[Users] error using cli on ovirt 3.1
Jim Kinney
jim.kinney at gmail.com
Wed Feb 6 14:32:41 UTC 2013
The pki folder is likely to be a problem but the backups folder is
populated. Is there a way to remove client certs from hosts to restore
access with a host add process?
On Feb 6, 2013 9:24 AM, "Juan Hernandez" <jhernand at redhat.com> wrote:
> On 02/06/2013 03:02 PM, Jim Kinney wrote:
>
>> as things stand now:
>>
>> I manually reinstalled 3.1, then dropped the engine database and
>> restored from the backup. There were some errors at the end. Even though
>> I used all the same passwords, the admin at internal account was not
>> working. Used engine-config -s LocalAdminPassword='*****' to fix. On log
>> in, everything is down, offline, unreachable. No hosts can be contacted.
>> No storage is connected. Can't add a new host.
>>
>> crud.
>>
>> I copied the database backup and removed all the db creation part
>> leaving just the data "copy into..." section (that was fun). Ran
>> engine-cleanup then engine-setup then tried to restore just the data.
>>
>> no joy there either.
>>
>> The system is CentOS 6.3 as are the hosts. This ran wonderfully until I
>> goofed trying to get the cli and sdk updated. Without the database
>> working, I have no way to know what vm is what in the ISCSI LVM storage
>> system to even export to another platform.
>>
>> So I'm assuming my next step is panic (or total reinstall from bare
>> iron?). I'm setting this up at work and today is my last day as I'm
>> moving to a new job at a totally different organization. I'd hate to
>> walk out and lose all the windows VMs and templates that were built over
>> the last 2 months.
>>
>
> Do you still have the original backup of the database and the contents of
> the original /etc/pki/ovirt-engine directory? With those two things it is
> possible to recover.
>
> I would suggest the following procedure:
>
> 1. Make a clean installation of 3.1, exactly the same version that you had
> before trying to update (make a backup of the database and of the
> /etc/pki/ovirt-engine directory before, just in case). During this
> installation use the answers that you used during the initial installation
> (specially the passwords).
>
> 2. Stop the engine, then drop and recover the database as you already did.
>
> 3. Restore the contents of the /etc/pki/ovirt-engine directory.
>
> 4. Start the engine.
>
> You should be able to log in with the same credentials that you used in
> the original installation.
>
>
>> On Wed, Feb 6, 2013 at 8:43 AM, Jim Kinney <jim.kinney at gmail.com
>> <mailto:jim.kinney at gmail.com>> wrote:
>>
>> added 3.2 lines to dre ovirt yum repo (and disabled 3.1 - probably
>> not good) and did engine-upgrade.
>>
>> Process choked at opening the CA cert and proceeded to "rollback".
>> Didn't actually roll back as 3.1 repo was disabled.
>>
>> System still has 3.2 installed. Did yum update to pull in the
>> cli/sdk 3.2 (wish I had done that first!).
>>
>> Engine starts but fails to open CA to run gui. found following in log:
>>
>> 2013-02-05 14:02:40,825 ERROR [org.ovirt.engine.core.
>> engineencryptutils.**EncryptionUtils] (MSC service thread 1-16) Can't
>> load keystore from file "/etc/pki/ovirt-engine/.**keystore".
>> IOException: DerInputStream.getLength(): lengthTag=109, too big.
>> 2013-02-05 14:02:40,826 ERROR
>> [org.ovirt.engine.core.**engineencryptutils.**EncryptionUtils] (MSC
>> service thread 1-16) Failed to decrypt java.io.IOException:
>> DerInputStream.getLength(): lengthTag=109, too big.
>> 2013-02-05 14:02:40,827 ERROR
>> [org.ovirt.engine.core.dal.**dbbroker.generic.**DBConfigUtils] (MSC
>> service thread 1-16) Failed to decrypt value for property
>> TruststorePass will be used encrypted value
>> 2013-02-05 14:02:40,829 WARN
>> [org.ovirt.engine.core.utils.**ConfigUtilsBase] (MSC service thread
>> 1-16) Could not find enum value for option: CertificatePassword
>> 2013-02-05 14:02:40,830 ERROR
>> [org.ovirt.engine.core.**engineencryptutils.**EncryptionUtils] (MSC
>> service thread 1-16) Can't load keystore from file
>> "/etc/pki/ovirt-engine/.**keystore". IOException:
>> DerInputStream.getLength(): lengthTag=109, too big.
>> 2013-02-05 14:02:40,830 ERROR
>> [org.ovirt.engine.core.**engineencryptutils.**EncryptionUtils] (MSC
>> service thread 1-16) Failed to decrypt java.io.IOException:
>> DerInputStream.getLength(): lengthTag=109, too big.
>> 2013-02-05 14:02:40,831 ERROR
>> [org.ovirt.engine.core.dal.**dbbroker.generic.**DBConfigUtils] (MSC
>> service thread 1-16) Failed to decrypt value for property
>> LocalAdminPassword will be used encrypted value
>> 2013-02-05 14:02:40,833 ERROR
>> [org.ovirt.engine.core.**engineencryptutils.**EncryptionUtils] (MSC
>> service thread 1-16) Can't load keystore from file
>> "/etc/pki/ovirt-engine/.**keystore". IOException:
>> DerInputStream.getLength(): lengthTag=109, too big.
>> 2013-02-05 14:02:40,834 ERROR
>> [org.ovirt.engine.core.**engineencryptutils.**EncryptionUtils] (MSC
>> service thread 1-16) Failed to decrypt java.io.IOException:
>> DerInputStream.getLength(): lengthTag=109, too big.
>>
>>
>> On Tue, Feb 5, 2013 at 6:11 AM, Michael Pasternak
>> <mpastern at redhat.com <mailto:mpastern at redhat.com>> wrote:
>>
>>
>> Hi Jim,
>>
>> On 02/04/2013 08:33 PM, Jim Kinney wrote:
>> > I'm trying to setup a way to restart a large group of windows
>> vms on a schedule. I'm getting a connection failure that seems
>> related to the use of https but I'm not sure.
>> >
>> > error: __init__() got an unexpected keyword argument
>> 'source_address'
>>
>> This error is caused by running ovirt-sdk on a older version of
>> python (less then python27),
>> please upgrade your sdk/cli with one shipped in 3.2 (it's
>> backward compatible to 3.1).
>>
>> >
>> > I ran:
>> > ovirt-shell -A <path to server cert/certfile exported from
>> browser> -c
>> >
>> > and my .ovirtshellrc is:
>> >
>> > [ovirt-shell]
>> > username = "admin at internal"
>> > url = https://my.internal.url/api
>> > #insecure = False
>> > #filter = False
>> > #timeout = -1
>> > password = **********************
>> >
>> >
>> > I tried putting the ca_cert = <path to cert> but that clearly
>> was not allowed in .ovirtshellrc
>>
>> not related, but supported in 3.2 cli.
>>
>> >
>> > ideas?
>> > --
>> > --
>> > James P. Kinney III
>> > ////
>> > ////Every time you stop a school, you will have to build a
>> jail. What you gain at one end you lose at the other. It's like
>> feeding a dog on his own tail. It won't fatten
>> > the dog.
>> > - Speech 11/23/1900 Mark Twain
>> > ////
>> > http://electjimkinney.org
>> > http://heretothereideas.**blogspot.com/<http://heretothereideas.blogspot.com/>
>> > ////
>> >
>> >
>> >
>> > ______________________________**_________________
>> > Users mailing list
>> > Users at ovirt.org <mailto:Users at ovirt.org>
>> > http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
>>
>>
>> --
>>
>> Michael Pasternak
>> RedHat, ENG-Virtualization R&D
>>
>>
>>
>>
>> --
>> --
>> James P. Kinney III
>> ////
>> ////Every time you stop a school, you will have to build a jail.
>> What you gain at one end you lose at the other. It's like feeding a
>> dog on his own tail. It won't fatten the dog.
>> - Speech 11/23/1900 Mark Twain
>> ////
>> http://electjimkinney.org
>> http://heretothereideas.**blogspot.com/<http://heretothereideas.blogspot.com/>
>> ////
>>
>>
>>
>>
>> --
>> --
>> James P. Kinney III
>> ////
>> ////Every time you stop a school, you will have to build a jail. What
>> you gain at one end you lose at the other. It's like feeding a dog on
>> his own tail. It won't fatten the dog.
>> - Speech 11/23/1900 Mark Twain
>> ////
>> http://electjimkinney.org
>> http://heretothereideas.**blogspot.com/<http://heretothereideas.blogspot.com/>
>> ////
>>
>>
>> ______________________________**_________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
>>
>>
>
> --
> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD,
> 28016 Madrid, Spain
> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20130206/ba1a66fa/attachment-0001.html>
More information about the Users
mailing list