Re: [ovirt-users] Failed to synchronize networks of Provider ovirt-provider-ovn
On 17/03/18 01:20, Kapetanakis Giannis wrote: On 16/03/18 18:40, Dominik Holler wrote: Thanks. Yes, the ovirt-provider-ovn refuses to connect to ovirt-engine for authentication because ovirt-provider-ovn does not trust the ssl-certificate and propagates this as the BadGateway error. Please not that engine-setup creates the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf which overwrites the default values from /etc/ovirt-provider-ovn/ovirt-provider-ovn.conf Thanks, I didn't notice the conf.d dir. Changing ovirt-ca-file there fixed it regards, G In advance, it would make sense to change the default to /etc/pki/ovirt-engine/apache-ca.pem since by default it's a symlink to ca.pem (which is now the default) So default/custom cert would all work G ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Failed to synchronize networks of Provider ovirt-provider-ovn
On 16/03/18 18:40, Dominik Holler wrote: Thanks. Yes, the ovirt-provider-ovn refuses to connect to ovirt-engine for authentication because ovirt-provider-ovn does not trust the ssl-certificate and propagates this as the BadGateway error. Please not that engine-setup creates the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf which overwrites the default values from /etc/ovirt-provider-ovn/ovirt-provider-ovn.conf Thanks, I didn't notice the conf.d dir. Changing ovirt-ca-file there fixed it regards, G ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Failed to synchronize networks of Provider ovirt-provider-ovn
On Fri, 16 Mar 2018 17:46:36 +0200 Kapetanakis Giannis wrote: > On 16/03/18 17:40, Kapetanakis Giannis wrote: > > On 16/03/18 15:21, Dominik Holler wrote: > >> On Fri, 16 Mar 2018 12:46:13 +0200 > >> Kapetanakis Giannis wrote: > >> > >>> Hi, > >>> > >>> After upgrading to 4.2.1 I have problems with ovn provider. > >>> I'm getting "Failed to synchronize networks of Provider > >>> ovirt-provider-ovn." > >>> > >>> I use custom SSL certificate in apache and I guess this is the > >>> reason. > >>> > >>> I've tried to update ovirt-provider-ovn.conf with > >>> [OVIRT] > >>> #ovirt-ca-file=/etc/pki/ovirt-engine/ca.pem > >>> ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem > >>> > >>> but still no go > > > >> > >> Would you share the lines in engine.log produced by clicking the > >> "Test" button in the "Edit Provider" dialog? > >> On Clicking the test button, are you asked about "Import provider > >> certificate"? > > SORRY wrong provider. > > It asks for the cert. > Failed to communicate with the external provider, see log for > additional details. > > 2018-03-16 17:44:08,262+02 INFO > [org.ovirt.engine.core.bll.provider.ImportProviderCertificateCommand] > (default task-52) [4731d25d-fce3-4408-99ea-8f9d1b5ee5b6] Running > command: ImportProviderCertificateCommand internal: false. Entities > affected : ID: aaa0----123456789aaa Type: > SystemAction group CREATE_STORAGE_POOL with role type ADMIN > 2018-03-16 17:44:08,275+02 INFO > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > (default task-52) [4731d25d-fce3-4408-99ea-8f9d1b5ee5b6] EVENT_ID: > PROVIDER_CERTIFICATE_IMPORTED(213), Certificate for provider > ovirt-provider-ovn was imported. (User: admin@internal) 2018-03-16 > 17:44:08,302+02 INFO > [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] > (default task-44) [f4b2c57b-60c7-4ef9-a59f-0c5b22fa0356] Running > command: TestProviderConnectivityCommand internal: false. Entities > affected : ID: aaa0----123456789aaa Type: > SystemAction group CREATE_STORAGE_POOL with role type ADMIN > 2018-03-16 17:44:08,360+02 ERROR > [org.ovirt.engine.core.bll.provider.network.openstack.BaseNetworkProviderProxy] > (default task-44) [f4b2c57b-60c7-4ef9-a59f-0c5b22fa0356] Bad Gateway > (OpenStack response error code: 502) 2018-03-16 17:44:08,360+02 ERROR > [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] > (default task-44) [f4b2c57b-60c7-4ef9-a59f-0c5b22fa0356] Command > 'org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand' > failed: EngineException: (Failed with error PROVIDER_FAILURE and code > 5050) > > and in provider log: > > 2018-03-16 17:45:33,961 requests.packages.urllib3.connectionpool > Starting new HTTPS connection (1): engine-host 2018-03-16 > 17:45:33,961 requests.packages.urllib3.connectionpool Starting new > HTTPS connection (1): engine-host 2018-03-16 17:45:33,966 root [SSL: > CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579) > Traceback (most recent call last): File > "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 131, > in _handle_request method, path_parts, content) File > "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line > 175, in handle_request return self.call_response_handler(handler, > content, parameters) File > "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in > call_response_handler return response_handler(content, parameters) > File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", > line 62, in post_tokens user_password=user_password) File > "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 26, in > create_token return auth.core.plugin.create_token(user_at_domain, > user_password) File > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/plugin.py", line > 48, in create_token timeout=self._timeout()) File > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, > in create_token username, password, engine_url, ca_file, timeout) > File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line > 91, in _get_sso_token timeout=timeout File > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, > in wrapper response = func(*args, **kwargs) File > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, > in wrapper raise BadGateway(e) BadGateway: [SSL: > CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579) > Thanks. Yes, the ovirt-provider-ovn refuses to connect to ovirt-engine for authentication because ovirt-provider-ovn does not trust the ssl-certificate and propagates this as the BadGateway error. Please not that engine-setup creates the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf which overwrites the default values from /etc/ovirt-provider-ovn/ovirt-provider-ovn.conf If you want to check if the referenced /etc/pki/ovirt-engine/apache-ca.pem is correct, you can use the following python snippet: impo
Re: [ovirt-users] Failed to synchronize networks of Provider ovirt-provider-ovn
On 16/03/18 17:40, Kapetanakis Giannis wrote: > On 16/03/18 15:21, Dominik Holler wrote: >> On Fri, 16 Mar 2018 12:46:13 +0200 >> Kapetanakis Giannis wrote: >> >>> Hi, >>> >>> After upgrading to 4.2.1 I have problems with ovn provider. >>> I'm getting "Failed to synchronize networks of Provider >>> ovirt-provider-ovn." >>> >>> I use custom SSL certificate in apache and I guess this is the reason. >>> >>> I've tried to update ovirt-provider-ovn.conf with >>> [OVIRT] >>> #ovirt-ca-file=/etc/pki/ovirt-engine/ca.pem >>> ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem >>> >>> but still no go > >> >> Would you share the lines in engine.log produced by clicking the "Test" >> button in the "Edit Provider" dialog? >> On Clicking the test button, are you asked about "Import provider >> certificate"? SORRY wrong provider. It asks for the cert. Failed to communicate with the external provider, see log for additional details. 2018-03-16 17:44:08,262+02 INFO [org.ovirt.engine.core.bll.provider.ImportProviderCertificateCommand] (default task-52) [4731d25d-fce3-4408-99ea-8f9d1b5ee5b6] Running command: ImportProviderCertificateCommand internal: false. Entities affected : ID: aaa0----123456789aaa Type: SystemAction group CREATE_STORAGE_POOL with role type ADMIN 2018-03-16 17:44:08,275+02 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-52) [4731d25d-fce3-4408-99ea-8f9d1b5ee5b6] EVENT_ID: PROVIDER_CERTIFICATE_IMPORTED(213), Certificate for provider ovirt-provider-ovn was imported. (User: admin@internal) 2018-03-16 17:44:08,302+02 INFO [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default task-44) [f4b2c57b-60c7-4ef9-a59f-0c5b22fa0356] Running command: TestProviderConnectivityCommand internal: false. Entities affected : ID: aaa0----123456789aaa Type: SystemAction group CREATE_STORAGE_POOL with role type ADMIN 2018-03-16 17:44:08,360+02 ERROR [org.ovirt.engine.core.bll.provider.network.openstack.BaseNetworkProviderProxy] (default task-44) [f4b2c57b-60c7-4ef9-a59f-0c5b22fa0356] Bad Gateway (OpenStack response error code: 502) 2018-03-16 17:44:08,360+02 ERROR [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default task-44) [f4b2c57b-60c7-4ef9-a59f-0c5b22fa0356] Command 'org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand' failed: EngineException: (Failed with error PROVIDER_FAILURE and code 5050) and in provider log: 2018-03-16 17:45:33,961 requests.packages.urllib3.connectionpool Starting new HTTPS connection (1): engine-host 2018-03-16 17:45:33,961 requests.packages.urllib3.connectionpool Starting new HTTPS connection (1): engine-host 2018-03-16 17:45:33,966 root [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579) Traceback (most recent call last): File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 131, in _handle_request method, path_parts, content) File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, in handle_request return self.call_response_handler(handler, content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in call_response_handler return response_handler(content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line 62, in post_tokens user_password=user_password) File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 26, in create_token return auth.core.plugin.create_token(user_at_domain, user_password) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/plugin.py", line 48, in create_token timeout=self._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, in create_token username, password, engine_url, ca_file, timeout) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91, in _get_sso_token timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, in wrapper response = func(*args, **kwargs) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, in wrapper raise BadGateway(e) BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579) ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Failed to synchronize networks of Provider ovirt-provider-ovn
On 16/03/18 15:21, Dominik Holler wrote: > On Fri, 16 Mar 2018 12:46:13 +0200 > Kapetanakis Giannis wrote: > >> Hi, >> >> After upgrading to 4.2.1 I have problems with ovn provider. >> I'm getting "Failed to synchronize networks of Provider >> ovirt-provider-ovn." >> >> I use custom SSL certificate in apache and I guess this is the reason. >> >> I've tried to update ovirt-provider-ovn.conf with >> [OVIRT] >> #ovirt-ca-file=/etc/pki/ovirt-engine/ca.pem >> ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem >> >> but still no go > > Would you share the lines in engine.log produced by clicking the "Test" > button in the "Edit Provider" dialog? > On Clicking the test button, are you asked about "Import provider > certificate"? > I get ok in test: Test succeeded, managed to access provider. 2018-03-16 17:35:20,024+02 INFO [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default task-28) [9920f622-b878-45e1-a421-e76c0ab23470] Running command: TestProviderConnectivityCommand internal: false. Entities affected : ID: aaa0----123456789aaa Type: SystemAction group CREATE_STORAGE_POOL with role type ADMIN However a little bit later: ovirt-provider-ovn.log: 2018-03-16 17:37:27,827 requests.packages.urllib3.connectionpool Starting new HTTPS connection (1): engine-host 2018-03-16 17:37:27,827 requests.packages.urllib3.connectionpool Starting new HTTPS connection (1): engine-host 2018-03-16 17:37:27,832 root [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579) Traceback (most recent call last): File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 131, in _handle_request method, path_parts, content) File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, in handle_request return self.call_response_handler(handler, content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in call_response_handler return response_handler(content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line 62, in post_tokens user_password=user_password) File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 26, in create_token return auth.core.plugin.create_token(user_at_domain, user_password) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/plugin.py", line 48, in create_token timeout=self._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, in create_token username, password, engine_url, ca_file, timeout) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91, in _get_sso_token timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, in wrapper response = func(*args, **kwargs) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, in wrapper raise BadGateway(e) BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579) and in engine log: 2018-03-16 17:37:27,834+02 ERROR [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-27) [621c2b23] Command 'org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand' failed: EngineException: (Failed with error PROVIDER_FAILURE and code 5050) 2018-03-16 17:37:27,850+02 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engineScheduled-Thread-27) [621c2b23] EVENT_ID: PROVIDER_SYNCHRONIZED_FAILED(216), Failed to synchronize networks of Provider ovirt-provider-ovn. So the engine can talk with ovn but not the other way around as I understand. I think it might have to do with [SSL] settings of ovirt-provider-ovn.conf G ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Failed to synchronize networks of Provider ovirt-provider-ovn
On Fri, 16 Mar 2018 12:46:13 +0200 Kapetanakis Giannis wrote: > Hi, > > After upgrading to 4.2.1 I have problems with ovn provider. > I'm getting "Failed to synchronize networks of Provider > ovirt-provider-ovn." > > I use custom SSL certificate in apache and I guess this is the reason. > > I've tried to update ovirt-provider-ovn.conf with > [OVIRT] > #ovirt-ca-file=/etc/pki/ovirt-engine/ca.pem > ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem > > but still no go > > Any tips on this? > > thanks > > G > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users Would you share the lines in engine.log produced by clicking the "Test" button in the "Edit Provider" dialog? On Clicking the test button, are you asked about "Import provider certificate"? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Failed to synchronize networks of Provider ovirt-provider-ovn
Hi, After upgrading to 4.2.1 I have problems with ovn provider. I'm getting "Failed to synchronize networks of Provider ovirt-provider-ovn." I use custom SSL certificate in apache and I guess this is the reason. I've tried to update ovirt-provider-ovn.conf with [OVIRT] #ovirt-ca-file=/etc/pki/ovirt-engine/ca.pem ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem but still no go Any tips on this? thanks G ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users