[ovirt-users] Self-Hosted Engine Deployment - Certificate Cannot be Found

Simone Tiraboschi stirabos at redhat.com
Thu Feb 18 13:27:04 UTC 2016 

On Thu, Feb 18, 2016 at 1:48 PM, Trenton D Warren <twarren at phoenixhawaii.net
> wrote:

> Aloha,
>
>
>
> I am looking for assistance with an Ovirt Self-Hosted Engine Deployment on
> Centos 7.2.
>
>
>
> I have the host configured, and have accessed the VM (Engine).  I run
> engine setup on the VM in accordance with the *http://www.ovirt.org/Hosted_Engine_Howto
> <http://www.ovirt.org/Hosted_Engine_Howto> *page on the Wiki, with the
> exception of Automatically executing “Engine Setup” on the VM.  Because of
> my configuration, I have to manually enter the network settings on the VM
> before it has network access, and then execute engine setup automatically.
> Particularly notable is that I enter the selection to automatically
> configure Apache to use a self-signed SSL during the Engine-Setup.
>
>
>
> The Engine-Setup completes successfully on the VM, I reboot, and verify
> that the web page is accessible and that I can log in to the engine.  Then
> I return to the host to enter option 1 (Continue Setup – Ovirt Engine
> Installation is Ready and Engine service is up) and continue with the
> installation.
>
>
>
> The Engine Replies: DB Up! And acquires the internal CA cert from the
> engine.  It lists the cert and then attempts to connect to the engine.  The
> installation asks me to enter the name of the Cluster to which I want to
> add the host and I enter the automatic “Default” option.
>
>
>
> At this point the installation returns an error: Cannot automatically add
> the host to cluster Default: Cannot add Host.  Connecting to host via SSH
> has failed, verify that the host is reachable (IP address, routable
> address, etc.) You may refer to the engine.log file for further details.
>
>
>
> Some notes:
>
> 1.        The /etc/hosts/ file is configured on both host and engine,
> with ip and fqdn
>

No one of the manual actions at points 2, 4, 5 is required:
hosted-engine-setup will automatically download and deploy the engine SSH
pub key from the engine before calling host.add on the REST API.
I'm not sure about what will happen if you manually tweaked the sshd
configuration on the host before that.

Can you please attach hosted-engine-setup logs fro mthe host and engine.log
fro the engine VM?


> 2.       Password-Less SSH is enable between both host and engine,
> bidirectionally.
>
> 3.       Ping responds to both servers.  DNS resolves on both servers.
>
> 4.       SSH-Keygen was use to generate key, and key was stored in
> default Centos location /root/.ssh/id_rsa
>
> 5.       Ssh-copy-id was used to copy the key to engine from host and
> vice versa.  No password on key.
>
>
>
> I have managed to get this error to change by copying the contents of the
> /root/.ssh/id_rsa key to the /etc/pki/ovirt-engine/keys/engine.p12
> location.
>
>
>
> When I attempt to “Continue setup – Engine VM configuration has been
> fixed” from this point, the error message changes slightly to: “Cannot
> automatically add the host to cluster Default: Cannot add new host using a
> secured connection, Certificate file could not be found.
>
>
>
> Some Notes:
>
> 1.       I have ran the “Certificate and/or SSL problems?” procedures on *www.ovirt.org/Node_Troubleshooting
> <http://www.ovirt.org/Node_Troubleshooting>”*  to verify the vdsm cert on
> the host.  It returns a normal response.
>
>
>
> Can someone provide some assistance with this issue?  I have attempted
> every work around that I know, and researched every source at my disposal
> to no avail.  This issue has been plaguing me for the last three weeks.  I
> have restarted the installation multiple times from fresh installs of the
> engine, the host, and both, and still no change up to this point.
>
>
>
> Thank you!
>
>
>
> *Trenton D Warren*
>
> *President and CEO, Phoenix Holdings Corporation*
>
> Main Office: 41-745 Mooiki ST. Waimanalo, HI 96795
>
> Office:    (808) 263-7448
>
> Direct:    (808) 263-7449
>
> Cell:        (478) 867-3107
>
> Web:      www.phoenixhawaii.net
>
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160218/e26a98c7/attachment-0001.html>

More information about the Users mailing list