<div dir="ltr">Hello George,<div><br></div><div>Probably your engine and provider certs do not match.</div><div>The engine pki should be in:</div><div>    /etc/pki/ovirt-engine/certs/<br></div><div>The provider keys are defined in the SSL section of the config file (/etc/ovirt-provider-ovn/conf.d/...):<br></div><div><div>    [SSL]</div><div>    https-enabled=true</div><div>    ssl-key-file=...</div><div>    ssl-cert-file=...</div><div>    ssl-cacert-file=...</div></div><div>You can compare the keys/certs using openssl.<br></div><div><br></div><div>Was the provider created using egine-setup?</div><div><br></div><div>For testing purposes you can change the &quot;https-enabled&quot; to false and try connecting using http.</div><div><br></div><div>Thanks,</div><div>Marcin</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 8, 2018 at 12:58 PM, Ilya Fedotov <span dir="ltr">&lt;<a href="mailto:kosha79@gmail.com" target="_blank">kosha79@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello, Georgy<div><br></div><div> Maybe, the problem have the different domain name and name your node name(local domain), and certificate note valid.</div><div><br></div><div><br></div><div><br></div><div>with br, Ilya</div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">2018-02-05 22:36 GMT+03:00 George Sitov <span dir="ltr">&lt;<a href="mailto:usual.man@gmail.com" target="_blank">usual.man@gmail.com</a>&gt;</span>:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr"><div><div><div><div><div>Hello!<br><br></div>I have a problem  wiith configure  external provider.<br><br></div>Edit config file - ovirt-provider-ovn.conf, set ssl parameters.<br></div>systemctl start ovirt-provider-ovn start without problem.<br></div>In external  proveder in web gui i set:<br>
Provider URL: 

<a href="https://ovirt.mydomain.com:9696" target="_blank">https://ovirt.mydomain.com:969<wbr>6</a><br>
Username: admin@internal<br>
Authentication URL: <a href="https://ovirt.mydomain.com:35357/v2.0/" target="_blank">https://ovirt.mydomain.com:353<wbr>57/v2.0/</a><br></div>But after i press test  button i see error -  Failed to communicate with the external provider, see log for additional details.<br><br>/var/log/ovirt-engine/engine.l<wbr>og:<br>2018-02-05 21:33:55,517+02 ERROR [<a href="http://org.ovirt.engine.core.bll.pro">org.ovirt.engine.core.bll.pro</a><wbr>vider.network.openstack.BaseNe<wbr>tworkProviderProxy] (default task-29) [69fa312e-6e2e-4925-b081-385be<wbr>ba18a6a] Bad Gateway (OpenStack response error code: 502)<br>2018-02-05 21:33:55,517+02 ERROR [<a href="http://org.ovirt.engine.core.bll.pro">org.ovirt.engine.core.bll.pro</a><wbr>vider.TestProviderConnectivity<wbr>Command] (default task-29) [69fa312e-6e2e-4925-b081-385be<wbr>ba18a6a] Command &#39;<a href="http://org.ovirt.engine.core.bll.pro">org.ovirt.engine.core.bll.pro</a><wbr>vider.TestProviderConnectivity<wbr>Command&#39; failed: EngineException: (Failed with error PROVIDER_FAILURE and code 5050)<br><br><div>In /var/log/ovirt-provider-ovn.lo<wbr>g:<br><br>2018-02-05 21:33:55,510   Starting new HTTPS connection (1): <a href="http://ovirt.astrecdata.com" target="_blank">ovirt.astrecdata.com</a><br>2018-02-05 21:33:55,516   [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)<br>Traceback (most recent call last):<br>  File &quot;/usr/share/ovirt-provider-ovn<wbr>/handlers/base_handler.py&quot;, line 126, in _handle_request<br>    method, path_parts, content)<br>  File &quot;/usr/share/ovirt-provider-ovn<wbr>/handlers/selecting_handler.<wbr>py&quot;, line 176, in handle_request<br>    return self.call_response_handler(han<wbr>dler, content, parameters)<br>  File &quot;/usr/share/ovirt-provider-ovn<wbr>/handlers/keystone.py&quot;, line 33, in call_response_handler<br>    return response_handler(content, parameters)<br>  File &quot;/usr/share/ovirt-provider-ovn<wbr>/handlers/keystone_responses.<wbr>py&quot;, line 60, in post_tokens<br>    user_password=user_password)<br>  File &quot;/usr/share/ovirt-provider-ovn<wbr>/auth/plugin_facade.py&quot;, line 26, in create_token<br>    return auth.core.plugin.create_token(<wbr>user_at_domain, user_password)<br>  File &quot;/usr/share/ovirt-provider-ovn<wbr>/auth/plugins/ovirt/plugin.py&quot;<wbr>, line 48, in create_token<br>    timeout=self._timeout())<br>  File &quot;/usr/share/ovirt-provider-ovn<wbr>/auth/plugins/ovirt/sso.py&quot;, line 62, in create_token<br>    username, password, engine_url, ca_file, timeout)<br>  File &quot;/usr/share/ovirt-provider-ovn<wbr>/auth/plugins/ovirt/sso.py&quot;, line 53, in wrapper<br>    response = func(*args, **kwargs)<br>  File &quot;/usr/share/ovirt-provider-ovn<wbr>/auth/plugins/ovirt/sso.py&quot;, line 46, in wrapper<br>    raise BadGateway(e)<br>BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)<br clear="all"></div><div><div><div><div><div><div><div><div><div><div><div><br></div><div>Whan i do wrong ?<br></div><div>Please help.<br></div><div><br>----<br></div><div>With best regards  Georgii.<br></div></div></div></div></div></div></div></div></div></div></div></div>
<br></div></div>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br>
<br></blockquote></div><br></div>
<br>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br>
<br></blockquote></div><br></div>