb 10, 2016 at 7:37 PM, Piotr Kliczewski <pkliczew at redhat.com> wrote:
> Please try to switch to standard ssl. I need to kno2 whether it is m2c issue
> or both.
>
> Thanks,
> Piotr
>
> 10 lut 2016 19:25 "Yedidyah Bar David" <didi at redhat.com> napisał(a):
>>
>> On Wed, Feb 10, 2016 at 7:22 PM, Nir Soffer <nsoffer at redhat.com> wrote:
>> > More details:
>> >
>> > - Tried couple of times
>> > - Enrolled new certificate, reboot - no change
>> > - Tried on 2 different hosts, 2 ways (a -> b, b -> a) - same result
>> >
>> > On Wed, Feb 10, 2016 at 7:19 PM, Nir Soffer <nsoffer at redhat.com> wrote:
>> >> Hi all,
>> >>
>> >> Migration is broken in master, using oVirt Engine Version:
>> >> 3.6.1-0.0.master.20151113175558.git6a36a6d.fc22
>>
>> Seems like a pretty old master to me. Perhaps try fc23 (not perfect but
>> partially working) or el7.
>>
>> >>
>> >> It fails with this error:
>> >>
>> >> Thread-247::ERROR::2016-02-10
>> >> 18:51:57,582::migration::323::virt.vm::(run)
>> >> vmId=`44ba3800-e179-4744-b9aa-952483c23030`::Failed to migrate
>> >> Traceback (most recent call last):
>> >>   File "/usr/share/vdsm/virt/migration.py", line 292, in run
>> >>     self._setupVdsConnection()
>> >>   File "/usr/share/vdsm/virt/migration.py", line 156, in
>> >> _setupVdsConnection
>> >>     client = self._createClient(port)
>> >>   File "/usr/share/vdsm/virt/migration.py", line 143, in _createClient
>> >>     client_socket = utils.create_connected_socket(host, int(port),
>> >> sslctx)
>> >>   File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 860, in
>> >> create_connected_socket
>> >>     sock.connect(sockaddr)
>> >>   File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py",
>> >> line 188, in connect
>> >>     if not check(self.get_peer_cert(), self.addr[0]):
>> >>   File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Checker.py",
>> >> line 124, in __call__
>> >>     fieldName='commonName')
>> >> WrongHost: Peer certificate commonName does not match host, expected
>> >> 10.35.0.112, got xxxxxx.tlv.redhat.com
>> >>
>> >> Hopefully someone can take a look.
>> >>
>> >> Cheers,
>> >> Nir
>>
>>
>>
>> --
>> Didi
>
>
> _______________________________________________
> Devel mailing list
> Devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/devel



More information about the Devel mailing list