* Ryan Harper <[email protected]> [2012-07-30 14:02]: > I'm having trouble getting a F17 system[1] added to engine[2]. The symtoms > are in the engine UI, it says the install falls. I'm using the latest > rpms[3]
While attempting to reproduce this; I started from scratch and purged my engine host and re-installed from the 3.1 repo[1] and now everything is working. I suppose it may have been an artifact from using the beta 3.1 repo. > > On the end-point, the bootstrap log shows success. > > However, when I attempt to test the vdsm install with: > > vdsClient -s 0 getVdsCaps > > I get a nice ssl error: > > [root@hungerforce tmp]# vdsClient -s 0 getVdsCaps > Traceback (most recent call last): > File "/usr/share/vdsm/vdsClient.py", line 2275, in <module> > code, message = commands[command][0](commandArgs) > File "/usr/share/vdsm/vdsClient.py", line 403, in do_getCap > return self.ExecAndExit(self.s.getVdsCapabilities()) > File "/usr/lib64/python2.7/xmlrpclib.py", line 1224, in __call__ > return self.__send(self.__name, args) > File "/usr/lib64/python2.7/xmlrpclib.py", line 1578, in __request > verbose=self.__verbose > File "/usr/lib64/python2.7/xmlrpclib.py", line 1264, in request > return self.single_request(host, handler, request_body, verbose) > File "/usr/lib64/python2.7/xmlrpclib.py", line 1292, in single_request > self.send_content(h, request_body) > File "/usr/lib64/python2.7/xmlrpclib.py", line 1439, in send_content > connection.endheaders(request_body) > File "/usr/lib64/python2.7/httplib.py", line 954, in endheaders > self._send_output(message_body) > File "/usr/lib64/python2.7/httplib.py", line 814, in _send_output > self.send(msg) > File "/usr/lib64/python2.7/httplib.py", line 776, in send > self.connect() > File "/usr/lib/python2.7/site-packages/vdsm/SecureXMLRPCServer.py", line > 98, in connect > cert_reqs=self.cert_reqs) > File "/usr/lib64/python2.7/ssl.py", line 381, in wrap_socket > ciphers=ciphers) > File "/usr/lib64/python2.7/ssl.py", line 141, in __init__ > ciphers) > SSLError: [Errno 185090050] _ssl.c:340: error:0B084002:x509 certificate > routines:X509_load_cert_crl_file:system lib > > > This problem is because not all of the ssl certs for vdsm are present. > On a working host: > > [root@ichigo-dom226 tmp]# find /etc/pki/vdsm -type f > /etc/pki/vdsm/certs/cacert.pem > /etc/pki/vdsm/certs/vdsmcert.pem > /etc/pki/vdsm/keys/libvirt_password > /etc/pki/vdsm/keys/dh.pem > /etc/pki/vdsm/keys/vdsmkey.pem > > On the host with the error: > > [root@hungerforce tmp]# find /etc/pki/vdsm -type f > /etc/pki/vdsm/keys/dh.pem > /etc/pki/vdsm/keys/libvirt_password > /etc/pki/vdsm/keys/vdsmkey.pem > > > As it turns out: > /etc/pki/vdsm/certs/cacert.pem > /etc/pki/vdsm/certs/vdsmcert.pem > > These files are generated from: > > /usr/libexec/vdsm/vdsm-gencerts.sh > > > which is invoked by: deployUtils.instCert() > > which is called by: vds_bootstrap_complete.py > > > So... the question is: why isn't vds_bootstrap_complete.py getting > invoked? > > > Also, if I re-run the vdsm-gencerts.sh and validate my certificates I > can get vdsm to work properly on the host (vdsClient -s works)... then > if I go to engine and attempt to Activate, it just say the host is > non-responsive... re-installing re-breaks vdsm since it doesn't generate > the SSL certs. > > > > > 1. [root@hungerforce tmp]# rpm -qa | egrep "(vdsm|libvirt)" > vdsm-4.10.0-5.fc17.x86_64 > vdsm-python-4.10.0-5.fc17.x86_64 > libvirt-daemon-config-nwfilter-0.9.11.4-3.fc17.x86_64 > libvirt-daemon-0.9.11.4-3.fc17.x86_64 > libvirt-lock-sanlock-0.9.11.4-3.fc17.x86_64 > vdsm-xmlrpc-4.10.0-5.fc17.noarch > vdsm-cli-4.10.0-5.fc17.noarch > libvirt-0.9.11.4-3.fc17.x86_64 > libvirt-daemon-config-network-0.9.11.4-3.fc17.x86_64 > libvirt-client-0.9.11.4-3.fc17.x86_64 > libvirt-python-0.9.11.4-3.fc17.x86_64 > > > 2. [root@bebop ~]# rpm -qa | egrep "(ovirt-engine|vdsm)" > ovirt-engine-dbscripts-3.1.0-1.fc17.noarch > ovirt-engine-userportal-3.1.0-1.fc17.noarch > ovirt-engine-genericapi-3.1.0-1.fc17.noarch > ovirt-engine-cli-3.1.0.6-1.fc17.noarch > ovirt-engine-backend-3.1.0-1.fc17.noarch > ovirt-engine-notification-service-3.1.0-1.fc17.noarch > ovirt-engine-3.1.0-1.fc17.noarch > vdsm-bootstrap-4.10.0-5.fc17.noarch > ovirt-engine-webadmin-portal-3.1.0-1.fc17.noarch > ovirt-engine-restapi-3.1.0-1.fc17.noarch > ovirt-engine-config-3.1.0-1.fc17.noarch > ovirt-engine-sdk-3.1.0.4-1.fc17.noarch > ovirt-engine-tools-common-3.1.0-1.fc17.noarch > ovirt-engine-setup-3.1.0-1.fc17.noarch > > > 3. http://ovirt.org/releases/3.1/rpm/Fedora/17/ > > -- > Ryan Harper > Software Engineer; Linux Technology Center > IBM Corp., Austin, Tx > [email protected] > > _______________________________________________ > Users mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/users -- Ryan Harper Software Engineer; Linux Technology Center IBM Corp., Austin, Tx [email protected] _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
