[ovirt-users] Importing Libvirt Kvm Vms to oVirt Status: Released in oVirt 4.2 using ssh - Failed to communicate with the external provider
Renout Gerrits
mail at renout.nl
Fri Feb 9 10:03:18 UTC 2018
Hi Maoz,
You should not be using the engine and not the root user for the ssh keys.
The actions are delegated to a host and the vdsm user. So you should set-up
ssh keys for the vdsm user on one or all of the hosts (remember to select
this host as proxy host in the gui). Probably the documentation should be
updated to make this more clear.
1. Make the keygen for vdsm user:
# sudo -u vdsm ssh-keygen
2.Do the first login to confirm the fingerprints using "yes":
# sudo -u vdsm ssh root at xxx.xxx.xxx.xxx
3. Then copy the key to the KVm host running the vm:
# sudo -u vdsm ssh-copy-id root at xxx.xxx.xxx.xxx
4. Now verify is vdsm can login without password or not:
# sudo -u vdsm ssh root at xxx.xxx.xxx.xxx
On Thu, Feb 8, 2018 at 3:12 PM, Petr Kotas <pkotas at redhat.com> wrote:
> You can generate one :). There are different guides for different
> platforms.
>
> The link I sent is the good start on where to put the keys and how to set
> it up.
>
> Petr
>
> On Thu, Feb 8, 2018 at 3:09 PM, maoz zadok <maozza at gmail.com> wrote:
>
>> Using the command line on the engine machine (as root) works fine. I
>> don't use ssh key from the agent GUI but the authentication section (with
>> root user and password),
>> I think that it's a bug, I manage to migrate with TCP but I just want to
>> let you know.
>>
>> is it possible to use ssh-key from the agent GUI? how can I get the key?
>>
>> On Thu, Feb 8, 2018 at 2:51 PM, Petr Kotas <pkotas at redhat.com> wrote:
>>
>>> Hi Maoz,
>>>
>>> it looks like cannot connect due to wrong setup of ssh keys. Which linux
>>> are you using?
>>> The guide for setting the ssh connection to libvirt is here:
>>> https://wiki.libvirt.org/page/SSHSetup
>>>
>>> May it helps?
>>>
>>> Petr
>>>
>>> On Wed, Feb 7, 2018 at 10:53 PM, maoz zadok <maozza at gmail.com> wrote:
>>>
>>>> Hello there,
>>>>
>>>> I'm following https://www.ovirt.org/develop/
>>>> release-management/features/virt/KvmToOvirt/ guide in order to import
>>>> VMS from Libvirt to oVirt using ssh.
>>>> URL: "qemu+ssh://host1.example.org/system"
>>>>
>>>> and get the following error:
>>>> Failed to communicate with the external provider, see log for
>>>> additional details.
>>>>
>>>>
>>>> *oVirt agent log:*
>>>>
>>>> *- Failed to retrieve VMs information from external server
>>>> qemu+ssh://XXX.XXX.XXX.XXX/system*
>>>> *- VDSM XXX command GetVmsNamesFromExternalProviderVDS failed: Cannot
>>>> recv data: Host key verification failed.: Connection reset by peer*
>>>>
>>>>
>>>>
>>>> *remote host sshd DEBUG log:*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: Connection from XXX.XXX.XXX.147 port
>>>> 48148 on XXX.XXX.XXX.123 port 22*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: Client protocol version 2.0;
>>>> client software version OpenSSH_7.4*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: match: OpenSSH_7.4 pat
>>>> OpenSSH* compat 0x04000000*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: Local version string
>>>> SSH-2.0-OpenSSH_7.4*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: Enabling compatibility mode
>>>> for protocol 2.0*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: SELinux support disabled
>>>> [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: permanently_set_uid: 74/74
>>>> [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: list_hostkey_types:
>>>> ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: SSH2_MSG_KEXINIT sent
>>>> [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: SSH2_MSG_KEXINIT received
>>>> [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: kex: algorithm:
>>>> curve25519-sha256 [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: kex: host key algorithm:
>>>> ecdsa-sha2-nistp256 [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: kex: client->server cipher:
>>>> chacha20-poly1305 at openssh.com <chacha20-poly1305 at openssh.com> MAC:
>>>> <implicit> compression: none [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: kex: server->client cipher:
>>>> chacha20-poly1305 at openssh.com <chacha20-poly1305 at openssh.com> MAC:
>>>> <implicit> compression: none [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: kex: curve25519-sha256
>>>> need=64 dh_need=64 [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: kex: curve25519-sha256
>>>> need=64 dh_need=64 [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: expecting
>>>> SSH2_MSG_KEX_ECDH_INIT [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: rekey after 134217728 blocks
>>>> [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: SSH2_MSG_NEWKEYS sent
>>>> [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: expecting SSH2_MSG_NEWKEYS
>>>> [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: Connection closed by XXX.XXX.XXX.147
>>>> port 48148 [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: do_cleanup [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: do_cleanup*
>>>> *Feb 7 16:38:29 XXX sshd[110005]: debug1: Killing privsep child 110006*
>>>> *Feb 7 16:38:29 XXX sshd[109922]: debug1: Forked child 110007.*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: Set /proc/self/oom_score_adj
>>>> to 0*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: rexec start in 5 out 5
>>>> newsock 5 pipe 7 sock 8*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: inetd sockets after dupping:
>>>> 3, 3*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: Connection from XXX.XXX.XXX.147 port
>>>> 48150 on XXX.XXX.XXX.123 port 22*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: Client protocol version 2.0;
>>>> client software version OpenSSH_7.4*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: match: OpenSSH_7.4 pat
>>>> OpenSSH* compat 0x04000000*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: Local version string
>>>> SSH-2.0-OpenSSH_7.4*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: Enabling compatibility mode
>>>> for protocol 2.0*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: SELinux support disabled
>>>> [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: permanently_set_uid: 74/74
>>>> [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: list_hostkey_types:
>>>> ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: SSH2_MSG_KEXINIT sent
>>>> [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: SSH2_MSG_KEXINIT received
>>>> [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: kex: algorithm:
>>>> curve25519-sha256 [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: kex: host key algorithm:
>>>> ecdsa-sha2-nistp256 [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: kex: client->server cipher:
>>>> chacha20-poly1305 at openssh.com <chacha20-poly1305 at openssh.com> MAC:
>>>> <implicit> compression: none [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: kex: server->client cipher:
>>>> chacha20-poly1305 at openssh.com <chacha20-poly1305 at openssh.com> MAC:
>>>> <implicit> compression: none [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: kex: curve25519-sha256
>>>> need=64 dh_need=64 [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: kex: curve25519-sha256
>>>> need=64 dh_need=64 [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: expecting
>>>> SSH2_MSG_KEX_ECDH_INIT [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: rekey after 134217728 blocks
>>>> [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: SSH2_MSG_NEWKEYS sent
>>>> [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: expecting SSH2_MSG_NEWKEYS
>>>> [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: Connection closed by XXX.XXX.XXX.147
>>>> port 48150 [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: do_cleanup [preauth]*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: do_cleanup*
>>>> *Feb 7 16:38:29 XXX sshd[110007]: debug1: Killing privsep child 110008*
>>>> *Feb 7 16:38:30 XXX sshd[109922]: debug1: Forked child 110009.*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: Set /proc/self/oom_score_adj
>>>> to 0*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: rexec start in 5 out 5
>>>> newsock 5 pipe 7 sock 8*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: inetd sockets after dupping:
>>>> 3, 3*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: Connection from XXX.XXX.XXX.147 port
>>>> 48152 on XXX.XXX.XXX.123 port 22*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: Client protocol version 2.0;
>>>> client software version OpenSSH_7.4*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: match: OpenSSH_7.4 pat
>>>> OpenSSH* compat 0x04000000*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: Local version string
>>>> SSH-2.0-OpenSSH_7.4*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: Enabling compatibility mode
>>>> for protocol 2.0*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: SELinux support disabled
>>>> [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: permanently_set_uid: 74/74
>>>> [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: list_hostkey_types:
>>>> ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: SSH2_MSG_KEXINIT sent
>>>> [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: SSH2_MSG_KEXINIT received
>>>> [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: kex: algorithm:
>>>> curve25519-sha256 [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: kex: host key algorithm:
>>>> ecdsa-sha2-nistp256 [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: kex: client->server cipher:
>>>> chacha20-poly1305 at openssh.com <chacha20-poly1305 at openssh.com> MAC:
>>>> <implicit> compression: none [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: kex: server->client cipher:
>>>> chacha20-poly1305 at openssh.com <chacha20-poly1305 at openssh.com> MAC:
>>>> <implicit> compression: none [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: kex: curve25519-sha256
>>>> need=64 dh_need=64 [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: kex: curve25519-sha256
>>>> need=64 dh_need=64 [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: expecting
>>>> SSH2_MSG_KEX_ECDH_INIT [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: rekey after 134217728 blocks
>>>> [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: SSH2_MSG_NEWKEYS sent
>>>> [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: expecting SSH2_MSG_NEWKEYS
>>>> [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: Connection closed by XXX.XXX.XXX.147
>>>> port 48152 [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: do_cleanup [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: do_cleanup*
>>>> *Feb 7 16:38:30 XXX sshd[110009]: debug1: Killing privsep child 110010*
>>>> *Feb 7 16:38:30 XXX sshd[109922]: debug1: Forked child 110011.*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: Set /proc/self/oom_score_adj
>>>> to 0*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: rexec start in 5 out 5
>>>> newsock 5 pipe 7 sock 8*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: inetd sockets after dupping:
>>>> 3, 3*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: Connection from XXX.XXX.XXX.147 port
>>>> 48154 on XXX.XXX.XXX.123 port 22*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: Client protocol version 2.0;
>>>> client software version OpenSSH_7.4*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: match: OpenSSH_7.4 pat
>>>> OpenSSH* compat 0x04000000*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: Local version string
>>>> SSH-2.0-OpenSSH_7.4*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: Enabling compatibility mode
>>>> for protocol 2.0*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: SELinux support disabled
>>>> [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: permanently_set_uid: 74/74
>>>> [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: list_hostkey_types:
>>>> ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: SSH2_MSG_KEXINIT sent
>>>> [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: SSH2_MSG_KEXINIT received
>>>> [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: kex: algorithm:
>>>> curve25519-sha256 [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: kex: host key algorithm:
>>>> ecdsa-sha2-nistp256 [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: kex: client->server cipher:
>>>> chacha20-poly1305 at openssh.com <chacha20-poly1305 at openssh.com> MAC:
>>>> <implicit> compression: none [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: kex: server->client cipher:
>>>> chacha20-poly1305 at openssh.com <chacha20-poly1305 at openssh.com> MAC:
>>>> <implicit> compression: none [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: kex: curve25519-sha256
>>>> need=64 dh_need=64 [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: kex: curve25519-sha256
>>>> need=64 dh_need=64 [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: expecting
>>>> SSH2_MSG_KEX_ECDH_INIT [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: rekey after 134217728 blocks
>>>> [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: SSH2_MSG_NEWKEYS sent
>>>> [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: debug1: expecting SSH2_MSG_NEWKEYS
>>>> [preauth]*
>>>> *Feb 7 16:38:30 XXX sshd[110011]: Connection closed by XXX.XXX.XXX.147
>>>> port 48154 [preauth]*
>>>>
>>>>
>>>> Thank you!
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at ovirt.org
>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>
>>>>
>>>
>>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20180209/ddbd7ef8/attachment.html>
More information about the Users
mailing list