[Users] Joss fails to start ... Keystore was tampered.

Doron Fediuck dfediuck at redhat.com
Wed Apr 25 02:00:41 EDT 2012


Thanks,
I think the problem is that wiki has a section on ssl,
but it's only basic ssl as a web-server, while what you
probably need is something like: http://www.ovirt.org/wiki/Engine_Node_Integration#Engine_core_machine
When using RPM's they handle these parts.

Can you tell me why you need (if any) ssl?
If you plan to use ovirt-nodes, than you'll have to follow the above
link. If you're planning to work with standard hosts, I'm almost
sure you won't need it.

Let me know what you need and we'll work it out.
(please note that I'll be in a holiday in the coming
days, so my responses may by delayed).

On 24/04/12 20:29, Sharad Mishra wrote:
> 
> Quoting Doron Fediuck <dfediuck at redhat.com>:
> 
>> Please explain "from source"-
>> - Did you run maven using dep and started JBoss?
> 
> yes, I followed the steps at http://www.ovirt.org/wiki/Building_Ovirt_Engine section "Building oVirt-engine from source".
> 
> -Sharad
> 
>> or
>> - Did you create RPM's and used yum install?
>>
>> On 23/04/12 22:28, Sharad Mishra wrote:
>>>
>>> Quoting Doron Fediuck <dfediuck at redhat.com>:
>>>
>>>> Thanks.
>>>> Unfortunately the keystore is the most important file in the PKI
>>>> area. Please try to recall your actions, and try to look for the
>>>> keystore in case you moved / change folders or anything alike.
>>>>
>>>> Currently, the only valid solution for a lost keystore is re-installation.
>>>
>>> I reinstalled ovirt-engine from source on a fresh rhel6.2 machine. I still do not see .keystore in /etc/pki/ovirt-engine. Now I get FileNotFoundException but engine is running.
>>>
>>> 2012-04-23 11:21:14,900 ERROR [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] (MSC service thread 1-15) Failed to decryptjava.io.FileNotFoundException: .keystore (No such file or directory)
>>> 2012-04-23 11:21:14,900 ERROR [org.ovirt.engine.core.dal.dbbroker.generic.DBConfigUtils] (MSC service thread 1-15) Failed to decrypt value for property AdminPassword will be used encrypted value
>>> 2012-04-23 11:21:14,902 INFO  [org.ovirt.engine.core.bll.Backend] (MSC service thread 1-15) VDSBrokerFrontend: 4/23/12 11:21 AM
>>>
>>> -Sharad Mishra
>>>
>>>>
>>>> On 19/04/12 22:40, snmishra at linux.vnet.ibm.com wrote:
>>>>>
>>>>> Quoting Doron Fediuck <dfediuck at redhat.com>:
>>>>>
>>>>>> Please check again using ls -la on that folder.
>>>>>
>>>>> Yes, I did run "ls -la" :-)
>>>>>
>>>>> -Sharad Mishra
>>>>>
>>>>>>
>>>>>> Sent from my Android phone. Please ignore typos.
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: snmishra at linux.vnet.ibm.com
>>>>>> Received: Thursday, 19 Apr 2012, 20:38
>>>>>> To: Ofer Schreiber [oschreib at redhat.com]
>>>>>> CC: users at ovirt.org
>>>>>> Subject: Re: [Users] Joss fails to start ... Keystore was tampered.
>>>>>>
>>>>>>
>>>>>> Quoting Ofer Schreiber <oschreib at redhat.com>:
>>>>>>
>>>>>>> I'm trying to understand few things:
>>>>>>> 1. Did you used RPM for deployment?
>>>>>>
>>>>>> No, it was from source. (git clone)
>>>>>>
>>>>>>> 2. Was it an UPGRADE for the engine?
>>>>>>
>>>>>> yes, I updated the source which was about a month old.
>>>>>>
>>>>>>> 3. Do you have /etc/pki/ovirt-engine/.keystore available? did it
>>>>>>> changed recently?
>>>>>>
>>>>>> There is no .keystore in /etc/pki/ovirt-engine. But rest of the files
>>>>>> in this directory were modified on 4/17 (certs, keys, private,
>>>>>> requests). I was playing with kerberos for ldap on 17th so it is
>>>>>> possible that I did something that messed up the server, and it was
>>>>>> just coincidental that I upgraded the source next day and ran into
>>>>>> this issue.
>>>>>>
>>>>>> Any help on how I can get out of it?
>>>>>>
>>>>>> -Sharad Mishra
>>>>>>>
>>>>>>> Ofer.
>>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>>>
>>>>>>>> I had jboss running on my rhel6.2 machine. This morning I fetched
>>>>>>>> latest engine source, built and deployed it. I did not see any
>>>>>>>> errors.
>>>>>>>> But now when I start jboss-as service I see following errors in
>>>>>>>> engine.log -
>>>>>>>>
>>>>>>>> 2012-04-18 13:57:48,051 INFO  [org.ovirt.engine.core.bll.Backend]
>>>>>>>> (MSC
>>>>>>>> service thread 1-5) Start time: 4/18/12 1:57 PM
>>>>>>>> 2012-04-18 13:57:48,204 ERROR
>>>>>>>> [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] (MSC
>>>>>>>> service thread 1-5) Failed to decryptjava.io.IOException: Keystore
>>>>>>>> was
>>>>>>>> tampered with, or password was incorrect
>>>>>>>> 2012-04-18 13:57:48,204 ERROR
>>>>>>>> [org.ovirt.engine.core.dal.dbbroker.generic.DBConfigUtils] (MSC
>>>>>>>> service thread 1-5) Failed to decrypt value for property
>>>>>>>> LocalAdminPassword will be used encrypted value
>>>>>>>> 2012-04-18 13:57:48,209 WARN
>>>>>>>> [org.ovirt.engine.core.utils.ConfigUtilsBase] (MSC service thread
>>>>>>>> 1-5)
>>>>>>>> Could not find enum value for option: NetConsolePort
>>>>>>>> 2012-04-18 13:57:48,212 ERROR
>>>>>>>> [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] (MSC
>>>>>>>> service thread 1-5) Failed to decryptjava.io.IOException: Keystore
>>>>>>>> was
>>>>>>>> tampered with, or password was incorrect
>>>>>>>> 2012-04-18 13:57:48,212 ERROR
>>>>>>>> [org.ovirt.engine.core.dal.dbbroker.generic.DBConfigUtils] (MSC
>>>>>>>> service thread 1-5) Failed to decrypt value for property
>>>>>>>> CertificatePassword will be used encrypted value
>>>>>>>> 2012-04-18 13:57:48,214 ERROR
>>>>>>>> [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] (MSC
>>>>>>>> service thread 1-5) Failed to decryptjava.io.IOException: Keystore
>>>>>>>> was
>>>>>>>> tampered with, or password was incorrect
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Sharad Mishra
>>>>>>>> IBM
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Users mailing list
>>>>>>>> Users at ovirt.org
>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Users mailing list
>>>>>> Users at ovirt.org
>>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>>
>>>>>>
>>>>>> Sent from my Android phone. Please ignore typos.
>>>>>
>>>>>
>>>>>
>>>
>>>
>>>
> 
> 
> 




More information about the Users mailing list