On Thu, Feb 7, 2019 at 7:32 PM Fedor Gavrilov <fgavr...@redhat.com> wrote:
> I just did a fresh setup, applying the latest suggestions and it seems now
> there is ab error message in the engine log when I press "test connection"
> in upload image window:
>
What is the result of the test in the UI? I guess you get yellow warning?
>
> ***
> 192.168.111.1 is machine where iso is
> 192.168.111.2 is engine
> 192.168.111.3 is host and nfs storage
> ***
>
> ----------------------------------------
> Exception happened during processing of request from ('192.168.111.1',
> 46230)
> Traceback (most recent call last):
> File "/usr/lib64/python2.7/SocketServer.py", line 596, in
> process_request_thread
> self.finish_request(request, client_address)
> File "/usr/lib64/python2.7/SocketServer.py", line 331, in finish_request
> self.RequestHandlerClass(request, client_address, self)
> File "/usr/lib64/python2.7/SocketServer.py", line 652, in __init__
> self.handle()
> File "/usr/lib64/python2.7/wsgiref/simple_server.py", line 116, in handle
> self.raw_requestline = self.rfile.readline(65537)
> File "/usr/lib64/python2.7/socket.py", line 480, in readline
> data = self._sock.recv(self._rbufsize)
> File "/usr/lib64/python2.7/ssl.py", line 772, in recv
> return self.read(buflen)
> File "/usr/lib64/python2.7/ssl.py", line 659, in read
> v = self._sslobj.read(len)
> SSLError: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate
> (_ssl.c:1941)
> ----------------------------------------
>
This looks like bad proxy configuration, it does not accept the engine
certificate.
Can you share:
- $ENGINE_PREFIX/etc/ovirt-imageio-proxy/image-proxy.conf?
- your engine-setup answer file
Didi, where do we keep the answer file?
Not sure what it means though. Certificate is installed in my browser, just
> double-checked that.
> When trying to upload the file nevertheless, this is what appears in
> engine logs:
>
Trying to upload to proxy or daemon? from the UI or using upload_disk.py
example?
2019-02-07 18:27:34,768+01 INFO
> [org.ovirt.engine.core.bll.storage.disk.image.TransferDiskImageCommand]
> (EE-ManagedThreadFactory-engineScheduled-Thread-56)
> [1b6235be-02b4-446a-b486-22cce0d7a1bb] Adding image ticket to
> ovirt-imageio-proxy, id 00e11769-70c4-4b92-9cb9-4ff633566d8e
> 2019-02-07 18:27:34,820+01 ERROR
> [org.ovirt.engine.core.bll.storage.disk.image.TransferDiskImageCommand]
> (EE-ManagedThreadFactory-engineScheduled-Thread-56)
> [1b6235be-02b4-446a-b486-22cce0d7a1bb] Failed to add image ticket to
> ovirt-imageio-proxy: javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: No subject alternative names
> matching IP address 192.168.111.2 found
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> [jsse.jar:1.8.0_191]
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
> [jsse.jar:1.8.0_191]
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
> [jsse.jar:1.8.0_191]
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
> [jsse.jar:1.8.0_191]
> at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
> [jsse.jar:1.8.0_191]
> at
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
> [jsse.jar:1.8.0_191]
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
> [jsse.jar:1.8.0_191]
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
> [jsse.jar:1.8.0_191]
> at
> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
> [jsse.jar:1.8.0_191]
> at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
> [jsse.jar:1.8.0_191]
> at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
> [jsse.jar:1.8.0_191]
> at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
> [jsse.jar:1.8.0_191]
> at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
> [rt.jar:1.8.0_191]
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
> [rt.jar:1.8.0_191]
> at
> sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1334)
> [rt.jar:1.8.0_191]
> at
> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1309)
> [rt.jar:1.8.0_191]
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:259)
> [rt.jar:1.8.0_191]
> at
> org.ovirt.engine.core.bll.storage.disk.image.TransferDiskImageCommand.addImageTicketToProxy(TransferDiskImageCommand.java:837)
> [bll.jar:]
> at
> org.ovirt.engine.core.bll.storage.disk.image.TransferDiskImageCommand.startImageTransferSession(TransferDiskImageCommand.java:763)
> [bll.jar:]
> at
> org.ovirt.engine.core.bll.storage.disk.image.TransferDiskImageCommand.handleImageIsReadyForTransfer(TransferDiskImageCommand.java:452)
> [bll.jar:]
> at
> org.ovirt.engine.core.bll.storage.disk.image.TransferDiskImageCommand.handleInitializing(TransferDiskImageCommand.java:423)
> [bll.jar:]
> at
> org.ovirt.engine.core.bll.storage.disk.image.TransferDiskImageCommand.executeStateHandler(TransferDiskImageCommand.java:358)
> [bll.jar:]
> at
> org.ovirt.engine.core.bll.storage.disk.image.TransferDiskImageCommand.proceedCommandExecution(TransferDiskImageCommand.java:345)
> [bll.jar:]
> at
> org.ovirt.engine.core.bll.storage.disk.image.TransferImageCommandCallback.doPolling(TransferImageCommandCallback.java:21)
> [bll.jar:]
> at
> org.ovirt.engine.core.bll.tasks.CommandCallbacksPoller.invokeCallbackMethodsImpl(CommandCallbacksPoller.java:175)
> [bll.jar:]
> at
> org.ovirt.engine.core.bll.tasks.CommandCallbacksPoller.invokeCallbackMethods(CommandCallbacksPoller.java:109)
> [bll.jar:]
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> [rt.jar:1.8.0_191]
> at
> java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
> [rt.jar:1.8.0_191]
> at
> org.glassfish.enterprise.concurrent.internal.ManagedScheduledThreadPoolExecutor$ManagedScheduledFutureTask.access$201(ManagedScheduledThreadPoolExecutor.java:383)
> [javax.enterprise.concurrent-1.0.jar:]
> at
> org.glassfish.enterprise.concurrent.internal.ManagedScheduledThreadPoolExecutor$ManagedScheduledFutureTask.run(ManagedScheduledThreadPoolExecutor.java:534)
> [javax.enterprise.concurrent-1.0.jar:]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> [rt.jar:1.8.0_191]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> [rt.jar:1.8.0_191]
> at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_191]
> at
> org.glassfish.enterprise.concurrent.ManagedThreadFactoryImpl$ManagedThread.run(ManagedThreadFactoryImpl.java:250)
> [javax.enterprise.concurrent-1.0.jar:]
> at
> org.jboss.as.ee.concurrent.service.ElytronManagedThreadFactory$ElytronManagedThread.run(ElytronManagedThreadFactory.java:78)
> Caused by: java.security.cert.CertificateException: No subject alternative
> names matching IP address 192.168.111.2 found
> at
> sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:168)
> [rt.jar:1.8.0_191]
> at
> sun.security.util.HostnameChecker.match(HostnameChecker.java:94)
> [rt.jar:1.8.0_191]
> at
> sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
> [jsse.jar:1.8.0_191]
> at
> sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
> [jsse.jar:1.8.0_191]
> at
> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)
> [jsse.jar:1.8.0_191]
> at
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
> [jsse.jar:1.8.0_191]
> at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
> [jsse.jar:1.8.0_191]
> ... 30 more
>
> 2019-02-07 18:27:34,830+01 ERROR
> [org.ovirt.engine.core.bll.storage.disk.image.TransferDiskImageCommand]
> (EE-ManagedThreadFactory-engineScheduled-Thread-56)
> [1b6235be-02b4-446a-b486-22cce0d7a1bb] Failed to add image ticket to
> ovirt-imageio-proxy
>
Expected when proxy will not accept engine request because of bad
certificate.
> 2019-02-07 18:27:34,836+01 ERROR
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (EE-ManagedThreadFactory-engineScheduled-Thread-56)
> [1b6235be-02b4-446a-b486-22cce0d7a1bb] EVENT_ID:
> TRANSFER_IMAGE_STOPPED_BY_SYSTEM_FAILED_TO_ADD_TICKET_TO_PROXY(1,070),
> Transfer was stopped by system. Reason: failed to add image ticket to
> ovirt-imageio-proxy.
>
> I will continue looking into it tomorrow as well, but any advice is much
> appreciated.
>
> Thanks,
> Fedor Gavrilov
>
> ----- Original Message -----
> From: "Nir Soffer" <nsof...@redhat.com>
> To: "Fedor Gavrilov" <fgavr...@redhat.com>
> Cc: "Roy Golan" <rgo...@redhat.com>, "devel" <devel@ovirt.org>, "Daniel
> Erez" <de...@redhat.com>
> Sent: Wednesday, February 6, 2019 10:26:00 PM
> Subject: Re: [ovirt-devel] Re: imageio proxy and engine dev setup
>
> On Wed, Feb 6, 2019 at 12:24 PM Fedor Gavrilov <fgavr...@redhat.com>
> wrote:
>
> First, please keep Daniel in the CC, this is your best chance to get a help
> on
> this, and a good practice for most issues :-)
>
> Thanks, Roy! I will try setting it up according to what you suggested.
> > Last attempt failed indeed: according to logs, both daemon and proxy
> tried
> > establishing a connection with each other with some 200 OK in logs, no
> > error messages but nevertheless upload did not happen after all.
> >
>
> Did you restart engine after changing the config?
> Did you add engine CA to the browser?
> Did you check the browser console.log?
> Can you share your logs?
>
Can you reply to these questions?
> Speaking about it, does anyone know more straightforward way to have ISO
> > disk on data domain?
>
>
> Uploading from the UI is the most straightforward way. But you need to get
> a working setup
> first.
>
> I am not as much interested in debugging ISO upload but rather attaching it
> > to VM.
> >
>
> Sad that you are not interested in this yet, but in the meantime you can
> use the ovirt SDK
> upload_disk.py example.
>
> 1. install first the ovirt python sdk version 4:
>
> dnf install python3-ovirt-engine-sdk4
>
> 2. Download the upload disk example:
>
>
>
> https://github.com/oVirt/ovirt-engine-sdk/blob/master/sdk/examples/upload_disk.py
>
> 3. Change the configuration to match your setup (e.g. storage domain name)
>
> 4. Upload:
>
> python upload_disk.py --direct /path/to/disk.iso
>
> Note that --direct goes directly to the host, this is faster compared with
> going to the proxy.
>
> I think we should have a proper command line tool that make all this much
> easier. We have
> this RFE:
> https://bugzilla.redhat.com/show_bug.cgi?id=1626262
>
> Maybe you can be interested in implementing this?
>
> Nir
>
_______________________________________________
Devel mailing list -- devel@ovirt.org
To unsubscribe send an email to devel-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/devel@ovirt.org/message/FEKC3QLUKLDN2QILTUUELOY67SM4UUOX/
