[ovirt-users] Foreman: Add external provider (Failed with error PROVIDER_FAILURE and code 5050)
Nathanaël Blanchet
blanchet at abes.fr
Fri Sep 25 15:08:29 UTC 2015
Thank you so much Alexander, everyhting works as expected now :)
Le 25/09/2015 16:14, Alexander Wels a écrit :
> On Friday, September 25, 2015 11:27:11 AM Nathanaël Blanchet wrote:
>> hi Yaniv,
>>
>> When using http request, ovirt tells me " I Failed to communicate with
>>
>> the external provider." and I get this on the foreman side:
>> | Started GET "/api/v2" for 192.168.52.116 at 2015-09-25 11:18:32 +0200
>>
>> 2015-09-25 11:18:32 [app] [I] Processing by
>> Api::V2::HomeController#index as JSON
>> 2015-09-25 11:18:32 [app] [I] Parameters: {"apiv"=>"v2", "home"=>{}}
>> 2015-09-25 11:18:32 [app] [I] Redirected to https://euphorbe.v3.abes.fr/api
>> 2015-09-25 11:18:32 [app] [I] Filter chain halted as
>> #<Proc:0x000000093503a0@/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-
>> 3.2.8/lib/action_controller/metal/force_ssl.rb:28> rendered or redirected
>> 2015-09-25 11:18:32 [app] [I] Completed 301 Moved Permanently in 1ms
>> (ActiveRecord: 0.0ms)
>>
>> But no log comes using https on the foreman side and I get "Test Failed
>> (unknown error)." with 5-09-25 11:25:31,181 ERROR
>> [org.ovirt.engine.core.bll.GetProviderCertificateChainQuery]
>> (ajp--127.0.0.1-8702-4) Error in encoding certificate. Error is {}
>> java.io.IOException: Keystore was tampered with, or password was incorrect.
>> I've just updated to 3.5.4 and otopi asked me for renewing the
>> certificate. May it be the reason of the issue?
>>
> I actually just had a similar issue, basically if I tried to make a http
> connection and clicked the test button. The foreman side would show me it is
> doing a redirect (presumably to https), which the ovirt side doesn't handle
> very well.
>
> And if I tried to make a https request I would get the IOException Keystore
> has been tampered with, or password was incorrect. For me it turned out the
> /var/lib/ovirt-engine/external_truststore was corrupted. What normally will
> happen when trying to make an https connection to foreman is it will receive
> certificate from foreman, notice it is not trusted and ask the user to trust it
> (and it will put it in the external_truststore, if the user trusts it). Since
> it was corrupted it was unable to properly open the trust store and the
> mentioned IOException would get logged.
>
> Assuming your trust store is corrupted (Mine was only 32 bytes, it should be
> much bigger), you can just rename it or delete it. And a new one will be
> created when you try to make an HTTPS connection to foreman. Once I did both
> (remove the corrupted trust store, and make an HTTPS connection). Everything
> started working correctly for me.
>
>> Le 25/09/2015 11:14, Yaniv Bronheim a écrit :
>>> Hi Nathanael,
>>>
>>> This error means that the restAPI request to foreman returned an
>>> error. Most of the time it is a communication issue.. but we can't
>>> know much from this report.
>>> Can you please share the production.log file from your foreman host?
>>> Better to try to add the server as provider, get the error and then
>>> check the production.log file - it will show us if engine request got
>>> to foreman server, the internal fields and why foreman returned 5050.
>>>
>>> Greeting,
>>> Yaniv Bronhaim.
>>>
>>> On Wed, Sep 23, 2015 at 5:31 PM, Nathanaël Blanchet <blanchet at abes.fr
>>>
>>> <mailto:blanchet at abes.fr>> wrote:
>>> Hello,
>>>
>>> I have a working foreman 1.9.1 installed with katello 2.3.
>>> ruby193-rubygem-ovirt_provision_plugin-1.0.1-1.el7 is also
>>> installed on the same host.
>>> But the issue is the same as below when testing in "add external
>>> provider" from ovirt 3.5.4.
>>> What can I do now?
>>>
>>> Le 06/11/2014 12:31, Oved Ourfali a écrit :
>>> ----- Original Message -----
>>>
>>> From: "Daniel Helgenberger" <daniel.helgenberger at m-box.de
>>> <mailto:daniel.helgenberger at m-box.de>>
>>> To: "Oved Ourfali" <oourfali at redhat.com
>>> <mailto:oourfali at redhat.com>>
>>> Cc: users at ovirt.org <mailto:users at ovirt.org>
>>> Sent: Thursday, November 6, 2014 1:29:38 PM
>>> Subject: Re: [ovirt-users] Foreman: Add external provider
>>> (Failed with error PROVIDER_FAILURE and code 5050)
>>>
>>> On 06.11.2014 05:47, Oved Ourfali wrote:
>>> These steps are also in the feature page
>>>
>>> Thanks Oved for pointing to the doc; my bad. I was using
>>> the foreman
>>> integration document [1]. Maybe the pages should be merged?
>>>
>>> Yaniv - you planned to merge them, right? That would be a good
>>> time...
>>>
>>> , but it would be nice if you review them to see
>>> nothing is missing.
>>>
>>> http://www.ovirt.org/Features/AdvancedForemanIntegration
>>>
>>> With foreman 1.6 (at least) there is no need to enable the
>>> nightly
>>> builds any more as rb-ovirt is resolved by yum.
>>>
>>> Lastly, I think you need to enable foreman_discovery with
>>> the foreman
>>> installer to work and download images:
>>>
>>> # foreman-installer --enable-foreman-plugin-discovery
>>> --foreman-plugin-discovery-install-images=true
>>>
>>> You have that already listed in the testing env setup; but
>>> this needs to
>>> be put in context with installing foreman-ovirt on the
>>> foreman host.
>>>
>>> Yaniv - please add a note there too.
>>>
>>> Daniel - thanks for the review and the comments!
>>>
>>> Regards,
>>> Oved
>>>
>>> Thanks
>>> Oved
>>>
>>> [1] http://www.ovirt.org/Features/ForemanIntegration
>>>
>>> On Nov 6, 2014 12:40 AM, Daniel Helgenberger
>>> <daniel.helgenberger at m-box.de
>>> <mailto:daniel.helgenberger at m-box.de>>
>>>
>>> wrote:
>>> Answering my own question; and maybe a very
>>> obvious cause for the
>>> failing provider: the missiAnswering my own
>>> question; and maybe a very
>>> obvious cause for the
>>>
>>> failing provider: the missing provider plugin in forman!
>>> So one needs to do:
>>>
>>> yum install ruby193-rubygem-ovirt_provision_plugin
>>>
>>> on the foreman host.
>>>
>>> After that, the connection test in the engine comes up
>>> positive. Sadly,
>>> this is not documented anywhere; only on the GitHub
>>> repo readme [1].
>>> This is also a little bit outdated, as the rbovirt
>>> dependency is
>>> resolved now automatically.
>>>
>>> Also, but I am not sure, the porvider lugin needs the
>>> foreman_discovery
>>> plugin to work:
>>>
>>> yum install ruby193-rubygem-foreman_discovery
>>>
>>> [1]
>>> https://github.com/theforeman/ovirt_provision_plugin/blob/
>>> master/README.md
>>>
>>> On 29.10.2014 00:36, Daniel Helgenberger wrote:
>>> Hello,
>>>
>>> did anyone actually get this working in oVirt 3.5
>>> / EL6 - Engine? I am
>>> trying this for two days now.
>>>
>>> Setup:
>>> Engine; EL6.5
>>> Foreman; EL6.5
>>>
>>> Foreman seems to do it's as I can use it to deploy
>>> hosts and also smart
>>> proxies are running fine.
>>>
>>> I have opened a BZ [1]; because this really can
>>> not work out of the box
>>> with EL6 plain vanilla packages. I wonder if this
>>> was ever tested... ?
>>> Java 7 used i n EL6 [4] does only support DH keys
>>> up to 1024byte. This
>>> is known issue in Foreman [2] as longer DH keys
>>> are now used by default
>>> in Foreman / PuppetCA.
>>> A dirty fix confirmed working is adding default DH
>>> parameters to the
>>> foreman cert; effectively disabling it [3].
>>>
>>> So I got SSL working and I get beyond the
>>> authentication (entering wrong
>>> data gets me auth errors)- however, I am still not
>>> able to add the
>>> external provider. Pressing 'test' results in
>>> (Failed with error PROVIDER_FAILURE and code 5050)
>>>
>>> Sample engine.log
>>> 2014-10-28 23:49:40,860 ERROR
>>> [org.ovirt.engine.core.bll.provider.TestProviderConnec
>>> tivityCommand]
>>> (ajp--127.0.0.1-8702-1) [6a3da4e7] Command
>>> org.ovirt.engine.core.bll.provider.TestProviderConnect
>>> ivityCommand
>>> throw
>>> Vdc Bll exception. With error message
>>> VdcBLLException: PROVIDER_FAILURE
>>> (Failed with error PROVIDER_FAILURE and code 5050)
>>>
>>> I can't find any more hints in oVirt; access logs
>>> in Foreman are telling
>>> me API queries by the engine. Did I miss a crucial
>>> step in the foreman
>>> setup? How can I debug this issue?
>>>
>>> I am willing to upgrade openjdk; provided this
>>> does not break my engine...
>>>
>>> Thanks!
>>>
>>> [1]
>>> https://bugzilla.redhat.com/show_bug.cgi?id=1157749
>>> [2] https://tickets.puppetlabs.com/browse/SERVER-17
>>> [3]
>>> http://httpd.apache.org/docs/current/ssl/ssl_faq.html#
>>> javadh
>>> [4] java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5.x86_64
>>>
>>> --
>>> Daniel Helgenberger
>>> m box bewegtbild GmbH
>>>
>>> P: +49/30/2408781-22
>>> F: +49/30/2408781-10
>>>
>>> ACKERSTR. 19
>>> D-10115 BERLIN
>>>
>>>
>>> www.m-box.de <http://www.m-box.de> www.monkeymen.tv
>>> <http://www.monkeymen.tv>
>>>
>>> Geschäftsführer: Martin Retschitzegger / Michaela Göllner
>>> Handeslregister: Amtsgericht Charlottenburg / HRB 112767
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org <mailto:Users at ovirt.org>
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>> Supervision réseau
>>> Pôle Infrastrutures Informatiques
>>> 227 avenue Professeur-Jean-Louis-Viala
>>> 34193 MONTPELLIER CEDEX 5
>>> Tél. 33 (0)4 67 54 84 55
>>> Fax 33 (0)4 67 54 84 14
>>> blanchet at abes.fr <mailto:blanchet at abes.fr>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org <mailto:Users at ovirt.org>
>>> http://lists.ovirt.org/mailman/listinfo/users
--
Nathanaël Blanchet
Supervision réseau
Pôle Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
blanchet at abes.fr
More information about the Users
mailing list