[Engine-devel] [vdsm] vdsm on openSuSE

Itamar Heim iheim at redhat.com
Tue May 1 08:23:30 UTC 2012 

On 05/01/2012 10:30 AM, Doron Fediuck wrote:
> On 30/04/12 19:23, Itamar Heim wrote:
>> On 04/30/2012 06:45 PM, Sascha Littel wrote:
>>> Am Montag, 30. April 2012, 16:45:12 schrieben Sie:
>>>> Hi Sasha,
>>>> This may be an issue of SSH authentication method.
>>>> Can you please check you SSH server in the host-
>>>> Password auth should be password and not Keyboard-interactive.
>>>> This may lead to SSH auth failure as you engine log indicates.
>>> Thanks dude this was the hint I need. I changed the PasswordAuthentication in
>>> /etc/ssh/sshd_config. Now I can add the vdsm into the oVirt engine host. Now
>>> the real work can beginn.
>>
>> Doron - can we catch this error and give this hint to users as something worth checking?
>>
> (added engine-devel, as this extends to the engine side).
>
> AFAICT, we get auth failure, with no reason.
> In order to handle it we can go in to ways (need to decide)-
>
> 1. Add the keyboard-interactive auth to Mina SSHD.
> There's a guy who added it[a] and we may try and ask for hints from him.
> I know that patches are welcomed there as well ;)
>
> 2. Try to diagnose the failure we get, or scan Mina's err / debug stream.
> I suspect we should be able to see something like:
>
> debug1: Authentications that can continue: password,publickey
> ...
> debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
>
> So if server does not report 'password' as an option we could give a better
> auth-failure message.
>
> It will be nice if someone from our community could pick this up,
> and if not this would be a nice feature for one of the coming versions.

indeed.
Sascha - care to document this issue and details in a bug to begin with?

thanks,
    Itamar

>
> [a] http://mail-archives.apache.org/mod_mbox/mina-dev/201112.mbox/%3CCACPdTxMmwEQtq+As+fQzwPGXcXdAY4HZxk0jARVCzkYnTFw2VA@mail.gmail.com%3E
>
>>>>
>>>>> Am Montag, 30. April 2012, 13:09:25 schrieben Sie:
>>>>>> On 04/30/2012 02:07 PM, Sascha Littel wrote:
>>>>>>> Am Montag, 30. April 2012, 05:04:09 schrieben Sie:
>>>>>>>> On 04/29/2012 10:24 PM, S. Littel wrote:
>>>>>>>>> Hi everybody, I'm working currently on a running version of vdsm
>>>>>>>>> 4.9.1 for openSuSE 11.3. I'm changing many lines in the start/stop
>>>>>>>>> scripts e.g. paths, rc commands. Most of this work looks fine but
>>>>>>>>> if I try to get a connection between the oVirt engine (runs on a
>>>>>>>>> openSuSE 12.1) and the vdsm host I get a ssl error. Also after
>>>>>>>>> setting ssl in vdsm.conf to false and changing the settings in
>>>>>>>>> oVirt engine database I still get this error.
>>>>>>>>
>>>>>>>> which settings are you changing in the db?
>>>>>>>
>>>>>>> I changed the seetings in the database with this 2 commands:
>>>>>> did you restart engine after changing these?
>>>>>
>>>>> Yes. I found this page in the oVirt Wiki:
>>>>> http://ovirt.org/w/index.php?title=OVirt_-
>>>>> _disable_SSL_in_VDSM&diff=3036&oldid=prev
>>>>>
>>>>>>> psql engine -U postgres -c "UPDATE vdc_options set option_value =
>>>>>>> 'false' where option_name = 'SSLEnabled'"
>>>>>>>
>>>>>>> psql engine -U postgres -c "UPDATE vdc_options set option_value =
>>>>>>> 'false' where option_name = 'UseSecureConnectionWithServers'"
>>>>>>>
>>>>>>>> UseSecureConnectionWithServers?
>>>>>>>
>>>>>>> Yes.
>>>>>>>
>>>>>>>>> So the general question, is there someone working on a openSuSE 11.3
>>>>>>>>> or 11.4 version of vdsm? Or someone who has experience how to get
>>>>>>>>> it work?
>>>>>>>>>
>>>>>>>>> Regards
>>>>>>>>>
>>>>>>>>> Sascha Littel
>>>>>>>
>>>>>>> Here is the failure massage from the vdsm-reg.log I get on the vdsm
>>>>>>> host:
>>>>>>>
>>>>>>> SSLError: [Errno 185090050] _ssl.c:328: error:0B084002:x509
>>>>>>> certificate routines:X509_load_cert_crl_file:system lib
>>>>>>> MainThread::DEBUG::::deployUtil::1413::root::getRemoteFile end.
>>>>>>> MainThread::DEBUG::::deployUtil::621::root::handleSSHKey start
>>>>>>> MainThread::ERROR::::deployUtil::614::root::restorecon
>>>>>>> /root/.ssh/authorized_keys failed
>>>>>>>
>>>>>>> And this is the failure message from engine.log on the oVirt engine
>>>>>>> host:
>>>>>>>
>>>>>>> ERROR [org.ovirt.engine.core.utils.hostinstall.MinaInstallWrapper]
>>>>>>> (http--0.0.0.0-8443-1) Could not connect to server
>>>>>>> xen007.f1.aiges.net: Failed connecting
>>>>>>>
>>>>>>>     to xen007.f1.aiges.net using given password! Please verify your
>>>>>>>     password is
>>>>>>>
>>>>>>> correct and that the host accepts password-based authentication
>>>>>>> WARN  [org.ovirt.engine.core.bll.AddVdsCommand] (http--0.0.0.0-8443-1)
>>>>>>> CanDoAction of action AddVds failed.
>>>>>>> Reasons:VDS_CANNOT_CONNECT_TO_SERVER,VAR__ACTION
>>>>>>> __ADD,VAR__TYPE__HOST
>>>>>>>
>>>>>>> Regards
>>>>>>>
>>>>>>> Sascha Littel
>>>
>>>
>>
>
>

More information about the Engine-devel mailing list