[Users] F17 vdsm bootstrap_complete trouble

Ryan Harper ryanh at us.ibm.com
Tue Jul 31 13:59:16 EDT 2012 

* Ryan Harper <ryanh at us.ibm.com> [2012-07-30 14:02]:
> I'm having trouble getting a F17 system[1] added to engine[2].  The symtoms
> are in the engine UI, it says the install falls.  I'm using the latest
> rpms[3]

While attempting to reproduce this; I started from scratch and purged my
engine host and re-installed from the 3.1 repo[1] and now everything is
working.

I suppose it may have been an artifact from using the beta 3.1 repo.

> 
> On the end-point, the bootstrap log shows success.
> 
> However, when I attempt to test the vdsm install with:
> 
> vdsClient -s 0 getVdsCaps
> 
> I get a nice ssl error:
> 
> [root at hungerforce tmp]# vdsClient -s 0 getVdsCaps
> Traceback (most recent call last):
>   File "/usr/share/vdsm/vdsClient.py", line 2275, in <module>
>     code, message = commands[command][0](commandArgs)
>   File "/usr/share/vdsm/vdsClient.py", line 403, in do_getCap
>     return self.ExecAndExit(self.s.getVdsCapabilities())
>   File "/usr/lib64/python2.7/xmlrpclib.py", line 1224, in __call__
>     return self.__send(self.__name, args)
>   File "/usr/lib64/python2.7/xmlrpclib.py", line 1578, in __request
>     verbose=self.__verbose
>   File "/usr/lib64/python2.7/xmlrpclib.py", line 1264, in request
>     return self.single_request(host, handler, request_body, verbose)
>   File "/usr/lib64/python2.7/xmlrpclib.py", line 1292, in single_request
>     self.send_content(h, request_body)
>   File "/usr/lib64/python2.7/xmlrpclib.py", line 1439, in send_content
>     connection.endheaders(request_body)
>   File "/usr/lib64/python2.7/httplib.py", line 954, in endheaders
>     self._send_output(message_body)
>   File "/usr/lib64/python2.7/httplib.py", line 814, in _send_output
>     self.send(msg)
>   File "/usr/lib64/python2.7/httplib.py", line 776, in send
>     self.connect()
>   File "/usr/lib/python2.7/site-packages/vdsm/SecureXMLRPCServer.py", line 98, in connect
>     cert_reqs=self.cert_reqs)
>   File "/usr/lib64/python2.7/ssl.py", line 381, in wrap_socket
>     ciphers=ciphers)
>   File "/usr/lib64/python2.7/ssl.py", line 141, in __init__
>     ciphers)
> SSLError: [Errno 185090050] _ssl.c:340: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
> 
> 
> This problem is because not all of the ssl certs for vdsm are present.
> On a working host:
> 
> [root at ichigo-dom226 tmp]# find /etc/pki/vdsm -type f
> /etc/pki/vdsm/certs/cacert.pem
> /etc/pki/vdsm/certs/vdsmcert.pem
> /etc/pki/vdsm/keys/libvirt_password
> /etc/pki/vdsm/keys/dh.pem
> /etc/pki/vdsm/keys/vdsmkey.pem
> 
> On the host with the error:
> 
> [root at hungerforce tmp]# find /etc/pki/vdsm -type f
> /etc/pki/vdsm/keys/dh.pem
> /etc/pki/vdsm/keys/libvirt_password
> /etc/pki/vdsm/keys/vdsmkey.pem
> 
> 
> As it turns out: 
> /etc/pki/vdsm/certs/cacert.pem
> /etc/pki/vdsm/certs/vdsmcert.pem
> 
> These files are generated from:
> 
> /usr/libexec/vdsm/vdsm-gencerts.sh
> 
> 
> which is invoked by:  deployUtils.instCert()
> 
> which is called by: vds_bootstrap_complete.py
> 
> 
> So... the question is:  why isn't vds_bootstrap_complete.py getting
> invoked?
> 
> 
> Also, if I re-run the vdsm-gencerts.sh and validate my certificates I
> can get vdsm to work properly on the host (vdsClient -s works)... then
> if I go to engine and attempt to Activate, it just say the host is
> non-responsive... re-installing re-breaks vdsm since it doesn't generate
> the SSL certs.
> 
> 
> 
> 
> 1. [root at hungerforce tmp]# rpm -qa | egrep "(vdsm|libvirt)"
> vdsm-4.10.0-5.fc17.x86_64
> vdsm-python-4.10.0-5.fc17.x86_64
> libvirt-daemon-config-nwfilter-0.9.11.4-3.fc17.x86_64
> libvirt-daemon-0.9.11.4-3.fc17.x86_64
> libvirt-lock-sanlock-0.9.11.4-3.fc17.x86_64
> vdsm-xmlrpc-4.10.0-5.fc17.noarch
> vdsm-cli-4.10.0-5.fc17.noarch
> libvirt-0.9.11.4-3.fc17.x86_64
> libvirt-daemon-config-network-0.9.11.4-3.fc17.x86_64
> libvirt-client-0.9.11.4-3.fc17.x86_64
> libvirt-python-0.9.11.4-3.fc17.x86_64
> 
> 
> 2. [root at bebop ~]# rpm -qa | egrep "(ovirt-engine|vdsm)"  
> ovirt-engine-dbscripts-3.1.0-1.fc17.noarch
> ovirt-engine-userportal-3.1.0-1.fc17.noarch
> ovirt-engine-genericapi-3.1.0-1.fc17.noarch
> ovirt-engine-cli-3.1.0.6-1.fc17.noarch
> ovirt-engine-backend-3.1.0-1.fc17.noarch
> ovirt-engine-notification-service-3.1.0-1.fc17.noarch
> ovirt-engine-3.1.0-1.fc17.noarch
> vdsm-bootstrap-4.10.0-5.fc17.noarch
> ovirt-engine-webadmin-portal-3.1.0-1.fc17.noarch
> ovirt-engine-restapi-3.1.0-1.fc17.noarch
> ovirt-engine-config-3.1.0-1.fc17.noarch
> ovirt-engine-sdk-3.1.0.4-1.fc17.noarch
> ovirt-engine-tools-common-3.1.0-1.fc17.noarch
> ovirt-engine-setup-3.1.0-1.fc17.noarch
> 
> 
> 3. http://ovirt.org/releases/3.1/rpm/Fedora/17/
> 
> -- 
> Ryan Harper
> Software Engineer; Linux Technology Center
> IBM Corp., Austin, Tx
> ryanh at us.ibm.com
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

-- 
Ryan Harper
Software Engineer; Linux Technology Center
IBM Corp., Austin, Tx
ryanh at us.ibm.com

More information about the Users mailing list