[Engine-devel] Root password to add Host

Florian BRUSCHET florian.bruschet at gmail.com
Tue Apr 30 21:56:07 UTC 2013


I use oVirt 3.x, to install i follow this guide :
http://wiki.centos.org/HowTos/oVirt
And ovirt-node version is 2.6.0

[root at scenic ~]# openssl x509 -in /etc/pki/ovirt-engine/certs/engine.cer
-text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=lix.polytechnique.fr,
CN=CA-scenic.lix.polytechnique.fr.20433
        Validity
            Not Before: Apr 29 15:11:10 2013
            Not After : Apr  4 15:11:12 2018 GMT
        Subject: C=US, O=lix.polytechnique.fr, CN=
scenic.lix.polytechnique.fr
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ce:7a:2e:c1:9a:86:2c:c2:76:5e:ea:8b:59:18:
                    62:7d:7a:9f:55:ff:71:15:f7:93:3f:40:1e:70:5d:
                    80:43:ea:c7:f4:50:0a:a6:47:2a:f8:07:4d:0c:0a:
                    4d:01:1e:97:de:36:63:40:df:30:7a:40:9d:34:93:
                    d6:a8:43:c6:b3:62:c1:de:db:57:d1:fb:b9:c6:e2:
                    34:65:f2:67:e1:8c:91:67:3f:99:a6:2b:7b:8a:51:
                    ad:9c:43:c3:a5:cd:c5:a2:29:e9:99:db:ba:f4:76:
                    d0:e5:41:97:31:fc:13:94:53:af:90:ca:06:aa:7d:
                    68:04:62:66:a5:90:4b:11:de:07:34:ec:68:89:9c:
                    13:7b:a2:ba:1f:2a:28:6b:ba:9a:b3:ba:97:5c:96:
                    cd:1e:2e:e7:fc:bf:20:a2:a5:57:f3:73:8d:12:db:
                    81:00:53:50:a6:54:e9:14:1e:46:69:08:e2:80:b1:
                    30:97:89:d3:a1:a2:7a:47:a3:c9:2e:c9:ce:14:74:
                    92:27:02:58:41:d8:e1:dd:9e:99:26:fa:b0:ad:6c:
                    e0:11:3f:17:7d:f7:63:27:62:a3:d0:28:f3:1a:91:
                    ca:65:b7:69:9b:b6:86:85:70:a6:ac:5c:51:e2:ff:
                    e9:f2:28:78:24:21:28:0c:d0:95:a4:f8:e5:67:15:
                    d6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:E0:DF:6D:4D:AD:03:26:30:B5:D4:D4:DC:69:C5:DA:74:B2:66:AB
            Authority Information Access:
                CA Issuers - URI:
http://scenic.lix.polytechnique.fr:80/ca.crt

            X509v3 Authority Key Identifier:

keyid:7E:D8:AE:56:25:C5:B0:34:96:5A:EA:AF:E9:2D:F3:E0:06:1C:19:D0
                DirName:/C=US/O=
lix.polytechnique.fr/CN=CA-scenic.lix.polytechnique.fr.20433
                serial:01

            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: critical
                TLS Web Server Authentication, TLS Web Client Authentication
    Signature Algorithm: sha1WithRSAEncryption
        89:f3:e5:af:a8:98:44:fa:60:52:93:4f:7c:e8:62:78:40:f8:
        c7:a7:e1:c3:38:b5:7d:4c:5b:7a:df:5d:1b:05:2c:ca:43:ce:
        a2:8a:f6:fd:02:3e:98:6f:bc:ea:a6:78:f7:e4:7a:4f:49:0c:
        86:cb:b6:23:2e:b7:93:f1:e8:ba:76:05:21:00:ed:cc:f2:ee:
        0e:17:dc:21:0a:21:9e:ce:e1:bf:b5:11:d4:a5:d3:31:dd:f4:
        e3:c7:ea:40:26:27:45:79:9f:2d:79:91:41:03:61:26:51:31:
        54:d5:06:90:cf:d4:a0:8b:b7:8a:b0:02:b4:37:24:0f:b2:26:
        99:a9:39:78:48:8a:1b:03:89:64:68:de:9e:cb:fc:99:d6:41:
        3d:3d:d9:15:8f:f6:ef:3f:b2:51:c8:dd:60:a8:c5:29:88:20:
        69:b9:8a:23:eb:9b:64:94:cd:ad:e2:f9:7c:0e:d7:92:cf:cb:
        7d:dd:3b:2d:67:13:1d:c3:0a:51:28:e7:b7:44:36:fa:43:83:
        80:13:51:ff:f7:1b:22:c0:80:c5:c1:85:90:87:a6:17:46:44:
        dc:88:1f:16:69:ee:27:44:89:c0:2b:2a:4d:f9:46:fc:50:f1:
        2c:af:af:c1:30:ee:6f:6c:b5:cd:f5:e7:73:99:b0:ff:36:2c:
        87:32:66:0e
-----BEGIN CERTIFICATE-----
MIIEXjCCA0agAwIBAgIBAjANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJVUzEd
MBsGA1UEChMUbGl4LnBvbHl0ZWNobmlxdWUuZnIxLTArBgNVBAMTJENBLXNjZW5p
Yy5saXgucG9seXRlY2huaXF1ZS5mci4yMDQzMzAiFxExMzA0MjkxNTExMTArMDAw
MBcNMTgwNDA0MTUxMTEyWjBSMQswCQYDVQQGEwJVUzEdMBsGA1UECgwUbGl4LnBv
bHl0ZWNobmlxdWUuZnIxJDAiBgNVBAMMG3NjZW5pYy5saXgucG9seXRlY2huaXF1
ZS5mcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM56LsGahizCdl7q
i1kYYn16n1X/cRX3kz9AHnBdgEPqx/RQCqZHKvgHTQwKTQEel942Y0DfMHpAnTST
1qhDxrNiwd7bV9H7ucbiNGXyZ+GMkWc/maYre4pRrZxDw6XNxaIp6ZnbuvR20OVB
lzH8E5RTr5DKBqp9aARiZqWQSxHeBzTsaImcE3uiuh8qKGu6mrO6l1yWzR4u5/y/
IKKlV/NzjRLbgQBTUKZU6RQeRmkI4oCxMJeJ06GiekejyS7JzhR0kicCWEHY4d2e
mSb6sK1s4BE/F333Yydio9Ao8xqRymW3aZu2hoVwpqxcUeL/6fIoeCQhKAzQlaT4
5WcV1ncCAwEAAaOCATAwggEsMB0GA1UdDgQWBBRK4N9tTa0DJjC11NTcacXadLJm
qzBIBggrBgEFBQcBAQQ8MDowOAYIKwYBBQUHMAKGLGh0dHA6Ly9zY2VuaWMubGl4
LnBvbHl0ZWNobmlxdWUuZnI6ODAvY2EuY3J0MIGDBgNVHSMEfDB6gBR+2K5WJcWw
NJZa6q/pLfPgBhwZ0KFfpF0wWzELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFGxpeC5w
b2x5dGVjaG5pcXVlLmZyMS0wKwYDVQQDEyRDQS1zY2VuaWMubGl4LnBvbHl0ZWNo
bmlxdWUuZnIuMjA0MzOCAQEwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwIAYD
VR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IB
AQCJ8+WvqJhE+mBSk0986GJ4QPjHp+HDOLV9TFt6310bBSzKQ86iivb9Aj6Yb7zq
pnj35HpPSQyGy7YjLreT8ei6dgUhAO3M8u4OF9whCiGezuG/tRHUpdMx3fTjx+pA
JidFeZ8teZFBA2EmUTFU1QaQz9Sgi7eKsAK0NyQPsiaZqTl4SIobA4lkaN6ey/yZ
1kE9PdkVj/bvP7JRyN1gqMUpiCBpuYoj65tklM2t4vl8DteSz8t93TstZxMdwwpR
KOe3RDb6Q4OAE1H/9xsiwIDFwYWQh6YXRkTciB8Wae4nRInAKypN+Ub8UPEsr6/B
MO5vbLXN9edzmbD/NiyHMmYO
-----END CERTIFICATE-----



2013/4/30 Alon Bar-Lev <alonbl at redhat.com>

> Which version do you use?
>
> this should not happen...
>
> what is the output of:
>
> $ openssl x509 -in /etc/pki/ovirt-engine/certs/engine.cer -text
>
> ----- Original Message -----
> > From: "Florian BRUSCHET" <florian.bruschet at gmail.com>
> > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > Cc: "engine-devel" <engine-devel at ovirt.org>
> > Sent: Wednesday, May 1, 2013 12:47:13 AM
> > Subject: Re: [Engine-devel] Root password to add Host
> >
> > Sure,
> >
> > 2013-04-30 23:44:35,984 ERROR
> > [org.ovirt.engine.core.pki.PKIResourceServlet] (ajp--127.0.0.1-8702-4)
> > Cannot send public key resource '/etc/pki/ovirt-engine/certs/engine.cer'
> > format 'SSH': java.security.cert.CertificateParsingException: invalid
> > DER-encoded certificate data
> >         at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1723)
> > [rt.jar:1.6.0_24]
> >         at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:320)
> > [rt.jar:1.6.0_24]
> >         at
> >
> sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:121)
> > [rt.jar:1.6.0_24]
> >         at
> >
> java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:322)
> > [rt.jar:1.6.0_24]
> >         at
> >
> org.ovirt.engine.core.pki.PKIResourceServlet.doGet(PKIResourceServlet.java:83)
> > [classes:]
> >         at javax.servlet.http.HttpServlet.service(HttpServlet.java:734)
> > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
> >         at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
> > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
> >         at
> >
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
> > [jbossweb-7.0.13.Final.jar:]
> >         at
> >
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> > [jbossweb-7.0.13.Final.jar:]
> >         at
> >
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
> > [jbossweb-7.0.13.Final.jar:]
> >         at
> >
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
> > [jbossweb-7.0.13.Final.jar:]
> >         at
> >
> org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
> > [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
> >         at
> >
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
> > [jbossweb-7.0.13.Final.jar:]
> >         at
> >
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> > [jbossweb-7.0.13.Final.jar:]
> >         at
> org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466)
> > [jbossweb-7.0.13.Final.jar:]
> >         at
> >
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> > [jbossweb-7.0.13.Final.jar:]
> >         at
> >
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
> > [jbossweb-7.0.13.Final.jar:]
> >         at
> > org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505)
> > [jbossweb-7.0.13.Final.jar:]
> >         at
> >
> org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
> > [jbossweb-7.0.13.Final.jar:]
> >         at
> > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
> > [jbossweb-7.0.13.Final.jar:]
> >         at java.lang.Thread.run(Thread.java:679) [rt.jar:1.6.0_24]
> >
> >
> >
> > 2013/4/30 Alon Bar-Lev <alonbl at redhat.com>
> >
> > >
> > > Can you please attach /var/log/ovirt-engine/engine.log?
> > >
> > > ----- Original Message -----
> > > > From: "Florian BRUSCHET" <florian.bruschet at gmail.com>
> > > > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > > > Cc: "engine-devel" <engine-devel at ovirt.org>
> > > > Sent: Wednesday, May 1, 2013 12:33:38 AM
> > > > Subject: Re: [Engine-devel] Root password to add Host
> > > >
> > > > Ok this what I have done, I see it, I specify the engine address,
> then he
> > > > ask me to "Retrieve Certificate" i do it, it works. After I choose
> "Save
> > > &
> > > > Register", i can see "Activating VDMS", and "All changes were applied
> > > > successfully". But nothing in the engine ...
> > > > I tryed the other way but don't work too ... for this solution i'm
> nearly
> > > > sure that it's cause the password is wrong, it isn't the one which i
> > > > specified in ovirt-node.
> > > >
> > > >
> > > > 2013/4/30 Alon Bar-Lev <alonbl at redhat.com>
> > > >
> > > > >
> > > > > Please reply to 'all'.
> > > > >
> > > > > When you login as admin you should be presented with Text User
> > > Interface.
> > > > > Within this interface there should be options on the left and a
> dialog
> > > on
> > > > > the right.
> > > > > At the left you should see 'ovirt-engine' or similar option, when
> > > > > selecting it, you should see on the right an input field of
> address of
> > > the
> > > > > ovirt-engine server, specifying the engine address and selecting
> apply
> > > will
> > > > > initiate registration into the engine.
> > > > >
> > > > > Once registered, you should see the host in the engine, select it
> and
> > > > > click on "Approve".
> > > > >
> > > > > Another option is to specify password at the same dialog without
> > > filling
> > > > > the engine address. This password may be used as the password
> withi the
> > > > > 'Add Host' dialog.
> > > > >
> > > > > Alon
> > > > >
> > > > > ----- Original Message -----
> > > > > > From: "Florian BRUSCHET" <florian.bruschet at gmail.com>
> > > > > > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > > > > > Sent: Wednesday, May 1, 2013 12:00:01 AM
> > > > > > Subject: Re: [Engine-devel] Root password to add Host
> > > > > >
> > > > > > I think I don't really understand what you call TUI?
> > > > > > Yes I'm log as admin on ovirt-node to use Hypervisor
> > > > > >
> > > > > > (And sorry if I make some language faults English isn't my native
> > > > > language
> > > > > > ^^)
> > > > > >
> > > > > >
> > > > > > 2013/4/30 Alon Bar-Lev <alonbl at redhat.com>
> > > > > >
> > > > > > >
> > > > > > > You cannot do this via agent by via the TUI of the ovirt-node.
> > > > > > >
> > > > > > > Just to make sure, you are using ovirt-node as hypervisor,
> right?
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > > From: "Florian BRUSCHET" <florian.bruschet at gmail.com>
> > > > > > > > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > > > > > > > Sent: Tuesday, April 30, 2013 11:47:53 PM
> > > > > > > > Subject: Re: [Engine-devel] Root password to add Host
> > > > > > > >
> > > > > > > > Oh ok, i didn't know ...
> > > > > > > >
> > > > > > > > I was looking my oVirt Engine and i don't understand how i
> can
> > > add an
> > > > > > > Host
> > > > > > > > without this password ...
> > > > > > > > For me i have to right click on the Hosts panel, select "new"
> > > and it
> > > > > asks
> > > > > > > > me to give name, address and Root password.
> > > > > > > > I have already register this Host from oVirt Node
> Hypervisor, i
> > > add
> > > > > my
> > > > > > > > Management Server and there is no problem i can see
> "Certificate
> > > > > Status :
> > > > > > > > Verified" but this Host don't appears in the Web page ...
> > > > > > > >
> > > > > > > >
> > > > > > > > 2013/4/30 Alon Bar-Lev <alonbl at redhat.com>
> > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > ----- Original Message -----
> > > > > > > > > > From: "Florian BRUSCHET" <florian.bruschet at gmail.com>
> > > > > > > > > > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > > > > > > > > > Sent: Tuesday, April 30, 2013 11:06:14 PM
> > > > > > > > > > Subject: Re: [Engine-devel] Root password to add Host
> > > > > > > > > >
> > > > > > > > > > For me single mode it's when you add "single" at the end
> of
> > > the
> > > > > > > kernel
> > > > > > > > > > commande line like that you boot on shell commande as
> > > > > > > > > > root at localhostand
> > > > > > > > > > you can do what you want.
> > > > > > > > >
> > > > > > > > > Oh... this is "single user mode"... :)
> > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > I will try it soon!
> > > > > > > > > >
> > > > > > > > > > Thank you
> > > > > > > > > >
> > > > > > > > > > Florian
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > 2013/4/30 Alon Bar-Lev <alonbl at redhat.com>
> > > > > > > > > >
> > > > > > > > > > > What is 'single mode'?
> > > > > > > > > > >
> > > > > > > > > > > You should be able to set root password via node TUI,
> at
> > > ovirt
> > > > > tab.
> > > > > > > > > > > Or... you can simply perform registration via the node
> > > TUI, so
> > > > > you
> > > > > > > > > don't
> > > > > > > > > > > need to specify password at all.
> > > > > > > > > > >
> > > > > > > > > > > ----- Original Message -----
> > > > > > > > > > > > From: "Florian BRUSCHET" <florian.bruschet at gmail.com
> >
> > > > > > > > > > > > To: engine-devel at ovirt.org
> > > > > > > > > > > > Sent: Tuesday, April 30, 2013 7:28:12 PM
> > > > > > > > > > > > Subject: [Engine-devel] Root password to add Host
> > > > > > > > > > > >
> > > > > > > > > > > > Hi,
> > > > > > > > > > > >
> > > > > > > > > > > > I try to add Host from oVirt Engine Web
> Administration,
> > > but
> > > > > it
> > > > > > > asks
> > > > > > > > > me to
> > > > > > > > > > > > give a Root Password (It's not the same that i used
> to
> > > log in
> > > > > > > admin
> > > > > > > > > on
> > > > > > > > > > > the
> > > > > > > > > > > > Node).
> > > > > > > > > > > > Do i really need this Root Password? Because i can't
> > > have it
> > > > > and
> > > > > > > i
> > > > > > > > > don't
> > > > > > > > > > > want
> > > > > > > > > > > > to change it by using single mode...
> > > > > > > > > > > > There is an other solution to add Hosts?
> > > > > > > > > > > >
> > > > > > > > > > > > Thank you,
> > > > > > > > > > > >
> > > > > > > > > > > > Florian BRUSCHET
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > > _______________________________________________
> > > > > > > > > > > > Engine-devel mailing list
> > > > > > > > > > > > Engine-devel at ovirt.org
> > > > > > > > > > > > http://lists.ovirt.org/mailman/listinfo/engine-devel
> > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/engine-devel/attachments/20130430/22c23408/attachment.html>


More information about the Engine-devel mailing list