[Users] Hosted Engine adding host SSL Failure (w/ engine custom cert)

Andrew Lau andrew at andrewklau.com
Wed Jan 29 06:48:42 UTC 2014 

Reverting back to the original cert would take me past that error but would
just continue to spam the message until timeout
[ INFO  ] Still waiting for VDSM host to become operational...
[ INFO  ] Still waiting for VDSM host to become operational...


Logs seem to just repeat
2014-01-29 17:44:53 DEBUG
otopi.plugins.ovirt_hosted_engine_setup.engine.add_host
add_host._wait_host_ready:229 VDSM host in  state
2014-01-29 17:44:54 DEBUG
otopi.plugins.ovirt_hosted_engine_setup.engine.add_host
add_host._wait_host_ready:213 Error fetching host state: 'NoneType' object
has no attribute 'status'
2014-01-29 17:44:54 DEBUG
otopi.plugins.ovirt_hosted_engine_setup.engine.add_host
add_host._wait_host_ready:229 VDSM host in  state
2014-01-29 17:44:55 DEBUG
otopi.plugins.ovirt_hosted_engine_setup.engine.add_host
add_host._wait_host_ready:213 Error fetching host state: 'NoneType' object
has no attribute 'status'
2014-01-29 17:44:55 DEBUG
otopi.plugins.ovirt_hosted_engine_setup.engine.add_host
add_host._wait_host_ready:229 VDSM host in  state
2014-01-29 17:44:56 DEBUG
otopi.plugins.ovirt_hosted_engine_setup.engine.add_host
add_host._wait_host_ready:213 Error fetching host state: 'NoneType' object
has no attribute 'status'
2014-01-29 17:44:56 DEBUG
otopi.plugins.ovirt_hosted_engine_setup.engine.add_host
add_host._wait_host_ready:229 VDSM host in  state


On Wed, Jan 29, 2014 at 5:38 PM, Andrew Lau <andrew at andrewklau.com> wrote:

> Hi,
>
> After running through the new patch posted in BZ 1055153 I'm adding a
> second host to the hosted-engine cluster but it seems to fail right before
> the finish:
>
> [ ERROR ] Failed to execute stage 'Closing up': [ERROR]::oVirt API
> connection failure, [Errno 1] _ssl.c:492: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>
> Couple Extra Notes:
> Engine has a custom SSL cert but the CA has been trusted by the new host.
> When I temporarily return the engine's SSL back to the default generated
> one the install will succeed.
>
> Setup logs: http://www.fpaste.org/72624/13909770/
>
> What confuses me is:
>
> curl https://engine.example.net with the custom SSL cert will succeed but
> with the original self-signed gives the expected "insecure" message. What
> criteria need to be met so the install will pass?
>
> Thanks,
> Andrew
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140129/4f9c5372/attachment-0001.html>

More information about the Users mailing list