Re: [Users] Hosted Engine adding host SSL Failure (w/ engine custom cert)
> From: "Andrew Lau" > To: "Yedidyah Bar David" > Cc: "users" > Sent: Friday, January 31, 2014 6:00:45 AM > Subject: Re: [Users] Hosted Engine adding host SSL Failure (w/ engine custom > cert) > I have opened two BZs around these two case scenarios: > BZ 1059952 - hosted-engine --deploy (additional host) will fail if the engine > is not using the default self-signed CA > BZ 1059950 - If cluster=Default does not exist in hosted-engine it will fail > and timeout Thank you very much! -- Didi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Hosted Engine adding host SSL Failure (w/ engine custom cert)
I have opened two BZs around these two case scenarios: BZ 1059952 - hosted-engine --deploy (additional host) will fail if the engine is not using the default self-signed CA BZ 1059950 - If cluster=Default does not exist in hosted-engine it will fail and timeout Thanks, Andrew On Fri, Jan 31, 2014 at 9:58 AM, Andrew Lau wrote: > I managed to resolve this, don't know why I was not paying attention to > the first error. > > The engine needs to have a cluster called Default or the host won't get > added to the engine, this was causing that constant spam of "still waiting > for host to become operational". > > The host would however still get added to the ha-services just not the > engine and the install terminates. > On Jan 29, 2014 10:15 PM, "Andrew Lau" wrote: > >> On Wed, Jan 29, 2014 at 9:50 PM, Yedidyah Bar David wrote: >> >>> *From: *"Andrew Lau" >>> *To: *"Yedidyah Bar David" >>> *Cc: *"users" >>> *Sent: *Wednesday, January 29, 2014 12:19:56 PM >>> >>> *Subject: *Re: [Users] Hosted Engine adding host SSL Failure (w/ engine >>> custom cert) >>> >>> >>> On Wed, Jan 29, 2014 at 8:57 PM, Yedidyah Bar David wrote: >>> >>>> *From: *"Andrew Lau" >>>> *To: *"Yedidyah Bar David" >>>> *Cc: *"users" >>>> *Sent: *Wednesday, January 29, 2014 10:17:21 AM >>>> >>>> *Subject: *Re: [Users] Hosted Engine adding host SSL Failure (w/ >>>> engine custom cert) >>>> >>>> Shame about the way the CA works, may be worth putting a reverse proxy >>>> in front as unsigned SSL can be a deal breaker. >>>> >>>> >>>> Perhaps. Would you like to open a bug? >>>> >>>> >>>> Anyway, my vdsm.log is here http://www.fpaste.org/72643/98338713/ >>>> >>>> When it's "Still waiting for VDSM host to become operational.." there >>>> is no output in vdsm.log >>>> >>>> >>>> Sorry, didn't follow. What this refers to? The ssl issue or something >>>> else? >>>> >>>> >>> So the output of the install process is like this: >>> >>> [ INFO ] Engine replied: DB Up!Welcome to Health Status! >>> [ ERROR ] Cannot automatically add the host to the Default cluster: >>> Entity not found: Cluster: name=Default >>> [ INFO ] Waiting for the host to become operational in the engine. This >>> may take several minutes... >>> [ INFO ] Still waiting for VDSM host to become operational... >>> [ INFO ] Still waiting for VDSM host to become operational... >>> [ INFO ] Still waiting for VDSM host to become operational... >>> [ INFO ] Still waiting for VDSM host to become operational... >>> [ INFO ] Still waiting for VDSM host to become operational... >>> [ INFO ] Still waiting for VDSM host to become operational... >>> [ INFO ] Still waiting for VDSM host to become operational... >>> [ INFO ] Still waiting for VDSM host to become operational... >>> [ INFO ] Still waiting for VDSM host to become operational... >>> [ INFO ] Still waiting for VDSM host to become operational... >>> [ INFO ] Still waiting for VDSM host to become operational... >>> [ INFO ] Still waiting for VDSM host to become operational... >>> [ INFO ] Still waiting for VDSM host to become operational... >>> [ INFO ] Still waiting for VDSM host to become operational... >>> [ INFO ] Still waiting for VDSM host to become operational... >>> [ INFO ] Still waiting for VDSM host to become operational... >>> [ INFO ] Still waiting for VDSM host to become operational... >>> [ INFO ] Still waiting for VDSM host to become operational... >>> [ INFO ] Still waiting for VDSM host to become operational... >>> [ INFO ] Still waiting for VDSM host to become operational... >>> [ ERROR ] Timed out while waiting for host to start. Please check the >>> logs. >>> [ ERROR ] Unable to add HV02 to the manager >>> [ INFO ] Enabling and starting HA services >>> Hosted Engine successfully set up >>> [ INFO ] Stage: Clean up >>> [ INFO ] Stage: Pre-termination >>> [ INFO ] Stage: Termination >>> >>> >>> During that whole "Still waiting for VDSM host to become operational..." >>> The vdsm.log doesn't report anything at all not until the timeout >>> >>> >>> Can you please post full logs of hosted-engine-setup, vdsm, and >>> hosted-engine-ha? >>> >>> I looked at previous posts and only found setup logs with the external >>> ca cert. Your >>> http://www.fpaste.org/72643/98338713/ starts at 19:03:31 where the >>> problem might >>> be much earlier. >>> >>> >> Sorry about that. >> >> ovirt-hosted-engine-setup: http://www.fpaste.org/72679/13909935/ >> fpaste doesn't seem to like the long vdsm log so I have attached it >> instead. >> >> ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Hosted Engine adding host SSL Failure (w/ engine custom cert)
I managed to resolve this, don't know why I was not paying attention to the first error. The engine needs to have a cluster called Default or the host won't get added to the engine, this was causing that constant spam of "still waiting for host to become operational". The host would however still get added to the ha-services just not the engine and the install terminates. On Jan 29, 2014 10:15 PM, "Andrew Lau" wrote: > On Wed, Jan 29, 2014 at 9:50 PM, Yedidyah Bar David wrote: > >> *From: *"Andrew Lau" >> *To: *"Yedidyah Bar David" >> *Cc: *"users" >> *Sent: *Wednesday, January 29, 2014 12:19:56 PM >> >> *Subject: *Re: [Users] Hosted Engine adding host SSL Failure (w/ engine >> custom cert) >> >> >> On Wed, Jan 29, 2014 at 8:57 PM, Yedidyah Bar David wrote: >> >>> *From: *"Andrew Lau" >>> *To: *"Yedidyah Bar David" >>> *Cc: *"users" >>> *Sent: *Wednesday, January 29, 2014 10:17:21 AM >>> >>> *Subject: *Re: [Users] Hosted Engine adding host SSL Failure (w/ engine >>> custom cert) >>> >>> Shame about the way the CA works, may be worth putting a reverse proxy >>> in front as unsigned SSL can be a deal breaker. >>> >>> >>> Perhaps. Would you like to open a bug? >>> >>> >>> Anyway, my vdsm.log is here http://www.fpaste.org/72643/98338713/ >>> >>> When it's "Still waiting for VDSM host to become operational.." there is >>> no output in vdsm.log >>> >>> >>> Sorry, didn't follow. What this refers to? The ssl issue or something >>> else? >>> >>> >> So the output of the install process is like this: >> >> [ INFO ] Engine replied: DB Up!Welcome to Health Status! >> [ ERROR ] Cannot automatically add the host to the Default cluster: >> Entity not found: Cluster: name=Default >> [ INFO ] Waiting for the host to become operational in the engine. This >> may take several minutes... >> [ INFO ] Still waiting for VDSM host to become operational... >> [ INFO ] Still waiting for VDSM host to become operational... >> [ INFO ] Still waiting for VDSM host to become operational... >> [ INFO ] Still waiting for VDSM host to become operational... >> [ INFO ] Still waiting for VDSM host to become operational... >> [ INFO ] Still waiting for VDSM host to become operational... >> [ INFO ] Still waiting for VDSM host to become operational... >> [ INFO ] Still waiting for VDSM host to become operational... >> [ INFO ] Still waiting for VDSM host to become operational... >> [ INFO ] Still waiting for VDSM host to become operational... >> [ INFO ] Still waiting for VDSM host to become operational... >> [ INFO ] Still waiting for VDSM host to become operational... >> [ INFO ] Still waiting for VDSM host to become operational... >> [ INFO ] Still waiting for VDSM host to become operational... >> [ INFO ] Still waiting for VDSM host to become operational... >> [ INFO ] Still waiting for VDSM host to become operational... >> [ INFO ] Still waiting for VDSM host to become operational... >> [ INFO ] Still waiting for VDSM host to become operational... >> [ INFO ] Still waiting for VDSM host to become operational... >> [ INFO ] Still waiting for VDSM host to become operational... >> [ ERROR ] Timed out while waiting for host to start. Please check the >> logs. >> [ ERROR ] Unable to add HV02 to the manager >> [ INFO ] Enabling and starting HA services >> Hosted Engine successfully set up >> [ INFO ] Stage: Clean up >> [ INFO ] Stage: Pre-termination >> [ INFO ] Stage: Termination >> >> >> During that whole "Still waiting for VDSM host to become operational..." >> The vdsm.log doesn't report anything at all not until the timeout >> >> >> Can you please post full logs of hosted-engine-setup, vdsm, and >> hosted-engine-ha? >> >> I looked at previous posts and only found setup logs with the external ca >> cert. Your >> http://www.fpaste.org/72643/98338713/ starts at 19:03:31 where the >> problem might >> be much earlier. >> >> > Sorry about that. > > ovirt-hosted-engine-setup: http://www.fpaste.org/72679/13909935/ > fpaste doesn't seem to like the long vdsm log so I have attached it > instead. > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Hosted Engine adding host SSL Failure (w/ engine custom cert)
> From: "Andrew Lau" > To: "Yedidyah Bar David" > Cc: "users" > Sent: Wednesday, January 29, 2014 12:19:56 PM > Subject: Re: [Users] Hosted Engine adding host SSL Failure (w/ engine custom > cert) > On Wed, Jan 29, 2014 at 8:57 PM, Yedidyah Bar David < d...@redhat.com > > wrote: > > > From: "Andrew Lau" < and...@andrewklau.com > > > > > > > To: "Yedidyah Bar David" < d...@redhat.com > > > > > > > Cc: "users" < users@ovirt.org > > > > > > > Sent: Wednesday, January 29, 2014 10:17:21 AM > > > > > > Subject: Re: [Users] Hosted Engine adding host SSL Failure (w/ engine > > > custom > > > cert) > > > > > > Shame about the way the CA works, may be worth putting a reverse proxy in > > > front as unsigned SSL can be a deal breaker. > > > > > Perhaps. Would you like to open a bug? > > > > Anyway, my vdsm.log is here http://www.fpaste.org/72643/98338713/ > > > > > > When it's "Still waiting for VDSM host to become operational.." there is > > > no > > > output in vdsm.log > > > > > Sorry, didn't follow. What this refers to? The ssl issue or something else? > > So the output of the install process is like this: > [ INFO ] Engine replied: DB Up!Welcome to Health Status! > [ ERROR ] Cannot automatically add the host to the Default cluster: Entity > not found: Cluster: name=Default > [ INFO ] Waiting for the host to become operational in the engine. This may > take several minutes... > [ INFO ] Still waiting for VDSM host to become operational... > [ INFO ] Still waiting for VDSM host to become operational... > [ INFO ] Still waiting for VDSM host to become operational... > [ INFO ] Still waiting for VDSM host to become operational... > [ INFO ] Still waiting for VDSM host to become operational... > [ INFO ] Still waiting for VDSM host to become operational... > [ INFO ] Still waiting for VDSM host to become operational... > [ INFO ] Still waiting for VDSM host to become operational... > [ INFO ] Still waiting for VDSM host to become operational... > [ INFO ] Still waiting for VDSM host to become operational... > [ INFO ] Still waiting for VDSM host to become operational... > [ INFO ] Still waiting for VDSM host to become operational... > [ INFO ] Still waiting for VDSM host to become operational... > [ INFO ] Still waiting for VDSM host to become operational... > [ INFO ] Still waiting for VDSM host to become operational... > [ INFO ] Still waiting for VDSM host to become operational... > [ INFO ] Still waiting for VDSM host to become operational... > [ INFO ] Still waiting for VDSM host to become operational... > [ INFO ] Still waiting for VDSM host to become operational... > [ INFO ] Still waiting for VDSM host to become operational... > [ ERROR ] Timed out while waiting for host to start. Please check the logs. > [ ERROR ] Unable to add HV02 to the manager > [ INFO ] Enabling and starting HA services > Hosted Engine successfully set up > [ INFO ] Stage: Clean up > [ INFO ] Stage: Pre-termination > [ INFO ] Stage: Termination > During that whole "Still waiting for VDSM host to become operational..." > The vdsm.log doesn't report anything at all not until the timeout Can you please post full logs of hosted-engine-setup, vdsm, and hosted-engine-ha? I looked at previous posts and only found setup logs with the external ca cert. Your http://www.fpaste.org/72643/98338713/ starts at 19:03:31 where the problem might be much earlier. Thanks a lot, -- Didi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Hosted Engine adding host SSL Failure (w/ engine custom cert)
On Wed, Jan 29, 2014 at 8:57 PM, Yedidyah Bar David wrote: > *From: *"Andrew Lau" > *To: *"Yedidyah Bar David" > *Cc: *"users" > *Sent: *Wednesday, January 29, 2014 10:17:21 AM > > *Subject: *Re: [Users] Hosted Engine adding host SSL Failure (w/ engine > custom cert) > > Shame about the way the CA works, may be worth putting a reverse proxy in > front as unsigned SSL can be a deal breaker. > > > Perhaps. Would you like to open a bug? > > > Anyway, my vdsm.log is here http://www.fpaste.org/72643/98338713/ > > When it's "Still waiting for VDSM host to become operational.." there is > no output in vdsm.log > > > Sorry, didn't follow. What this refers to? The ssl issue or something else? > > So the output of the install process is like this: [ INFO ] Engine replied: DB Up!Welcome to Health Status! [ ERROR ] Cannot automatically add the host to the Default cluster: Entity not found: Cluster: name=Default [ INFO ] Waiting for the host to become operational in the engine. This may take several minutes... [ INFO ] Still waiting for VDSM host to become operational... [ INFO ] Still waiting for VDSM host to become operational... [ INFO ] Still waiting for VDSM host to become operational... [ INFO ] Still waiting for VDSM host to become operational... [ INFO ] Still waiting for VDSM host to become operational... [ INFO ] Still waiting for VDSM host to become operational... [ INFO ] Still waiting for VDSM host to become operational... [ INFO ] Still waiting for VDSM host to become operational... [ INFO ] Still waiting for VDSM host to become operational... [ INFO ] Still waiting for VDSM host to become operational... [ INFO ] Still waiting for VDSM host to become operational... [ INFO ] Still waiting for VDSM host to become operational... [ INFO ] Still waiting for VDSM host to become operational... [ INFO ] Still waiting for VDSM host to become operational... [ INFO ] Still waiting for VDSM host to become operational... [ INFO ] Still waiting for VDSM host to become operational... [ INFO ] Still waiting for VDSM host to become operational... [ INFO ] Still waiting for VDSM host to become operational... [ INFO ] Still waiting for VDSM host to become operational... [ INFO ] Still waiting for VDSM host to become operational... [ ERROR ] Timed out while waiting for host to start. Please check the logs. [ ERROR ] Unable to add HV02 to the manager [ INFO ] Enabling and starting HA services Hosted Engine successfully set up [ INFO ] Stage: Clean up [ INFO ] Stage: Pre-termination [ INFO ] Stage: Termination During that whole "Still waiting for VDSM host to become operational..." The vdsm.log doesn't report anything at all not until the timeout > Thanks! > -- > Didi > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Hosted Engine adding host SSL Failure (w/ engine custom cert)
> From: "Andrew Lau" > To: "Yedidyah Bar David" > Cc: "users" > Sent: Wednesday, January 29, 2014 10:17:21 AM > Subject: Re: [Users] Hosted Engine adding host SSL Failure (w/ engine custom > cert) > Shame about the way the CA works, may be worth putting a reverse proxy in > front as unsigned SSL can be a deal breaker. Perhaps. Would you like to open a bug? > Anyway, my vdsm.log is here http://www.fpaste.org/72643/98338713/ > When it's "Still waiting for VDSM host to become operational.." there is no > output in vdsm.log Sorry, didn't follow. What this refers to? The ssl issue or something else? Thanks! -- Didi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Hosted Engine adding host SSL Failure (w/ engine custom cert)
Shame about the way the CA works, may be worth putting a reverse proxy in front as unsigned SSL can be a deal breaker. Anyway, my vdsm.log is here http://www.fpaste.org/72643/98338713/ When it's "Still waiting for VDSM host to become operational.." there is no output in vdsm.log On Wed, Jan 29, 2014 at 6:11 PM, Yedidyah Bar David wrote: > *From: *"Yedidyah Bar David" > *To: *"Andrew Lau" > *Cc: *"users" > *Sent: *Wednesday, January 29, 2014 9:05:06 AM > *Subject: *Re: [Users] Hosted Engine adding host SSL Failure (w/ > enginecustomcert) > > > *From: *"Andrew Lau" > *To: *"users" > *Sent: *Wednesday, January 29, 2014 8:38:33 AM > *Subject: *[Users] Hosted Engine adding host SSL Failure (w/ engine > customcert) > > Hi, > > After running through the new patch posted in BZ 1055153 I'm adding a > second host to the hosted-engine cluster but it seems to fail right before > the finish: > > [ ERROR ] Failed to execute stage 'Closing up': [ERROR]::oVirt API > connection failure, [Errno 1] _ssl.c:492: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > > Couple Extra Notes: > Engine has a custom SSL cert but the CA has been trusted by the new host. > When I temporarily return the engine's SSL back to the default generated > one the install will succeed. > > Setup logs: http://www.fpaste.org/72624/13909770/ > > What confuses me is: > > curl https://engine.example.net with the custom SSL cert will succeed but > with the original self-signed gives the expected "insecure" message. What > criteria need to be met so the install will pass? > > > Seems like a bug (or a missing feature) - hosted-engine only supports the > self-signed cert. Can you please open a bug for this? > > You might manage to make it work by replacing /etc/pki/ovirt-engine/ca.pem > with the certificate of your ca, but this will prevent adding hosts > (because it's needed to create a certificate for them). Perhaps other > things will break too, I didn't try that. > > > On a second thought, I don't think it will work. The engine will still > sign certs for hosts with its private key, but the hosts will try to verify > that with the ca.pem you put there and fail. > -- > Didi > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Hosted Engine adding host SSL Failure (w/ engine custom cert)
> From: "Yedidyah Bar David" > To: "Andrew Lau" > Cc: "users" > Sent: Wednesday, January 29, 2014 9:05:06 AM > Subject: Re: [Users] Hosted Engine adding host SSL Failure (w/ engine custom > cert) > > From: "Andrew Lau" > > > To: "users" > > > Sent: Wednesday, January 29, 2014 8:38:33 AM > > > Subject: [Users] Hosted Engine adding host SSL Failure (w/ engine custom > > cert) > > > Hi, > > > After running through the new patch posted in BZ 1055153 I'm adding a > > second > > host to the hosted-engine cluster but it seems to fail right before the > > finish: > > > [ ERROR ] Failed to execute stage 'Closing up': [ERROR]::oVirt API > > connection > > failure, [Errno 1] _ssl.c:492: error:14090086:SSL > > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > > > Couple Extra Notes: > > > Engine has a custom SSL cert but the CA has been trusted by the new host. > > When I temporarily return the engine's SSL back to the default generated > > one > > the install will succeed. > > > Setup logs: http://www.fpaste.org/72624/13909770/ > > > What confuses me is: > > > curl https://engine.example.net with the custom SSL cert will succeed but > > with the original self-signed gives the expected "insecure" message. What > > criteria need to be met so the install will pass? > > Seems like a bug (or a missing feature) - hosted-engine only supports the > self-signed cert. Can you please open a bug for this? > You might manage to make it work by replacing /etc/pki/ovirt-engine/ca.pem > with the certificate of your ca, but this will prevent adding hosts (because > it's needed to create a certificate for them). Perhaps other things will > break too, I didn't try that. On a second thought, I don't think it will work. The engine will still sign certs for hosts with its private key, but the hosts will try to verify that with the ca.pem you put there and fail. -- Didi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Hosted Engine adding host SSL Failure (w/ engine custom cert)
> From: "Andrew Lau" > To: "users" > Sent: Wednesday, January 29, 2014 8:48:42 AM > Subject: Re: [Users] Hosted Engine adding host SSL Failure (w/ engine custom > cert) > Reverting back to the original cert would take me past that error but would > just continue to spam the message until timeout > [ INFO ] Still waiting for VDSM host to become operational... > [ INFO ] Still waiting for VDSM host to become operational... > Logs seem to just repeat > 2014-01-29 17:44:53 DEBUG > otopi.plugins.ovirt_hosted_engine_setup.engine.add_host > add_host._wait_host_ready:229 VDSM host in state > 2014-01-29 17:44:54 DEBUG > otopi.plugins.ovirt_hosted_engine_setup.engine.add_host > add_host._wait_host_ready:213 Error fetching host state: 'NoneType' object > has no attribute 'status' > 2014-01-29 17:44:54 DEBUG > otopi.plugins.ovirt_hosted_engine_setup.engine.add_host > add_host._wait_host_ready:229 VDSM host in state > 2014-01-29 17:44:55 DEBUG > otopi.plugins.ovirt_hosted_engine_setup.engine.add_host > add_host._wait_host_ready:213 Error fetching host state: 'NoneType' object > has no attribute 'status' > 2014-01-29 17:44:55 DEBUG > otopi.plugins.ovirt_hosted_engine_setup.engine.add_host > add_host._wait_host_ready:229 VDSM host in state > 2014-01-29 17:44:56 DEBUG > otopi.plugins.ovirt_hosted_engine_setup.engine.add_host > add_host._wait_host_ready:213 Error fetching host state: 'NoneType' object > has no attribute 'status' > 2014-01-29 17:44:56 DEBUG > otopi.plugins.ovirt_hosted_engine_setup.engine.add_host > add_host._wait_host_ready:229 VDSM host in state Can you please post vdsm logs? Thanks. -- Didi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Hosted Engine adding host SSL Failure (w/ engine custom cert)
> From: "Andrew Lau" > To: "users" > Sent: Wednesday, January 29, 2014 8:38:33 AM > Subject: [Users] Hosted Engine adding host SSL Failure (w/ engine custom > cert) > Hi, > After running through the new patch posted in BZ 1055153 I'm adding a second > host to the hosted-engine cluster but it seems to fail right before the > finish: > [ ERROR ] Failed to execute stage 'Closing up': [ERROR]::oVirt API connection > failure, [Errno 1] _ssl.c:492: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > Couple Extra Notes: > Engine has a custom SSL cert but the CA has been trusted by the new host. > When I temporarily return the engine's SSL back to the default generated one > the install will succeed. > Setup logs: http://www.fpaste.org/72624/13909770/ > What confuses me is: > curl https://engine.example.net with the custom SSL cert will succeed but > with the original self-signed gives the expected "insecure" message. What > criteria need to be met so the install will pass? Seems like a bug (or a missing feature) - hosted-engine only supports the self-signed cert. Can you please open a bug for this? You might manage to make it work by replacing /etc/pki/ovirt-engine/ca.pem with the certificate of your ca, but this will prevent adding hosts (because it's needed to create a certificate for them). Perhaps other things will break too, I didn't try that. -- Didi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Hosted Engine adding host SSL Failure (w/ engine custom cert)
Reverting back to the original cert would take me past that error but would just continue to spam the message until timeout [ INFO ] Still waiting for VDSM host to become operational... [ INFO ] Still waiting for VDSM host to become operational... Logs seem to just repeat 2014-01-29 17:44:53 DEBUG otopi.plugins.ovirt_hosted_engine_setup.engine.add_host add_host._wait_host_ready:229 VDSM host in state 2014-01-29 17:44:54 DEBUG otopi.plugins.ovirt_hosted_engine_setup.engine.add_host add_host._wait_host_ready:213 Error fetching host state: 'NoneType' object has no attribute 'status' 2014-01-29 17:44:54 DEBUG otopi.plugins.ovirt_hosted_engine_setup.engine.add_host add_host._wait_host_ready:229 VDSM host in state 2014-01-29 17:44:55 DEBUG otopi.plugins.ovirt_hosted_engine_setup.engine.add_host add_host._wait_host_ready:213 Error fetching host state: 'NoneType' object has no attribute 'status' 2014-01-29 17:44:55 DEBUG otopi.plugins.ovirt_hosted_engine_setup.engine.add_host add_host._wait_host_ready:229 VDSM host in state 2014-01-29 17:44:56 DEBUG otopi.plugins.ovirt_hosted_engine_setup.engine.add_host add_host._wait_host_ready:213 Error fetching host state: 'NoneType' object has no attribute 'status' 2014-01-29 17:44:56 DEBUG otopi.plugins.ovirt_hosted_engine_setup.engine.add_host add_host._wait_host_ready:229 VDSM host in state On Wed, Jan 29, 2014 at 5:38 PM, Andrew Lau wrote: > Hi, > > After running through the new patch posted in BZ 1055153 I'm adding a > second host to the hosted-engine cluster but it seems to fail right before > the finish: > > [ ERROR ] Failed to execute stage 'Closing up': [ERROR]::oVirt API > connection failure, [Errno 1] _ssl.c:492: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > > Couple Extra Notes: > Engine has a custom SSL cert but the CA has been trusted by the new host. > When I temporarily return the engine's SSL back to the default generated > one the install will succeed. > > Setup logs: http://www.fpaste.org/72624/13909770/ > > What confuses me is: > > curl https://engine.example.net with the custom SSL cert will succeed but > with the original self-signed gives the expected "insecure" message. What > criteria need to be met so the install will pass? > > Thanks, > Andrew > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] Hosted Engine adding host SSL Failure (w/ engine custom cert)
Hi, After running through the new patch posted in BZ 1055153 I'm adding a second host to the hosted-engine cluster but it seems to fail right before the finish: [ ERROR ] Failed to execute stage 'Closing up': [ERROR]::oVirt API connection failure, [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Couple Extra Notes: Engine has a custom SSL cert but the CA has been trusted by the new host. When I temporarily return the engine's SSL back to the default generated one the install will succeed. Setup logs: http://www.fpaste.org/72624/13909770/ What confuses me is: curl https://engine.example.net with the custom SSL cert will succeed but with the original self-signed gives the expected "insecure" message. What criteria need to be met so the install will pass? Thanks, Andrew ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users