subject:"Re\: \[ovirt\-users\] Failed to synchronize networks of Provider ovirt\-provider\-ovn"

Re: [ovirt-users] Failed to synchronize networks of Provider ovirt-provider-ovn

2018-03-16 Thread Kapetanakis Giannis


On 17/03/18 01:20, Kapetanakis Giannis wrote:

On 16/03/18 18:40, Dominik Holler wrote:

Thanks. Yes, the ovirt-provider-ovn refuses to connect to ovirt-engine
for authentication because ovirt-provider-ovn does not trust the
ssl-certificate and propagates this as the BadGateway error.

Please not that engine-setup creates the file
/etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
which overwrites the default values from
/etc/ovirt-provider-ovn/ovirt-provider-ovn.conf


Thanks,

I didn't notice the conf.d dir.
Changing ovirt-ca-file there fixed it

regards,

G 


In advance, it would make sense to change the default to
/etc/pki/ovirt-engine/apache-ca.pem
since by default it's a symlink to ca.pem (which is now the default)

So default/custom cert would all work

G
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Failed to synchronize networks of Provider ovirt-provider-ovn

2018-03-16 Thread Kapetanakis Giannis


On 16/03/18 18:40, Dominik Holler wrote:

Thanks. Yes, the ovirt-provider-ovn refuses to connect to ovirt-engine
for authentication because ovirt-provider-ovn does not trust the
ssl-certificate and propagates this as the BadGateway error.

Please not that engine-setup creates the file
/etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
which overwrites the default values from
/etc/ovirt-provider-ovn/ovirt-provider-ovn.conf


Thanks,

I didn't notice the conf.d dir.
Changing ovirt-ca-file there fixed it

regards,

G
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Failed to synchronize networks of Provider ovirt-provider-ovn

2018-03-16 Thread Dominik Holler

On Fri, 16 Mar 2018 17:46:36 +0200
Kapetanakis Giannis  wrote:

> On 16/03/18 17:40, Kapetanakis Giannis wrote:
> > On 16/03/18 15:21, Dominik Holler wrote:  
> >> On Fri, 16 Mar 2018 12:46:13 +0200
> >> Kapetanakis Giannis  wrote:
> >>  
> >>> Hi,
> >>>
> >>> After upgrading to 4.2.1 I have problems with ovn provider.
> >>> I'm getting "Failed to synchronize networks of Provider
> >>> ovirt-provider-ovn."
> >>>
> >>> I use custom SSL certificate in apache and I guess this is the
> >>> reason.
> >>>
> >>> I've tried to update ovirt-provider-ovn.conf with
> >>> [OVIRT]
> >>> #ovirt-ca-file=/etc/pki/ovirt-engine/ca.pem
> >>> ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem
> >>>
> >>> but still no go  
> >   
> >>
> >> Would you share the lines in engine.log produced by clicking the
> >> "Test" button in the "Edit Provider" dialog?
> >> On Clicking the test button, are you asked about "Import provider
> >> certificate"?  
> 
> SORRY wrong provider.
> 
> It asks for the cert.
> Failed to communicate with the external provider, see log for
> additional details.
> 
> 2018-03-16 17:44:08,262+02 INFO
> [org.ovirt.engine.core.bll.provider.ImportProviderCertificateCommand]
> (default task-52) [4731d25d-fce3-4408-99ea-8f9d1b5ee5b6] Running
> command: ImportProviderCertificateCommand internal: false. Entities
> affected :  ID: aaa0----123456789aaa Type:
> SystemAction group CREATE_STORAGE_POOL with role type ADMIN
> 2018-03-16 17:44:08,275+02 INFO
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (default task-52) [4731d25d-fce3-4408-99ea-8f9d1b5ee5b6] EVENT_ID:
> PROVIDER_CERTIFICATE_IMPORTED(213), Certificate for provider
> ovirt-provider-ovn was imported. (User: admin@internal) 2018-03-16
> 17:44:08,302+02 INFO
> [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand]
> (default task-44) [f4b2c57b-60c7-4ef9-a59f-0c5b22fa0356] Running
> command: TestProviderConnectivityCommand internal: false. Entities
> affected :  ID: aaa0----123456789aaa Type:
> SystemAction group CREATE_STORAGE_POOL with role type ADMIN
> 2018-03-16 17:44:08,360+02 ERROR
> [org.ovirt.engine.core.bll.provider.network.openstack.BaseNetworkProviderProxy]
> (default task-44) [f4b2c57b-60c7-4ef9-a59f-0c5b22fa0356] Bad Gateway
> (OpenStack response error code: 502) 2018-03-16 17:44:08,360+02 ERROR
> [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand]
> (default task-44) [f4b2c57b-60c7-4ef9-a59f-0c5b22fa0356] Command
> 'org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand'
> failed: EngineException: (Failed with error PROVIDER_FAILURE and code
> 5050)
> 
> and in provider log:
> 
> 2018-03-16 17:45:33,961 requests.packages.urllib3.connectionpool
> Starting new HTTPS connection (1): engine-host 2018-03-16
> 17:45:33,961 requests.packages.urllib3.connectionpool Starting new
> HTTPS connection (1): engine-host 2018-03-16 17:45:33,966 root [SSL:
> CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
> Traceback (most recent call last): File
> "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 131,
> in _handle_request method, path_parts, content) File
> "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line
> 175, in handle_request return self.call_response_handler(handler,
> content, parameters) File
> "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in
> call_response_handler return response_handler(content, parameters)
> File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py",
> line 62, in post_tokens user_password=user_password) File
> "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 26, in
> create_token return auth.core.plugin.create_token(user_at_domain,
> user_password) File
> "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/plugin.py", line
> 48, in create_token timeout=self._timeout()) File
> "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75,
> in create_token username, password, engine_url, ca_file, timeout)
> File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line
> 91, in _get_sso_token timeout=timeout File
> "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54,
> in wrapper response = func(*args, **kwargs) File
> "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47,
> in wrapper raise BadGateway(e) BadGateway: [SSL:
> CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
> 

Thanks. Yes, the ovirt-provider-ovn refuses to connect to ovirt-engine
for authentication because ovirt-provider-ovn does not trust the
ssl-certificate and propagates this as the BadGateway error.

Please not that engine-setup creates the file
/etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
which overwrites the default values from
/etc/ovirt-provider-ovn/ovirt-provider-ovn.conf

If you want to check if the referenced
/etc/pki/ovirt-engine/apache-ca.pem is

Re: [ovirt-users] Failed to synchronize networks of Provider ovirt-provider-ovn

2018-03-16 Thread Kapetanakis Giannis

On 16/03/18 17:40, Kapetanakis Giannis wrote:
> On 16/03/18 15:21, Dominik Holler wrote:
>> On Fri, 16 Mar 2018 12:46:13 +0200
>> Kapetanakis Giannis  wrote:
>>
>>> Hi,
>>>
>>> After upgrading to 4.2.1 I have problems with ovn provider.
>>> I'm getting "Failed to synchronize networks of Provider
>>> ovirt-provider-ovn."
>>>
>>> I use custom SSL certificate in apache and I guess this is the reason.
>>>
>>> I've tried to update ovirt-provider-ovn.conf with
>>> [OVIRT]
>>> #ovirt-ca-file=/etc/pki/ovirt-engine/ca.pem
>>> ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem
>>>
>>> but still no go
> 
>>
>> Would you share the lines in engine.log produced by clicking the "Test"
>> button in the "Edit Provider" dialog?
>> On Clicking the test button, are you asked about "Import provider
>> certificate"?

SORRY wrong provider.

It asks for the cert.
Failed to communicate with the external provider, see log for additional 
details.

2018-03-16 17:44:08,262+02 INFO  
[org.ovirt.engine.core.bll.provider.ImportProviderCertificateCommand] (default 
task-52) [4731d25d-fce3-4408-99ea-8f9d1b5ee5b6] Running command: 
ImportProviderCertificateCommand internal: false. Entities affected :  ID: 
aaa0----123456789aaa Type: SystemAction group 
CREATE_STORAGE_POOL with role type ADMIN
2018-03-16 17:44:08,275+02 INFO  
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default 
task-52) [4731d25d-fce3-4408-99ea-8f9d1b5ee5b6] EVENT_ID: 
PROVIDER_CERTIFICATE_IMPORTED(213), Certificate for provider ovirt-provider-ovn 
was imported. (User: admin@internal)
2018-03-16 17:44:08,302+02 INFO  
[org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default 
task-44) [f4b2c57b-60c7-4ef9-a59f-0c5b22fa0356] Running command: 
TestProviderConnectivityCommand internal: false. Entities affected :  ID: 
aaa0----123456789aaa Type: SystemAction group 
CREATE_STORAGE_POOL with role type ADMIN
2018-03-16 17:44:08,360+02 ERROR 
[org.ovirt.engine.core.bll.provider.network.openstack.BaseNetworkProviderProxy] 
(default task-44) [f4b2c57b-60c7-4ef9-a59f-0c5b22fa0356] Bad Gateway (OpenStack 
response error code: 502)
2018-03-16 17:44:08,360+02 ERROR 
[org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default 
task-44) [f4b2c57b-60c7-4ef9-a59f-0c5b22fa0356] Command 
'org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand' failed: 
EngineException: (Failed with error PROVIDER_FAILURE and code 5050)

and in provider log:

2018-03-16 17:45:33,961 requests.packages.urllib3.connectionpool Starting new 
HTTPS connection (1): engine-host
2018-03-16 17:45:33,961 requests.packages.urllib3.connectionpool Starting new 
HTTPS connection (1): engine-host
2018-03-16 17:45:33,966 root [SSL: CERTIFICATE_VERIFY_FAILED] certificate 
verify failed (_ssl.c:579)
Traceback (most recent call last):
  File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 131, in 
_handle_request
method, path_parts, content)
  File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, 
in handle_request
return self.call_response_handler(handler, content, parameters)
  File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in 
call_response_handler
return response_handler(content, parameters)
  File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line 62, 
in post_tokens
user_password=user_password)
  File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 26, in 
create_token
return auth.core.plugin.create_token(user_at_domain, user_password)
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/plugin.py", line 48, 
in create_token
timeout=self._timeout())
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, in 
create_token
username, password, engine_url, ca_file, timeout)
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91, in 
_get_sso_token
timeout=timeout
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, in 
wrapper
response = func(*args, **kwargs)
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, in 
wrapper
raise BadGateway(e)
BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed 
(_ssl.c:579)

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Failed to synchronize networks of Provider ovirt-provider-ovn

2018-03-16 Thread Kapetanakis Giannis

On 16/03/18 15:21, Dominik Holler wrote:
> On Fri, 16 Mar 2018 12:46:13 +0200
> Kapetanakis Giannis  wrote:
> 
>> Hi,
>>
>> After upgrading to 4.2.1 I have problems with ovn provider.
>> I'm getting "Failed to synchronize networks of Provider
>> ovirt-provider-ovn."
>>
>> I use custom SSL certificate in apache and I guess this is the reason.
>>
>> I've tried to update ovirt-provider-ovn.conf with
>> [OVIRT]
>> #ovirt-ca-file=/etc/pki/ovirt-engine/ca.pem
>> ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem
>>
>> but still no go

> 
> Would you share the lines in engine.log produced by clicking the "Test"
> button in the "Edit Provider" dialog?
> On Clicking the test button, are you asked about "Import provider
> certificate"?
> 

I get ok in test:
Test succeeded, managed to access provider.

2018-03-16 17:35:20,024+02 INFO  
[org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default 
task-28) [9920f622-b878-45e1-a421-e76c0ab23470] Running command: 
TestProviderConnectivityCommand internal: false. Entities affected :  ID: 
aaa0----123456789aaa Type: SystemAction group 
CREATE_STORAGE_POOL with role type ADMIN

However a little bit later:
ovirt-provider-ovn.log:

2018-03-16 17:37:27,827 requests.packages.urllib3.connectionpool Starting new 
HTTPS connection (1): engine-host
2018-03-16 17:37:27,827 requests.packages.urllib3.connectionpool Starting new 
HTTPS connection (1): engine-host
2018-03-16 17:37:27,832 root [SSL: CERTIFICATE_VERIFY_FAILED] certificate 
verify failed (_ssl.c:579)
Traceback (most recent call last):
  File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 131, in 
_handle_request
method, path_parts, content)
  File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, 
in handle_request
return self.call_response_handler(handler, content, parameters)
  File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in 
call_response_handler
return response_handler(content, parameters)
  File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line 62, 
in post_tokens
user_password=user_password)
  File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 26, in 
create_token
return auth.core.plugin.create_token(user_at_domain, user_password)
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/plugin.py", line 48, 
in create_token
timeout=self._timeout())
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, in 
create_token
username, password, engine_url, ca_file, timeout)
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91, in 
_get_sso_token
timeout=timeout
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, in 
wrapper
response = func(*args, **kwargs)
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, in 
wrapper
raise BadGateway(e)
BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed 
(_ssl.c:579)

and in engine log:
2018-03-16 17:37:27,834+02 ERROR 
[org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] 
(EE-ManagedThreadFactory-engineScheduled-Thread-27) [621c2b23] Command 
'org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand' failed: 
EngineException: (Failed with error PROVIDER_FAILURE and code 5050)
2018-03-16 17:37:27,850+02 ERROR 
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] 
(EE-ManagedThreadFactory-engineScheduled-Thread-27) [621c2b23] EVENT_ID: 
PROVIDER_SYNCHRONIZED_FAILED(216), Failed to synchronize networks of Provider 
ovirt-provider-ovn.

So the engine can talk with ovn but not the other way around as I understand.

I think it might have to do with [SSL] settings of ovirt-provider-ovn.conf

G

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Failed to synchronize networks of Provider ovirt-provider-ovn

2018-03-16 Thread Dominik Holler

On Fri, 16 Mar 2018 12:46:13 +0200
Kapetanakis Giannis  wrote:

> Hi,
> 
> After upgrading to 4.2.1 I have problems with ovn provider.
> I'm getting "Failed to synchronize networks of Provider
> ovirt-provider-ovn."
> 
> I use custom SSL certificate in apache and I guess this is the reason.
> 
> I've tried to update ovirt-provider-ovn.conf with
> [OVIRT]
> #ovirt-ca-file=/etc/pki/ovirt-engine/ca.pem
> ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem
> 
> but still no go
> 
> Any tips on this?
> 
> thanks
> 
> G
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

Would you share the lines in engine.log produced by clicking the "Test"
button in the "Edit Provider" dialog?
On Clicking the test button, are you asked about "Import provider
certificate"?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Failed to synchronize networks of Provider ovirt-provider-ovn

Re: [ovirt-users] Failed to synchronize networks of Provider ovirt-provider-ovn

Re: [ovirt-users] Failed to synchronize networks of Provider ovirt-provider-ovn

Re: [ovirt-users] Failed to synchronize networks of Provider ovirt-provider-ovn

Re: [ovirt-users] Failed to synchronize networks of Provider ovirt-provider-ovn

Re: [ovirt-users] Failed to synchronize networks of Provider ovirt-provider-ovn

6 matches

Site Navigation

Mail list logo

Footer information