[ovirt-users] Testing self hosted engine in 3.6: hostname not resolved error

Simone Tiraboschi stirabos at redhat.com
Thu Oct 22 13:01:26 UTC 2015 

On Thu, Oct 22, 2015 at 2:29 PM, Gianluca Cecchi <gianluca.cecchi at gmail.com>
wrote:

> On Thu, Oct 22, 2015 at 2:15 PM, Simone Tiraboschi <stirabos at redhat.com>
> wrote:
>
>>
>>> 2015-10-21 17:36:33 DEBUG otopi.plugins.otopi.dialog.machine
>>> dialog.__logString:219 DIALOG:SEND       ### Please input VDSM certificate
>>> chain that matches certificate request, top is issuer
>>> 2015-10-21 17:36:33 DEBUG otopi.plugins.otopi.dialog.machine
>>> dialog.__logString:219 DIALOG:SEND       ###
>>> 2015-10-21 17:36:33 DEBUG otopi.plugins.otopi.dialog.machine
>>> dialog.__logString:219 DIALOG:SEND       ### type
>>> '--=451b80dc-996f-432e-9e4f-2b29ef6d1141=--' in own line to mark end,
>>> '--=451b80dc-996f-ABORT-9e4f-2b29ef6d1141=--' aborts
>>> 2015-10-21 17:36:33 DEBUG otopi.context context._executeMethod:156
>>> method exception
>>> Traceback (most recent call last):
>>>   File "/tmp/ovirt-xP0lq4KMou/pythonlib/otopi/context.py", line 146, in
>>> _executeMethod
>>>     method['method']()
>>>   File
>>> "/tmp/ovirt-xP0lq4KMou/otopi-plugins/ovirt-host-common/vdsm/pki.py", line
>>> 319, in _misc
>>>     '\n\nPlease input VDSM certificate chain that '
>>>   File "/tmp/ovirt-xP0lq4KMou/otopi-plugins/otopi/dialog/machine.py",
>>> line 207, in queryMultiString
>>>     v = self._readline()
>>>   File "/tmp/ovirt-xP0lq4KMou/pythonlib/otopi/dialog.py", line 263, in
>>> _readline
>>>     raise IOError(_('End of file'))
>>> IOError: End of file
>>> 2015-10-21 17:36:33 ERROR otopi.context context._executeMethod:165
>>> Failed to execute stage 'Misc configuration': End of file
>>> 2015-10-21 17:36:33 DEBUG otopi.transaction transaction.abort:134
>>> aborting 'Yum Transaction'
>>> 2015-10-21 17:36:33 INFO otopi.plugins.otopi.packagers.yumpackager
>>> yumpackager.info:95 Yum Performing yum transaction rollback
>>> Loaded plugins: fastestmirror, langpacks
>>>
>>
>> The issue seams to be there:
>> we have an input request on host-deploy to have somebody explicitly
>> trusting the VDSM cert chain but of course, being an automated process,
>> nobody will respond and so it failed.
>> Did you manually changed the engine cert or some others CA cert?
>>
>> No.
> The only thing is that I first ran
>   hosted-engine --deploy
> without putting the hostname of engine inside /etc/hosts of hypervisor and
> it failed (see my first mail of the thread), I think without doing anything
> (at least at engine VM level, I don't know if it created a cert...), but
> generating an answer file.
>
> And then I ran, as you suggested (with the warning you noted)
> hosted-engine --deploy --config-append=answer_file
>
> Inside log of first run
> (ovirt-hosted-engine-setup-20151021151938-j4hy5g.log) I see
>
> 2015-10-21 15:20:13 DEBUG
> otopi.plugins.ovirt_hosted_engine_setup.pki.vdsmpki plugin.execute:936
> execut
> e-output: ('/bin/openssl', 'x509', '-noout', '-text', '-in',
> '/etc/pki/vdsm/libvirt-spice/server-cert.p
> em') stdout:
> Certificate:
>     Data:
>         Version: 1 (0x0)
>         Serial Number: 1 (0x1)
>     Signature Algorithm: sha1WithRSAEncryption
>         Issuer: C=EN, L=Test, O=Test, CN=TestCA
>         Validity
>             Not Before: Oct 21 13:20:13 2015 GMT
>             Not After : Oct 20 13:20:13 2018 GMT
>         Subject: C=EN, L=Test, O=Test, CN=Test
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>                 Public-Key: (1024 bit)
>                 Modulus:
>                     00:bd:f8:d4:a0:87:9e:20:7f:71:12:8d:8e:90:e0:
> ...
>
> Inside the run with answer file
> (ovirt-hosted-engine-setup-20151021170822-p1iv3y.log) I see
> 2015-10-21 17:08:22 DEBUG
> otopi.plugins.ovirt_hosted_engine_setup.pki.vdsmpki plugin.execute:936
> execute-output: ('/bin/openssl', 'x509', '-noout', '-text', '-in',
> '/etc/pki/vdsm/libvirt-spice/server-cert.pem') stdout:
> Certificate:
>     Data:
>         Version: 1 (0x0)
>         Serial Number: 1 (0x1)
>     Signature Algorithm: sha1WithRSAEncryption
>         Issuer: C=EN, L=Test, O=Test, CN=TestCA
>         Validity
>             Not Before: Oct 21 13:20:13 2015 GMT
>             Not After : Oct 20 13:20:13 2018 GMT
>         Subject: C=EN, L=Test, O=Test, CN=Test
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>                 Public-Key: (1024 bit)
>                 Modulus:
>                     00:bd:f8:d4:a0:87:9e:20:7f:71:12:8d:8e:90:e0:
>
>
> Any particular file or section in log files to cross check?
> I can also start from scratch in case.... just to be sure that I don't get
> into same problem, so that it can be useful to find it before...
>
>
I suspect that that host-deploy fails cause you have in place a leftover
VDSM cert from the previous attempt which is still signed by your previous
attempt engine and so it fails to match this new engine: on the second
attempt hosted-engine-setup deployed again the engine appliance creating a
new instance with different certs.

You could try to run on the host:

/bin/rm /etc/vdsm/vdsm.conf
/bin/rm /etc/pki/vdsm/*/*.pem
/bin/rm /etc/pki/CA/cacert.pem
/bin/rm /etc/pki/libvirt/*.pem
/bin/rm /etc/pki/libvirt/private/*.pem
vdsm-tool configure --force
systemctl restart vdsmd

than try to redeploy the host from the web-ui.
Hosted-engine configuration should be keep so it should work. To be sure
simply reboot the host: if everything is fine the HA agent should restart
your engine VM.


> Thanks,
> Gianluca
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20151022/87bc5f12/attachment.html>

More information about the Users mailing list