[Users] error using cli on ovirt 3.1
Jim Kinney
jim.kinney at gmail.com
Wed Feb 6 15:46:47 UTC 2013
On Wed, Feb 6, 2013 at 10:18 AM, Jim Kinney <jim.kinney at gmail.com> wrote:
> progress. Restored pki files from backup. Still had to reset
> AdminPassword. Able to login to the gui. All hosts are "unresponsive". The
> SPM host is just totally locked (but fine from it's console - idle).
>
> Tried to reinstall one of the hosts and got a new error message:
>
> Error:
>
> vmhost5:
>
> - size must be between 0 and 50
>
>
vmhost2 is locked as SPM host and nothing seems to allow it to be reset.
Found the following in engine.log:
2013-02-06 10:42:51,809 ERROR
[org.ovirt.engine.core.vdsbroker.vdsbroker.VdsBrokerCommand]
(QuartzScheduler_Worker-64) XML RPC error in command GetCapabilitiesVDS (
Vds: vmhost2 ), the error was: java.util.concurrent.ExecutionException:
java.lang.reflect.InvocationTargetException, SunCertPathBuilderException:
unable to find valid certification path to requested target
2013-02-06 10:42:51,818 ERROR
[org.ovirt.engine.core.engineencryptutils.EncryptionUtils]
(QuartzScheduler_Worker-57) Failed to decryptData must start with zero
2013-02-06 10:42:52,513 ERROR
[org.ovirt.engine.core.engineencryptutils.EncryptionUtils]
(QuartzScheduler_Worker-62) Failed to decryptData must start with zero
2013-02-06 10:42:53,245 ERROR
[org.ovirt.engine.core.engineencryptutils.EncryptionUtils]
(QuartzScheduler_Worker-60) Failed to decryptData must start with zero
This repeats every few seconds.
None of the vmhosts have the usual vdsm running profiles. They all have:
19343 ? S< 0:00 /bin/bash -e /usr/share/vdsm/respawn
--minlifetime 10 --daemon --masterpid /var/run/vdsm/respawn.pid
/usr/share/vdsm/vdsm
19346 ? S<l 0:02 /usr/bin/python /usr/share/vdsm/vdsm
19366 ? S< 0:00 /usr/bin/sudo -n /usr/bin/python
/usr/share/vdsm/supervdsmServer.py 414b69cd-383b-48af-a82a-7f1d042608e3
19346
19367 ? S<l 0:00 /usr/bin/python
/usr/share/vdsm/supervdsmServer.py 414b69cd-383b-48af-a82a-7f1d042608e3
19346
Expected to see may [vdsmd] entries in ps ax output.
>
>
> On Wed, Feb 6, 2013 at 9:42 AM, Juan Hernandez <jhernand at redhat.com>wrote:
>
>> On 02/06/2013 03:32 PM, Jim Kinney wrote:
>>
>>> The pki folder is likely to be a problem but the backups folder is
>>> populated. Is there a way to remove client certs from hosts to restore
>>> access with a host add process?
>>>
>>
>> If you don't have the pki folder you have two problems. First is that
>> some data in the database is encrypted, namely the AdminPassword. That you
>> can solve with "engine-config -s AdminPassword=interactive". Second is the
>> certificates of the hosts, the easy way to solve that is to re-install them
>> (from the ovirt-engine GUI, no need to re-install the operating system)
>> that will generate new certificates.
>>
>>
>>> On Feb 6, 2013 9:24 AM, "Juan Hernandez" <jhernand at redhat.com
>>> <mailto:jhernand at redhat.com>> wrote:
>>>
>>> On 02/06/2013 03:02 PM, Jim Kinney wrote:
>>>
>>> as things stand now:
>>>
>>> I manually reinstalled 3.1, then dropped the engine database and
>>> restored from the backup. There were some errors at the end.
>>> Even though
>>> I used all the same passwords, the admin at internal account was
>>> not
>>> working. Used engine-config -s LocalAdminPassword='*****' to
>>> fix. On log
>>> in, everything is down, offline, unreachable. No hosts can be
>>> contacted.
>>> No storage is connected. Can't add a new host.
>>>
>>> crud.
>>>
>>> I copied the database backup and removed all the db creation part
>>> leaving just the data "copy into..." section (that was fun). Ran
>>> engine-cleanup then engine-setup then tried to restore just the
>>> data.
>>>
>>> no joy there either.
>>>
>>> The system is CentOS 6.3 as are the hosts. This ran wonderfully
>>> until I
>>> goofed trying to get the cli and sdk updated. Without the
>>> database
>>> working, I have no way to know what vm is what in the ISCSI LVM
>>> storage
>>> system to even export to another platform.
>>>
>>> So I'm assuming my next step is panic (or total reinstall from
>>> bare
>>> iron?). I'm setting this up at work and today is my last day as
>>> I'm
>>> moving to a new job at a totally different organization. I'd
>>> hate to
>>> walk out and lose all the windows VMs and templates that were
>>> built over
>>> the last 2 months.
>>>
>>>
>>> Do you still have the original backup of the database and the
>>> contents of the original /etc/pki/ovirt-engine directory? With those
>>> two things it is possible to recover.
>>>
>>> I would suggest the following procedure:
>>>
>>> 1. Make a clean installation of 3.1, exactly the same version that
>>> you had before trying to update (make a backup of the database and
>>> of the /etc/pki/ovirt-engine directory before, just in case). During
>>> this installation use the answers that you used during the initial
>>> installation (specially the passwords).
>>>
>>> 2. Stop the engine, then drop and recover the database as you
>>> already did.
>>>
>>> 3. Restore the contents of the /etc/pki/ovirt-engine directory.
>>>
>>> 4. Start the engine.
>>>
>>> You should be able to log in with the same credentials that you used
>>> in the original installation.
>>>
>>>
>>> On Wed, Feb 6, 2013 at 8:43 AM, Jim Kinney <jim.kinney at gmail.com
>>> <mailto:jim.kinney at gmail.com>
>>> <mailto:jim.kinney at gmail.com <mailto:jim.kinney at gmail.com>>**>
>>> wrote:
>>>
>>> added 3.2 lines to dre ovirt yum repo (and disabled 3.1 -
>>> probably
>>> not good) and did engine-upgrade.
>>>
>>> Process choked at opening the CA cert and proceeded to
>>> "rollback".
>>> Didn't actually roll back as 3.1 repo was disabled.
>>>
>>> System still has 3.2 installed. Did yum update to pull in
>>> the
>>> cli/sdk 3.2 (wish I had done that first!).
>>>
>>> Engine starts but fails to open CA to run gui. found
>>> following in log:
>>>
>>> 2013-02-05 14:02:40,825 ERROR [org.ovirt.engine.core.
>>> engineencryptutils.__**EncryptionUtils] (MSC service thread
>>> 1-16) Can't
>>> load keystore from file "/etc/pki/ovirt-engine/.__**
>>> keystore".
>>>
>>> IOException: DerInputStream.getLength(): lengthTag=109, too
>>> big.
>>> 2013-02-05 14:02:40,826 ERROR
>>>
>>> [org.ovirt.engine.core.__**engineencryptutils.__**EncryptionUtils]
>>> (MSC
>>>
>>> service thread 1-16) Failed to decrypt java.io.IOException:
>>> DerInputStream.getLength(): lengthTag=109, too big.
>>> 2013-02-05 14:02:40,827 ERROR
>>>
>>> [org.ovirt.engine.core.dal.__**dbbroker.generic.__**DBConfigUtils]
>>> (MSC
>>>
>>> service thread 1-16) Failed to decrypt value for property
>>> TruststorePass will be used encrypted value
>>> 2013-02-05 14:02:40,829 WARN
>>> [org.ovirt.engine.core.utils._**_ConfigUtilsBase] (MSC
>>>
>>> service thread
>>> 1-16) Could not find enum value for option:
>>> CertificatePassword
>>> 2013-02-05 14:02:40,830 ERROR
>>>
>>> [org.ovirt.engine.core.__**engineencryptutils.__**EncryptionUtils]
>>> (MSC
>>>
>>> service thread 1-16) Can't load keystore from file
>>> "/etc/pki/ovirt-engine/.__**keystore". IOException:
>>>
>>> DerInputStream.getLength(): lengthTag=109, too big.
>>> 2013-02-05 14:02:40,830 ERROR
>>>
>>> [org.ovirt.engine.core.__**engineencryptutils.__**EncryptionUtils]
>>> (MSC
>>>
>>> service thread 1-16) Failed to decrypt java.io.IOException:
>>> DerInputStream.getLength(): lengthTag=109, too big.
>>> 2013-02-05 14:02:40,831 ERROR
>>>
>>> [org.ovirt.engine.core.dal.__**dbbroker.generic.__**DBConfigUtils]
>>> (MSC
>>>
>>> service thread 1-16) Failed to decrypt value for property
>>> LocalAdminPassword will be used encrypted value
>>> 2013-02-05 14:02:40,833 ERROR
>>>
>>> [org.ovirt.engine.core.__**engineencryptutils.__**EncryptionUtils]
>>> (MSC
>>>
>>> service thread 1-16) Can't load keystore from file
>>> "/etc/pki/ovirt-engine/.__**keystore". IOException:
>>>
>>> DerInputStream.getLength(): lengthTag=109, too big.
>>> 2013-02-05 14:02:40,834 ERROR
>>>
>>> [org.ovirt.engine.core.__**engineencryptutils.__**EncryptionUtils]
>>> (MSC
>>>
>>> service thread 1-16) Failed to decrypt java.io.IOException:
>>> DerInputStream.getLength(): lengthTag=109, too big.
>>>
>>>
>>> On Tue, Feb 5, 2013 at 6:11 AM, Michael Pasternak
>>> <mpastern at redhat.com <mailto:mpastern at redhat.com>
>>> <mailto:mpastern at redhat.com <mailto:mpastern at redhat.com>>>
>>> wrote:
>>>
>>>
>>> Hi Jim,
>>>
>>> On 02/04/2013 08:33 PM, Jim Kinney wrote:
>>> > I'm trying to setup a way to restart a large group
>>> of windows
>>> vms on a schedule. I'm getting a connection failure
>>> that seems
>>> related to the use of https but I'm not sure.
>>> >
>>> > error: __init__() got an unexpected keyword argument
>>> 'source_address'
>>>
>>> This error is caused by running ovirt-sdk on a older
>>> version of
>>> python (less then python27),
>>> please upgrade your sdk/cli with one shipped in 3.2
>>> (it's
>>> backward compatible to 3.1).
>>>
>>> >
>>> > I ran:
>>> > ovirt-shell -A <path to server cert/certfile
>>> exported from
>>> browser> -c
>>> >
>>> > and my .ovirtshellrc is:
>>> >
>>> > [ovirt-shell]
>>> > username = "admin at internal"
>>> > url = https://my.internal.url/api
>>> > #insecure = False
>>> > #filter = False
>>> > #timeout = -1
>>> > password = **********************
>>> >
>>> >
>>> > I tried putting the ca_cert = <path to cert> but
>>> that clearly
>>> was not allowed in .ovirtshellrc
>>>
>>> not related, but supported in 3.2 cli.
>>>
>>> >
>>> > ideas?
>>> > --
>>> > --
>>> > James P. Kinney III
>>> > ////
>>> > ////Every time you stop a school, you will have to
>>> build a
>>> jail. What you gain at one end you lose at the other.
>>> It's like
>>> feeding a dog on his own tail. It won't fatten
>>> > the dog.
>>> > - Speech 11/23/1900 Mark Twain
>>> > ////
>>> > http://electjimkinney.org
>>> > http://heretothereideas.__blog**spot.com/<http://blogspot.com/>
>>> <http://heretothereideas.**blogspot.com/<http://heretothereideas.blogspot.com/>
>>> >
>>> > ////
>>> >
>>> >
>>> >
>>> > ______________________________**___________________
>>>
>>> > Users mailing list
>>> > Users at ovirt.org <mailto:Users at ovirt.org>
>>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>
>>> > http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
>>>
>>> <http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
>>> >
>>>
>>>
>>> --
>>>
>>> Michael Pasternak
>>> RedHat, ENG-Virtualization R&D
>>>
>>>
>>>
>>>
>>> --
>>> --
>>> James P. Kinney III
>>> ////
>>> ////Every time you stop a school, you will have to build a
>>> jail.
>>> What you gain at one end you lose at the other. It's like
>>> feeding a
>>> dog on his own tail. It won't fatten the dog.
>>> - Speech 11/23/1900 Mark Twain
>>> ////
>>> http://electjimkinney.org
>>> http://heretothereideas.__blog**spot.com/ <http://blogspot.com/>
>>>
>>> <http://heretothereideas.**blogspot.com/<http://heretothereideas.blogspot.com/>
>>> >
>>> ////
>>>
>>>
>>>
>>>
>>> --
>>> --
>>> James P. Kinney III
>>> ////
>>> ////Every time you stop a school, you will have to build a jail.
>>> What
>>> you gain at one end you lose at the other. It's like feeding a
>>> dog on
>>> his own tail. It won't fatten the dog.
>>> - Speech 11/23/1900 Mark Twain
>>> ////
>>> http://electjimkinney.org
>>> http://heretothereideas.__blog**spot.com/ <http://blogspot.com/>
>>> <http://heretothereideas.**blogspot.com/<http://heretothereideas.blogspot.com/>
>>> >
>>> ////
>>>
>>>
>>> ______________________________**___________________
>>>
>>> Users mailing list
>>> Users at ovirt.org <mailto:Users at ovirt.org>
>>> http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
>>>
>>> <http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
>>> >
>>>
>>>
>>>
>>> --
>>> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3,
>>> planta 3ºD, 28016 Madrid, Spain
>>> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat
>>> S.L.
>>>
>>>
>>>
>>> ______________________________**_________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
>>>
>>>
>>
>> --
>> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
>> 3ºD, 28016 Madrid, Spain
>> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
>>
>
>
>
> --
> --
> James P. Kinney III
> *
> *Every time you stop a school, you will have to build a jail. What you
> gain at one end you lose at the other. It's like feeding a dog on his own
> tail. It won't fatten the dog.
> - Speech 11/23/1900 Mark Twain
> *
> http://electjimkinney.org
> http://heretothereideas.blogspot.com/
> *
--
--
James P. Kinney III
*
*Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
*
http://electjimkinney.org
http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20130206/03019384/attachment-0001.html>
More information about the Users
mailing list