[Users] error using cli on ovirt 3.1
Juan Hernandez
jhernand at redhat.com
Wed Feb 6 14:42:41 UTC 2013
On 02/06/2013 03:32 PM, Jim Kinney wrote:
> The pki folder is likely to be a problem but the backups folder is
> populated. Is there a way to remove client certs from hosts to restore
> access with a host add process?
If you don't have the pki folder you have two problems. First is that
some data in the database is encrypted, namely the AdminPassword. That
you can solve with "engine-config -s AdminPassword=interactive". Second
is the certificates of the hosts, the easy way to solve that is to
re-install them (from the ovirt-engine GUI, no need to re-install the
operating system) that will generate new certificates.
>
> On Feb 6, 2013 9:24 AM, "Juan Hernandez" <jhernand at redhat.com
> <mailto:jhernand at redhat.com>> wrote:
>
> On 02/06/2013 03:02 PM, Jim Kinney wrote:
>
> as things stand now:
>
> I manually reinstalled 3.1, then dropped the engine database and
> restored from the backup. There were some errors at the end.
> Even though
> I used all the same passwords, the admin at internal account was not
> working. Used engine-config -s LocalAdminPassword='*****' to
> fix. On log
> in, everything is down, offline, unreachable. No hosts can be
> contacted.
> No storage is connected. Can't add a new host.
>
> crud.
>
> I copied the database backup and removed all the db creation part
> leaving just the data "copy into..." section (that was fun). Ran
> engine-cleanup then engine-setup then tried to restore just the
> data.
>
> no joy there either.
>
> The system is CentOS 6.3 as are the hosts. This ran wonderfully
> until I
> goofed trying to get the cli and sdk updated. Without the database
> working, I have no way to know what vm is what in the ISCSI LVM
> storage
> system to even export to another platform.
>
> So I'm assuming my next step is panic (or total reinstall from bare
> iron?). I'm setting this up at work and today is my last day as I'm
> moving to a new job at a totally different organization. I'd hate to
> walk out and lose all the windows VMs and templates that were
> built over
> the last 2 months.
>
>
> Do you still have the original backup of the database and the
> contents of the original /etc/pki/ovirt-engine directory? With those
> two things it is possible to recover.
>
> I would suggest the following procedure:
>
> 1. Make a clean installation of 3.1, exactly the same version that
> you had before trying to update (make a backup of the database and
> of the /etc/pki/ovirt-engine directory before, just in case). During
> this installation use the answers that you used during the initial
> installation (specially the passwords).
>
> 2. Stop the engine, then drop and recover the database as you
> already did.
>
> 3. Restore the contents of the /etc/pki/ovirt-engine directory.
>
> 4. Start the engine.
>
> You should be able to log in with the same credentials that you used
> in the original installation.
>
>
> On Wed, Feb 6, 2013 at 8:43 AM, Jim Kinney <jim.kinney at gmail.com
> <mailto:jim.kinney at gmail.com>
> <mailto:jim.kinney at gmail.com <mailto:jim.kinney at gmail.com>>> wrote:
>
> added 3.2 lines to dre ovirt yum repo (and disabled 3.1 -
> probably
> not good) and did engine-upgrade.
>
> Process choked at opening the CA cert and proceeded to
> "rollback".
> Didn't actually roll back as 3.1 repo was disabled.
>
> System still has 3.2 installed. Did yum update to pull in the
> cli/sdk 3.2 (wish I had done that first!).
>
> Engine starts but fails to open CA to run gui. found
> following in log:
>
> 2013-02-05 14:02:40,825 ERROR [org.ovirt.engine.core.
> engineencryptutils.__EncryptionUtils] (MSC service thread
> 1-16) Can't
> load keystore from file "/etc/pki/ovirt-engine/.__keystore".
> IOException: DerInputStream.getLength(): lengthTag=109, too
> big.
> 2013-02-05 14:02:40,826 ERROR
>
> [org.ovirt.engine.core.__engineencryptutils.__EncryptionUtils] (MSC
> service thread 1-16) Failed to decrypt java.io.IOException:
> DerInputStream.getLength(): lengthTag=109, too big.
> 2013-02-05 14:02:40,827 ERROR
>
> [org.ovirt.engine.core.dal.__dbbroker.generic.__DBConfigUtils] (MSC
> service thread 1-16) Failed to decrypt value for property
> TruststorePass will be used encrypted value
> 2013-02-05 14:02:40,829 WARN
> [org.ovirt.engine.core.utils.__ConfigUtilsBase] (MSC
> service thread
> 1-16) Could not find enum value for option: CertificatePassword
> 2013-02-05 14:02:40,830 ERROR
>
> [org.ovirt.engine.core.__engineencryptutils.__EncryptionUtils] (MSC
> service thread 1-16) Can't load keystore from file
> "/etc/pki/ovirt-engine/.__keystore". IOException:
> DerInputStream.getLength(): lengthTag=109, too big.
> 2013-02-05 14:02:40,830 ERROR
>
> [org.ovirt.engine.core.__engineencryptutils.__EncryptionUtils] (MSC
> service thread 1-16) Failed to decrypt java.io.IOException:
> DerInputStream.getLength(): lengthTag=109, too big.
> 2013-02-05 14:02:40,831 ERROR
>
> [org.ovirt.engine.core.dal.__dbbroker.generic.__DBConfigUtils] (MSC
> service thread 1-16) Failed to decrypt value for property
> LocalAdminPassword will be used encrypted value
> 2013-02-05 14:02:40,833 ERROR
>
> [org.ovirt.engine.core.__engineencryptutils.__EncryptionUtils] (MSC
> service thread 1-16) Can't load keystore from file
> "/etc/pki/ovirt-engine/.__keystore". IOException:
> DerInputStream.getLength(): lengthTag=109, too big.
> 2013-02-05 14:02:40,834 ERROR
>
> [org.ovirt.engine.core.__engineencryptutils.__EncryptionUtils] (MSC
> service thread 1-16) Failed to decrypt java.io.IOException:
> DerInputStream.getLength(): lengthTag=109, too big.
>
>
> On Tue, Feb 5, 2013 at 6:11 AM, Michael Pasternak
> <mpastern at redhat.com <mailto:mpastern at redhat.com>
> <mailto:mpastern at redhat.com <mailto:mpastern at redhat.com>>> wrote:
>
>
> Hi Jim,
>
> On 02/04/2013 08:33 PM, Jim Kinney wrote:
> > I'm trying to setup a way to restart a large group
> of windows
> vms on a schedule. I'm getting a connection failure
> that seems
> related to the use of https but I'm not sure.
> >
> > error: __init__() got an unexpected keyword argument
> 'source_address'
>
> This error is caused by running ovirt-sdk on a older
> version of
> python (less then python27),
> please upgrade your sdk/cli with one shipped in 3.2 (it's
> backward compatible to 3.1).
>
> >
> > I ran:
> > ovirt-shell -A <path to server cert/certfile
> exported from
> browser> -c
> >
> > and my .ovirtshellrc is:
> >
> > [ovirt-shell]
> > username = "admin at internal"
> > url = https://my.internal.url/api
> > #insecure = False
> > #filter = False
> > #timeout = -1
> > password = **********************
> >
> >
> > I tried putting the ca_cert = <path to cert> but
> that clearly
> was not allowed in .ovirtshellrc
>
> not related, but supported in 3.2 cli.
>
> >
> > ideas?
> > --
> > --
> > James P. Kinney III
> > ////
> > ////Every time you stop a school, you will have to
> build a
> jail. What you gain at one end you lose at the other.
> It's like
> feeding a dog on his own tail. It won't fatten
> > the dog.
> > - Speech 11/23/1900 Mark Twain
> > ////
> > http://electjimkinney.org
> > http://heretothereideas.__blogspot.com/
> <http://heretothereideas.blogspot.com/>
> > ////
> >
> >
> >
> > _________________________________________________
> > Users mailing list
> > Users at ovirt.org <mailto:Users at ovirt.org>
> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>
> > http://lists.ovirt.org/__mailman/listinfo/users
> <http://lists.ovirt.org/mailman/listinfo/users>
>
>
> --
>
> Michael Pasternak
> RedHat, ENG-Virtualization R&D
>
>
>
>
> --
> --
> James P. Kinney III
> ////
> ////Every time you stop a school, you will have to build a
> jail.
> What you gain at one end you lose at the other. It's like
> feeding a
> dog on his own tail. It won't fatten the dog.
> - Speech 11/23/1900 Mark Twain
> ////
> http://electjimkinney.org
> http://heretothereideas.__blogspot.com/
> <http://heretothereideas.blogspot.com/>
> ////
>
>
>
>
> --
> --
> James P. Kinney III
> ////
> ////Every time you stop a school, you will have to build a jail.
> What
> you gain at one end you lose at the other. It's like feeding a
> dog on
> his own tail. It won't fatten the dog.
> - Speech 11/23/1900 Mark Twain
> ////
> http://electjimkinney.org
> http://heretothereideas.__blogspot.com/
> <http://heretothereideas.blogspot.com/>
> ////
>
>
> _________________________________________________
> Users mailing list
> Users at ovirt.org <mailto:Users at ovirt.org>
> http://lists.ovirt.org/__mailman/listinfo/users
> <http://lists.ovirt.org/mailman/listinfo/users>
>
>
>
> --
> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3,
> planta 3ºD, 28016 Madrid, Spain
> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat
> S.L.
>
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
More information about the Users
mailing list