[ovirt-users] Importing Libvirt Kvm Vms to oVirt Status: Released in oVirt 4.2 using ssh - Failed to communicate with the external provider

maoz zadok maozza at gmail.com
Fri Feb 9 21:34:16 UTC 2018


Renout, Thank you! now it works :-) it makes sense.

On Fri, Feb 9, 2018 at 12:03 PM, Renout Gerrits <mail at renout.nl> wrote:

> Hi Maoz,
>
> You should not be using the engine and not the root user for the ssh keys.
> The actions are delegated to a host and the vdsm user. So you should set-up
> ssh keys for the vdsm user on one or all of the hosts (remember to select
> this host as proxy host in the gui). Probably the documentation should be
> updated to make this more clear.
>
> 1. Make the keygen for vdsm user:
>
>    # sudo -u vdsm ssh-keygen
>
> 2.Do the first login to confirm the fingerprints using "yes":
>
>    # sudo -u vdsm ssh root at xxx.xxx.xxx.xxx
>
> 3. Then copy the key to the KVm host running the vm:
>
>    # sudo -u vdsm ssh-copy-id root at xxx.xxx.xxx.xxx
>
> 4. Now verify is vdsm can login without password or not:
>
>    # sudo -u vdsm ssh root at xxx.xxx.xxx.xxx
>
>
> On Thu, Feb 8, 2018 at 3:12 PM, Petr Kotas <pkotas at redhat.com> wrote:
>
>> You can generate one :). There are different guides for different
>> platforms.
>>
>> The link I sent is the good start on where to put the keys and how to set
>> it up.
>>
>> Petr
>>
>> On Thu, Feb 8, 2018 at 3:09 PM, maoz zadok <maozza at gmail.com> wrote:
>>
>>> Using the command line on the engine machine (as root) works fine. I
>>> don't use ssh key from the agent GUI but the authentication section (with
>>> root user and password),
>>> I think that it's a bug, I manage to migrate with TCP but I just want to
>>> let you know.
>>>
>>> is it possible to use ssh-key from the agent GUI? how can I get the key?
>>>
>>> On Thu, Feb 8, 2018 at 2:51 PM, Petr Kotas <pkotas at redhat.com> wrote:
>>>
>>>> Hi Maoz,
>>>>
>>>> it looks like cannot connect due to wrong setup of ssh keys. Which
>>>> linux are you using?
>>>> The guide for setting the ssh connection to  libvirt is here:
>>>> https://wiki.libvirt.org/page/SSHSetup
>>>>
>>>> May it helps?
>>>>
>>>> Petr
>>>>
>>>> On Wed, Feb 7, 2018 at 10:53 PM, maoz zadok <maozza at gmail.com> wrote:
>>>>
>>>>> Hello there,
>>>>>
>>>>> I'm following https://www.ovirt.org/develop/
>>>>> release-management/features/virt/KvmToOvirt/ guide in order to import
>>>>> VMS from Libvirt to oVirt using ssh.
>>>>>  URL:  "qemu+ssh://host1.example.org/system"
>>>>>
>>>>> and get the following error:
>>>>> Failed to communicate with the external provider, see log for
>>>>> additional details.
>>>>>
>>>>>
>>>>> *oVirt agent log:*
>>>>>
>>>>> *- Failed to retrieve VMs information from external server
>>>>> qemu+ssh://XXX.XXX.XXX.XXX/system*
>>>>> *- VDSM XXX command GetVmsNamesFromExternalProviderVDS failed: Cannot
>>>>> recv data: Host key verification failed.: Connection reset by peer*
>>>>>
>>>>>
>>>>>
>>>>> *remote host sshd DEBUG log:*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: Connection from XXX.XXX.XXX.147
>>>>> port 48148 on XXX.XXX.XXX.123 port 22*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: Client protocol version
>>>>> 2.0; client software version OpenSSH_7.4*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: match: OpenSSH_7.4 pat
>>>>> OpenSSH* compat 0x04000000*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: Local version string
>>>>> SSH-2.0-OpenSSH_7.4*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: Enabling compatibility mode
>>>>> for protocol 2.0*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: SELinux support disabled
>>>>> [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: permanently_set_uid: 74/74
>>>>> [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: list_hostkey_types:
>>>>> ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: SSH2_MSG_KEXINIT sent
>>>>> [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: SSH2_MSG_KEXINIT received
>>>>> [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: kex: algorithm:
>>>>> curve25519-sha256 [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: kex: host key algorithm:
>>>>> ecdsa-sha2-nistp256 [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: kex: client->server cipher:
>>>>> chacha20-poly1305 at openssh.com <chacha20-poly1305 at openssh.com> MAC:
>>>>> <implicit> compression: none [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: kex: server->client cipher:
>>>>> chacha20-poly1305 at openssh.com <chacha20-poly1305 at openssh.com> MAC:
>>>>> <implicit> compression: none [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: kex: curve25519-sha256
>>>>> need=64 dh_need=64 [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: kex: curve25519-sha256
>>>>> need=64 dh_need=64 [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: expecting
>>>>> SSH2_MSG_KEX_ECDH_INIT [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: rekey after 134217728
>>>>> blocks [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: SSH2_MSG_NEWKEYS sent
>>>>> [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: expecting SSH2_MSG_NEWKEYS
>>>>> [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: Connection closed by
>>>>> XXX.XXX.XXX.147 port 48148 [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: do_cleanup [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: do_cleanup*
>>>>> *Feb  7 16:38:29 XXX sshd[110005]: debug1: Killing privsep child
>>>>> 110006*
>>>>> *Feb  7 16:38:29 XXX sshd[109922]: debug1: Forked child 110007.*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: Set
>>>>> /proc/self/oom_score_adj to 0*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: rexec start in 5 out 5
>>>>> newsock 5 pipe 7 sock 8*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: inetd sockets after
>>>>> dupping: 3, 3*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: Connection from XXX.XXX.XXX.147
>>>>> port 48150 on XXX.XXX.XXX.123 port 22*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: Client protocol version
>>>>> 2.0; client software version OpenSSH_7.4*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: match: OpenSSH_7.4 pat
>>>>> OpenSSH* compat 0x04000000*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: Local version string
>>>>> SSH-2.0-OpenSSH_7.4*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: Enabling compatibility mode
>>>>> for protocol 2.0*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: SELinux support disabled
>>>>> [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: permanently_set_uid: 74/74
>>>>> [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: list_hostkey_types:
>>>>> ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: SSH2_MSG_KEXINIT sent
>>>>> [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: SSH2_MSG_KEXINIT received
>>>>> [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: kex: algorithm:
>>>>> curve25519-sha256 [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: kex: host key algorithm:
>>>>> ecdsa-sha2-nistp256 [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: kex: client->server cipher:
>>>>> chacha20-poly1305 at openssh.com <chacha20-poly1305 at openssh.com> MAC:
>>>>> <implicit> compression: none [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: kex: server->client cipher:
>>>>> chacha20-poly1305 at openssh.com <chacha20-poly1305 at openssh.com> MAC:
>>>>> <implicit> compression: none [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: kex: curve25519-sha256
>>>>> need=64 dh_need=64 [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: kex: curve25519-sha256
>>>>> need=64 dh_need=64 [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: expecting
>>>>> SSH2_MSG_KEX_ECDH_INIT [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: rekey after 134217728
>>>>> blocks [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: SSH2_MSG_NEWKEYS sent
>>>>> [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: expecting SSH2_MSG_NEWKEYS
>>>>> [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: Connection closed by
>>>>> XXX.XXX.XXX.147 port 48150 [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: do_cleanup [preauth]*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: do_cleanup*
>>>>> *Feb  7 16:38:29 XXX sshd[110007]: debug1: Killing privsep child
>>>>> 110008*
>>>>> *Feb  7 16:38:30 XXX sshd[109922]: debug1: Forked child 110009.*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: Set
>>>>> /proc/self/oom_score_adj to 0*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: rexec start in 5 out 5
>>>>> newsock 5 pipe 7 sock 8*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: inetd sockets after
>>>>> dupping: 3, 3*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: Connection from XXX.XXX.XXX.147
>>>>> port 48152 on XXX.XXX.XXX.123 port 22*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: Client protocol version
>>>>> 2.0; client software version OpenSSH_7.4*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: match: OpenSSH_7.4 pat
>>>>> OpenSSH* compat 0x04000000*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: Local version string
>>>>> SSH-2.0-OpenSSH_7.4*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: Enabling compatibility mode
>>>>> for protocol 2.0*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: SELinux support disabled
>>>>> [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: permanently_set_uid: 74/74
>>>>> [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: list_hostkey_types:
>>>>> ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: SSH2_MSG_KEXINIT sent
>>>>> [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: SSH2_MSG_KEXINIT received
>>>>> [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: kex: algorithm:
>>>>> curve25519-sha256 [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: kex: host key algorithm:
>>>>> ecdsa-sha2-nistp256 [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: kex: client->server cipher:
>>>>> chacha20-poly1305 at openssh.com <chacha20-poly1305 at openssh.com> MAC:
>>>>> <implicit> compression: none [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: kex: server->client cipher:
>>>>> chacha20-poly1305 at openssh.com <chacha20-poly1305 at openssh.com> MAC:
>>>>> <implicit> compression: none [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: kex: curve25519-sha256
>>>>> need=64 dh_need=64 [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: kex: curve25519-sha256
>>>>> need=64 dh_need=64 [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: expecting
>>>>> SSH2_MSG_KEX_ECDH_INIT [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: rekey after 134217728
>>>>> blocks [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: SSH2_MSG_NEWKEYS sent
>>>>> [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: expecting SSH2_MSG_NEWKEYS
>>>>> [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: Connection closed by
>>>>> XXX.XXX.XXX.147 port 48152 [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: do_cleanup [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: do_cleanup*
>>>>> *Feb  7 16:38:30 XXX sshd[110009]: debug1: Killing privsep child
>>>>> 110010*
>>>>> *Feb  7 16:38:30 XXX sshd[109922]: debug1: Forked child 110011.*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: Set
>>>>> /proc/self/oom_score_adj to 0*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: rexec start in 5 out 5
>>>>> newsock 5 pipe 7 sock 8*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: inetd sockets after
>>>>> dupping: 3, 3*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: Connection from XXX.XXX.XXX.147
>>>>> port 48154 on XXX.XXX.XXX.123 port 22*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: Client protocol version
>>>>> 2.0; client software version OpenSSH_7.4*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: match: OpenSSH_7.4 pat
>>>>> OpenSSH* compat 0x04000000*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: Local version string
>>>>> SSH-2.0-OpenSSH_7.4*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: Enabling compatibility mode
>>>>> for protocol 2.0*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: SELinux support disabled
>>>>> [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: permanently_set_uid: 74/74
>>>>> [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: list_hostkey_types:
>>>>> ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: SSH2_MSG_KEXINIT sent
>>>>> [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: SSH2_MSG_KEXINIT received
>>>>> [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: kex: algorithm:
>>>>> curve25519-sha256 [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: kex: host key algorithm:
>>>>> ecdsa-sha2-nistp256 [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: kex: client->server cipher:
>>>>> chacha20-poly1305 at openssh.com <chacha20-poly1305 at openssh.com> MAC:
>>>>> <implicit> compression: none [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: kex: server->client cipher:
>>>>> chacha20-poly1305 at openssh.com <chacha20-poly1305 at openssh.com> MAC:
>>>>> <implicit> compression: none [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: kex: curve25519-sha256
>>>>> need=64 dh_need=64 [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: kex: curve25519-sha256
>>>>> need=64 dh_need=64 [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: expecting
>>>>> SSH2_MSG_KEX_ECDH_INIT [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: rekey after 134217728
>>>>> blocks [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: SSH2_MSG_NEWKEYS sent
>>>>> [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: debug1: expecting SSH2_MSG_NEWKEYS
>>>>> [preauth]*
>>>>> *Feb  7 16:38:30 XXX sshd[110011]: Connection closed by
>>>>> XXX.XXX.XXX.147 port 48154 [preauth]*
>>>>>
>>>>>
>>>>> Thank you!
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at ovirt.org
>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>
>>>>>
>>>>
>>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20180209/bf648ef1/attachment.html>


More information about the Users mailing list