<div dir="ltr">Hello George,<div><br></div><div>Probably your engine and provider certs do not match.</div><div>The engine pki should be in:</div><div> /etc/pki/ovirt-engine/certs/<br></div><div>The provider keys are defined in the SSL section of the config file (/etc/ovirt-provider-ovn/conf.d/...):<br></div><div><div> [SSL]</div><div> https-enabled=true</div><div> ssl-key-file=...</div><div> ssl-cert-file=...</div><div> ssl-cacert-file=...</div></div><div>You can compare the keys/certs using openssl.<br></div><div><br></div><div>Was the provider created using egine-setup?</div><div><br></div><div>For testing purposes you can change the "https-enabled" to false and try connecting using http.</div><div><br></div><div>Thanks,</div><div>Marcin</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 8, 2018 at 12:58 PM, Ilya Fedotov <span dir="ltr"><<a href="mailto:kosha79@gmail.com" target="_blank">kosha79@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello, Georgy<div><br></div><div> Maybe, the problem have the different domain name and name your node name(local domain), and certificate note valid.</div><div><br></div><div><br></div><div><br></div><div>with br, Ilya</div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">2018-02-05 22:36 GMT+03:00 George Sitov <span dir="ltr"><<a href="mailto:usual.man@gmail.com" target="_blank">usual.man@gmail.com</a>></span>:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr"><div><div><div><div><div>Hello!<br><br></div>I have a problem wiith configure external provider.<br><br></div>Edit config file - ovirt-provider-ovn.conf, set ssl parameters.<br></div>systemctl start ovirt-provider-ovn start without problem.<br></div>In external proveder in web gui i set:<br>
Provider URL:
<a href="https://ovirt.mydomain.com:9696" target="_blank">https://ovirt.mydomain.com:969<wbr>6</a><br>
Username: admin@internal<br>
Authentication URL: <a href="https://ovirt.mydomain.com:35357/v2.0/" target="_blank">https://ovirt.mydomain.com:353<wbr>57/v2.0/</a><br></div>But after i press test button i see error - Failed to communicate with the external provider, see log for additional details.<br><br>/var/log/ovirt-engine/engine.l<wbr>og:<br>2018-02-05 21:33:55,517+02 ERROR [<a href="http://org.ovirt.engine.core.bll.pro">org.ovirt.engine.core.bll.pro</a><wbr>vider.network.openstack.BaseNe<wbr>tworkProviderProxy] (default task-29) [69fa312e-6e2e-4925-b081-385be<wbr>ba18a6a] Bad Gateway (OpenStack response error code: 502)<br>2018-02-05 21:33:55,517+02 ERROR [<a href="http://org.ovirt.engine.core.bll.pro">org.ovirt.engine.core.bll.pro</a><wbr>vider.TestProviderConnectivity<wbr>Command] (default task-29) [69fa312e-6e2e-4925-b081-385be<wbr>ba18a6a] Command '<a href="http://org.ovirt.engine.core.bll.pro">org.ovirt.engine.core.bll.pro</a><wbr>vider.TestProviderConnectivity<wbr>Command' failed: EngineException: (Failed with error PROVIDER_FAILURE and code 5050)<br><br><div>In /var/log/ovirt-provider-ovn.lo<wbr>g:<br><br>2018-02-05 21:33:55,510 Starting new HTTPS connection (1): <a href="http://ovirt.astrecdata.com" target="_blank">ovirt.astrecdata.com</a><br>2018-02-05 21:33:55,516 [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)<br>Traceback (most recent call last):<br> File "/usr/share/ovirt-provider-ovn<wbr>/handlers/base_handler.py", line 126, in _handle_request<br> method, path_parts, content)<br> File "/usr/share/ovirt-provider-ovn<wbr>/handlers/selecting_handler.<wbr>py", line 176, in handle_request<br> return self.call_response_handler(han<wbr>dler, content, parameters)<br> File "/usr/share/ovirt-provider-ovn<wbr>/handlers/keystone.py", line 33, in call_response_handler<br> return response_handler(content, parameters)<br> File "/usr/share/ovirt-provider-ovn<wbr>/handlers/keystone_responses.<wbr>py", line 60, in post_tokens<br> user_password=user_password)<br> File "/usr/share/ovirt-provider-ovn<wbr>/auth/plugin_facade.py", line 26, in create_token<br> return auth.core.plugin.create_token(<wbr>user_at_domain, user_password)<br> File "/usr/share/ovirt-provider-ovn<wbr>/auth/plugins/ovirt/plugin.py"<wbr>, line 48, in create_token<br> timeout=self._timeout())<br> File "/usr/share/ovirt-provider-ovn<wbr>/auth/plugins/ovirt/sso.py", line 62, in create_token<br> username, password, engine_url, ca_file, timeout)<br> File "/usr/share/ovirt-provider-ovn<wbr>/auth/plugins/ovirt/sso.py", line 53, in wrapper<br> response = func(*args, **kwargs)<br> File "/usr/share/ovirt-provider-ovn<wbr>/auth/plugins/ovirt/sso.py", line 46, in wrapper<br> raise BadGateway(e)<br>BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)<br clear="all"></div><div><div><div><div><div><div><div><div><div><div><div><br></div><div>Whan i do wrong ?<br></div><div>Please help.<br></div><div><br>----<br></div><div>With best regards Georgii.<br></div></div></div></div></div></div></div></div></div></div></div></div>
<br></div></div>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br>
<br></blockquote></div><br></div>
<br>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br>
<br></blockquote></div><br></div>