Re: [vdsm] vdsm on openSuSE
On 30/04/12 19:23, Itamar Heim wrote: On 04/30/2012 06:45 PM, Sascha Littel wrote: Am Montag, 30. April 2012, 16:45:12 schrieben Sie: Hi Sasha, This may be an issue of SSH authentication method. Can you please check you SSH server in the host- Password auth should be password and not Keyboard-interactive. This may lead to SSH auth failure as you engine log indicates. Thanks dude this was the hint I need. I changed the PasswordAuthentication in /etc/ssh/sshd_config. Now I can add the vdsm into the oVirt engine host. Now the real work can beginn. Doron - can we catch this error and give this hint to users as something worth checking? (added engine-devel, as this extends to the engine side). AFAICT, we get auth failure, with no reason. In order to handle it we can go in to ways (need to decide)- 1. Add the keyboard-interactive auth to Mina SSHD. There's a guy who added it[a] and we may try and ask for hints from him. I know that patches are welcomed there as well ;) 2. Try to diagnose the failure we get, or scan Mina's err / debug stream. I suspect we should be able to see something like: debug1: Authentications that can continue: password,publickey ... debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password So if server does not report 'password' as an option we could give a better auth-failure message. It will be nice if someone from our community could pick this up, and if not this would be a nice feature for one of the coming versions. [a] http://mail-archives.apache.org/mod_mbox/mina-dev/201112.mbox/%3ccacpdtxmmweqtq+as+fqzwpgxcxday4hzxk0jarvczkyntfw...@mail.gmail.com%3E Am Montag, 30. April 2012, 13:09:25 schrieben Sie: On 04/30/2012 02:07 PM, Sascha Littel wrote: Am Montag, 30. April 2012, 05:04:09 schrieben Sie: On 04/29/2012 10:24 PM, S. Littel wrote: Hi everybody, I'm working currently on a running version of vdsm 4.9.1 for openSuSE 11.3. I'm changing many lines in the start/stop scripts e.g. paths, rc commands. Most of this work looks fine but if I try to get a connection between the oVirt engine (runs on a openSuSE 12.1) and the vdsm host I get a ssl error. Also after setting ssl in vdsm.conf to false and changing the settings in oVirt engine database I still get this error. which settings are you changing in the db? I changed the seetings in the database with this 2 commands: did you restart engine after changing these? Yes. I found this page in the oVirt Wiki: http://ovirt.org/w/index.php?title=OVirt_- _disable_SSL_in_VDSMdiff=3036oldid=prev psql engine -U postgres -c UPDATE vdc_options set option_value = 'false' where option_name = 'SSLEnabled' psql engine -U postgres -c UPDATE vdc_options set option_value = 'false' where option_name = 'UseSecureConnectionWithServers' UseSecureConnectionWithServers? Yes. So the general question, is there someone working on a openSuSE 11.3 or 11.4 version of vdsm? Or someone who has experience how to get it work? Regards Sascha Littel Here is the failure massage from the vdsm-reg.log I get on the vdsm host: SSLError: [Errno 185090050] _ssl.c:328: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib MainThread::DEBUGdeployUtil::1413::root::getRemoteFile end. MainThread::DEBUGdeployUtil::621::root::handleSSHKey start MainThread::ERRORdeployUtil::614::root::restorecon /root/.ssh/authorized_keys failed And this is the failure message from engine.log on the oVirt engine host: ERROR [org.ovirt.engine.core.utils.hostinstall.MinaInstallWrapper] (http--0.0.0.0-8443-1) Could not connect to server xen007.f1.aiges.net: Failed connecting to xen007.f1.aiges.net using given password! Please verify your password is correct and that the host accepts password-based authentication WARN [org.ovirt.engine.core.bll.AddVdsCommand] (http--0.0.0.0-8443-1) CanDoAction of action AddVds failed. Reasons:VDS_CANNOT_CONNECT_TO_SERVER,VAR__ACTION __ADD,VAR__TYPE__HOST Regards Sascha Littel -- /d Never say OOPS! always say Ah, Interesting! ___ vdsm-devel mailing list vdsm-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/vdsm-devel
Re: [vdsm] vdsm on openSuSE
On 05/01/2012 10:30 AM, Doron Fediuck wrote: On 30/04/12 19:23, Itamar Heim wrote: On 04/30/2012 06:45 PM, Sascha Littel wrote: Am Montag, 30. April 2012, 16:45:12 schrieben Sie: Hi Sasha, This may be an issue of SSH authentication method. Can you please check you SSH server in the host- Password auth should be password and not Keyboard-interactive. This may lead to SSH auth failure as you engine log indicates. Thanks dude this was the hint I need. I changed the PasswordAuthentication in /etc/ssh/sshd_config. Now I can add the vdsm into the oVirt engine host. Now the real work can beginn. Doron - can we catch this error and give this hint to users as something worth checking? (added engine-devel, as this extends to the engine side). AFAICT, we get auth failure, with no reason. In order to handle it we can go in to ways (need to decide)- 1. Add the keyboard-interactive auth to Mina SSHD. There's a guy who added it[a] and we may try and ask for hints from him. I know that patches are welcomed there as well ;) 2. Try to diagnose the failure we get, or scan Mina's err / debug stream. I suspect we should be able to see something like: debug1: Authentications that can continue: password,publickey ... debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password So if server does not report 'password' as an option we could give a better auth-failure message. It will be nice if someone from our community could pick this up, and if not this would be a nice feature for one of the coming versions. indeed. Sascha - care to document this issue and details in a bug to begin with? thanks, Itamar [a] http://mail-archives.apache.org/mod_mbox/mina-dev/201112.mbox/%3ccacpdtxmmweqtq+as+fqzwpgxcxday4hzxk0jarvczkyntfw...@mail.gmail.com%3E Am Montag, 30. April 2012, 13:09:25 schrieben Sie: On 04/30/2012 02:07 PM, Sascha Littel wrote: Am Montag, 30. April 2012, 05:04:09 schrieben Sie: On 04/29/2012 10:24 PM, S. Littel wrote: Hi everybody, I'm working currently on a running version of vdsm 4.9.1 for openSuSE 11.3. I'm changing many lines in the start/stop scripts e.g. paths, rc commands. Most of this work looks fine but if I try to get a connection between the oVirt engine (runs on a openSuSE 12.1) and the vdsm host I get a ssl error. Also after setting ssl in vdsm.conf to false and changing the settings in oVirt engine database I still get this error. which settings are you changing in the db? I changed the seetings in the database with this 2 commands: did you restart engine after changing these? Yes. I found this page in the oVirt Wiki: http://ovirt.org/w/index.php?title=OVirt_- _disable_SSL_in_VDSMdiff=3036oldid=prev psql engine -U postgres -c UPDATE vdc_options set option_value = 'false' where option_name = 'SSLEnabled' psql engine -U postgres -c UPDATE vdc_options set option_value = 'false' where option_name = 'UseSecureConnectionWithServers' UseSecureConnectionWithServers? Yes. So the general question, is there someone working on a openSuSE 11.3 or 11.4 version of vdsm? Or someone who has experience how to get it work? Regards Sascha Littel Here is the failure massage from the vdsm-reg.log I get on the vdsm host: SSLError: [Errno 185090050] _ssl.c:328: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib MainThread::DEBUGdeployUtil::1413::root::getRemoteFile end. MainThread::DEBUGdeployUtil::621::root::handleSSHKey start MainThread::ERRORdeployUtil::614::root::restorecon /root/.ssh/authorized_keys failed And this is the failure message from engine.log on the oVirt engine host: ERROR [org.ovirt.engine.core.utils.hostinstall.MinaInstallWrapper] (http--0.0.0.0-8443-1) Could not connect to server xen007.f1.aiges.net: Failed connecting to xen007.f1.aiges.net using given password! Please verify your password is correct and that the host accepts password-based authentication WARN [org.ovirt.engine.core.bll.AddVdsCommand] (http--0.0.0.0-8443-1) CanDoAction of action AddVds failed. Reasons:VDS_CANNOT_CONNECT_TO_SERVER,VAR__ACTION __ADD,VAR__TYPE__HOST Regards Sascha Littel ___ vdsm-devel mailing list vdsm-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/vdsm-devel
Re: [vdsm] vdsm on openSuSE
Am Montag, 30. April 2012, 13:09:25 schrieben Sie: On 04/30/2012 02:07 PM, Sascha Littel wrote: Am Montag, 30. April 2012, 05:04:09 schrieben Sie: On 04/29/2012 10:24 PM, S. Littel wrote: Hi everybody, I'm working currently on a running version of vdsm 4.9.1 for openSuSE 11.3. I'm changing many lines in the start/stop scripts e.g. paths, rc commands. Most of this work looks fine but if I try to get a connection between the oVirt engine (runs on a openSuSE 12.1) and the vdsm host I get a ssl error. Also after setting ssl in vdsm.conf to false and changing the settings in oVirt engine database I still get this error. which settings are you changing in the db? I changed the seetings in the database with this 2 commands: did you restart engine after changing these? Yes. I found this page in the oVirt Wiki: http://ovirt.org/w/index.php?title=OVirt_- _disable_SSL_in_VDSMdiff=3036oldid=prev psql engine -U postgres -c UPDATE vdc_options set option_value = 'false' where option_name = 'SSLEnabled' psql engine -U postgres -c UPDATE vdc_options set option_value = 'false' where option_name = 'UseSecureConnectionWithServers' UseSecureConnectionWithServers? Yes. So the general question, is there someone working on a openSuSE 11.3 or 11.4 version of vdsm? Or someone who has experience how to get it work? Regards Sascha Littel Here is the failure massage from the vdsm-reg.log I get on the vdsm host: SSLError: [Errno 185090050] _ssl.c:328: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib MainThread::DEBUGdeployUtil::1413::root::getRemoteFile end. MainThread::DEBUGdeployUtil::621::root::handleSSHKey start MainThread::ERRORdeployUtil::614::root::restorecon /root/.ssh/authorized_keys failed And this is the failure message from engine.log on the oVirt engine host: ERROR [org.ovirt.engine.core.utils.hostinstall.MinaInstallWrapper] (http--0.0.0.0-8443-1) Could not connect to server xen007.f1.aiges.net: Failed connecting to xen007.f1.aiges.net using given password! Please verify your password is correct and that the host accepts password-based authentication WARN [org.ovirt.engine.core.bll.AddVdsCommand] (http--0.0.0.0-8443-1) CanDoAction of action AddVds failed. Reasons:VDS_CANNOT_CONNECT_TO_SERVER,VAR__ACTION __ADD,VAR__TYPE__HOST Regards Sascha Littel -- SASCHA LITTEL Systemintegration AIGES oHG Maternuskirchplatz 9 / 50678 Köln / Germany Phone: +49-(0)221-3401-334 Fax: +49-(0)221-3401-471 sascha.lit...@aiges.de / www.aiges.de facebook.com/AIGES twitter.com/aigesnews Sitz der Gesellschaft: Köln Geschäftsführung: Athansios Bountos, Jan Zimmerschied Registergericht: Amtsgericht Köln /HRA 22818 Vat-ID DE242593530 -- Disclaimer Diese E-mail und alle Anhänge sind vertrauliche Korrespondenz, die nur für den Gebrauch durch die oben genannten Empfänger bestimmt ist. Wenn Sie nicht der beabsichtigte Empfänger oder dessen Vertreter sind, werden Sie hiermit unterrichtet, dass jede mögliche Druckausgabe, Verteilung oder Kopie dieser Korrespondenz grundsätzlich verboten ist. Wenn Sie diese Korrespondenz aufgrund eines Versehens empfangen haben, teilen Sie dies bitte dem Absender durch Telefon oder indem Sie dieser E-Mail antworten, mit und löschen Sie dann diese E-Mail aus Ihrem System. *** This e-mail and any attachments is a confidential correspondence intended only for use of the individual or entity named above. If you are not the intended recipient or the agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by phone or by replying this message, and then delete this message from your system. *** ___ vdsm-devel mailing list vdsm-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/vdsm-devel
Re: [vdsm] vdsm on openSuSE
On 04/30/2012 06:45 PM, Sascha Littel wrote: Am Montag, 30. April 2012, 16:45:12 schrieben Sie: Hi Sasha, This may be an issue of SSH authentication method. Can you please check you SSH server in the host- Password auth should be password and not Keyboard-interactive. This may lead to SSH auth failure as you engine log indicates. Thanks dude this was the hint I need. I changed the PasswordAuthentication in /etc/ssh/sshd_config. Now I can add the vdsm into the oVirt engine host. Now the real work can beginn. Doron - can we catch this error and give this hint to users as something worth checking? Am Montag, 30. April 2012, 13:09:25 schrieben Sie: On 04/30/2012 02:07 PM, Sascha Littel wrote: Am Montag, 30. April 2012, 05:04:09 schrieben Sie: On 04/29/2012 10:24 PM, S. Littel wrote: Hi everybody, I'm working currently on a running version of vdsm 4.9.1 for openSuSE 11.3. I'm changing many lines in the start/stop scripts e.g. paths, rc commands. Most of this work looks fine but if I try to get a connection between the oVirt engine (runs on a openSuSE 12.1) and the vdsm host I get a ssl error. Also after setting ssl in vdsm.conf to false and changing the settings in oVirt engine database I still get this error. which settings are you changing in the db? I changed the seetings in the database with this 2 commands: did you restart engine after changing these? Yes. I found this page in the oVirt Wiki: http://ovirt.org/w/index.php?title=OVirt_- _disable_SSL_in_VDSMdiff=3036oldid=prev psql engine -U postgres -c UPDATE vdc_options set option_value = 'false' where option_name = 'SSLEnabled' psql engine -U postgres -c UPDATE vdc_options set option_value = 'false' where option_name = 'UseSecureConnectionWithServers' UseSecureConnectionWithServers? Yes. So the general question, is there someone working on a openSuSE 11.3 or 11.4 version of vdsm? Or someone who has experience how to get it work? Regards Sascha Littel Here is the failure massage from the vdsm-reg.log I get on the vdsm host: SSLError: [Errno 185090050] _ssl.c:328: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib MainThread::DEBUGdeployUtil::1413::root::getRemoteFile end. MainThread::DEBUGdeployUtil::621::root::handleSSHKey start MainThread::ERRORdeployUtil::614::root::restorecon /root/.ssh/authorized_keys failed And this is the failure message from engine.log on the oVirt engine host: ERROR [org.ovirt.engine.core.utils.hostinstall.MinaInstallWrapper] (http--0.0.0.0-8443-1) Could not connect to server xen007.f1.aiges.net: Failed connecting to xen007.f1.aiges.net using given password! Please verify your password is correct and that the host accepts password-based authentication WARN [org.ovirt.engine.core.bll.AddVdsCommand] (http--0.0.0.0-8443-1) CanDoAction of action AddVds failed. Reasons:VDS_CANNOT_CONNECT_TO_SERVER,VAR__ACTION __ADD,VAR__TYPE__HOST Regards Sascha Littel ___ vdsm-devel mailing list vdsm-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/vdsm-devel
Re: [vdsm] vdsm on openSuSE
np Community's here for you :) Sent from my Android phone. Please ignore typos. -Original Message- From: Sascha Littel [sascha.lit...@aiges.de] Received: Monday, 30 Apr 2012, 18:46 To: Doron Fediuck [dfedi...@redhat.com] CC: vdsm-devel@lists.fedorahosted.org Subject: Re: [vdsm] vdsm on openSuSE Am Montag, 30. April 2012, 16:45:12 schrieben Sie: Hi Sasha, This may be an issue of SSH authentication method. Can you please check you SSH server in the host- Password auth should be password and not Keyboard-interactive. This may lead to SSH auth failure as you engine log indicates. Thanks dude this was the hint I need. I changed the PasswordAuthentication in /etc/ssh/sshd_config. Now I can add the vdsm into the oVirt engine host. Now the real work can beginn. Am Montag, 30. April 2012, 13:09:25 schrieben Sie: On 04/30/2012 02:07 PM, Sascha Littel wrote: Am Montag, 30. April 2012, 05:04:09 schrieben Sie: On 04/29/2012 10:24 PM, S. Littel wrote: Hi everybody, I'm working currently on a running version of vdsm 4.9.1 for openSuSE 11.3. I'm changing many lines in the start/stop scripts e.g. paths, rc commands. Most of this work looks fine but if I try to get a connection between the oVirt engine (runs on a openSuSE 12.1) and the vdsm host I get a ssl error. Also after setting ssl in vdsm.conf to false and changing the settings in oVirt engine database I still get this error. which settings are you changing in the db? I changed the seetings in the database with this 2 commands: did you restart engine after changing these? Yes. I found this page in the oVirt Wiki: http://ovirt.org/w/index.php?title=OVirt_- _disable_SSL_in_VDSMdiff=3036oldid=prev psql engine -U postgres -c UPDATE vdc_options set option_value = 'false' where option_name = 'SSLEnabled' psql engine -U postgres -c UPDATE vdc_options set option_value = 'false' where option_name = 'UseSecureConnectionWithServers' UseSecureConnectionWithServers? Yes. So the general question, is there someone working on a openSuSE 11.3 or 11.4 version of vdsm? Or someone who has experience how to get it work? Regards Sascha Littel Here is the failure massage from the vdsm-reg.log I get on the vdsm host: SSLError: [Errno 185090050] _ssl.c:328: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib MainThread::DEBUGdeployUtil::1413::root::getRemoteFile end. MainThread::DEBUGdeployUtil::621::root::handleSSHKey start MainThread::ERRORdeployUtil::614::root::restorecon /root/.ssh/authorized_keys failed And this is the failure message from engine.log on the oVirt engine host: ERROR [org.ovirt.engine.core.utils.hostinstall.MinaInstallWrapper] (http--0.0.0.0-8443-1) Could not connect to server xen007.f1.aiges.net: Failed connecting to xen007.f1.aiges.net using given password! Please verify your password is correct and that the host accepts password-based authentication WARN [org.ovirt.engine.core.bll.AddVdsCommand] (http--0.0.0.0-8443-1) CanDoAction of action AddVds failed. Reasons:VDS_CANNOT_CONNECT_TO_SERVER,VAR__ACTION __ADD,VAR__TYPE__HOST Regards Sascha Littel -- SASCHA LITTEL Systemintegration AIGES oHG Maternuskirchplatz 9 / 50678 Köln / Germany Phone: +49-(0)221-3401-334 Fax: +49-(0)221-3401-471 sascha.lit...@aiges.de / www.aiges.de facebook.com/AIGES twitter.com/aigesnews Sitz der Gesellschaft: Köln Geschäftsführung: Athansios Bountos, Jan Zimmerschied Registergericht: Amtsgericht Köln /HRA 22818 Vat-ID DE242593530 -- Disclaimer Diese E-mail und alle Anhänge sind vertrauliche Korrespondenz, die nur für den Gebrauch durch die oben genannten Empfänger bestimmt ist. Wenn Sie nicht der beabsichtigte Empfänger oder dessen Vertreter sind, werden Sie hiermit unterrichtet, dass jede mögliche Druckausgabe, Verteilung oder Kopie dieser Korrespondenz grundsätzlich verboten ist. Wenn Sie diese Korrespondenz aufgrund eines Versehens empfangen haben, teilen Sie dies bitte dem Absender durch Telefon oder indem Sie dieser E-Mail antworten, mit und löschen Sie dann diese E-Mail aus Ihrem System. *** This e-mail and any attachments is a confidential correspondence intended only for use of the individual or entity named above. If you are not the intended recipient or the agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by phone or by replying this message, and then delete this message from your system. *** Sent from my Android phone. Please ignore typos. ___ vdsm-devel mailing list vdsm-devel@lists.fedorahosted.org
Re: [vdsm] vdsm on openSuSE
On 04/29/2012 10:24 PM, S. Littel wrote: Hi everybody, I'm working currently on a running version of vdsm 4.9.1 for openSuSE 11.3. I'm changing many lines in the start/stop scripts e.g. paths, rc commands. Most of this work looks fine but if I try to get a connection between the oVirt engine (runs on a openSuSE 12.1) and the vdsm host I get a ssl error. Also after setting ssl in vdsm.conf to false and changing the settings in oVirt engine database I still get this error. which settings are you changing in the db? UseSecureConnectionWithServers? So the general question, is there someone working on a openSuSE 11.3 or 11.4 version of vdsm? Or someone who has experience how to get it work? Regards Sascha Littel ___ vdsm-devel mailing list vdsm-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/vdsm-devel