On Thu, Oct 22, 2015 at 2:29 PM, Gianluca Cecchi <gianluca.cec...@gmail.com> wrote:
> On Thu, Oct 22, 2015 at 2:15 PM, Simone Tiraboschi <stira...@redhat.com> > wrote: > >> >>> 2015-10-21 17:36:33 DEBUG otopi.plugins.otopi.dialog.machine >>> dialog.__logString:219 DIALOG:SEND ### Please input VDSM certificate >>> chain that matches certificate request, top is issuer >>> 2015-10-21 17:36:33 DEBUG otopi.plugins.otopi.dialog.machine >>> dialog.__logString:219 DIALOG:SEND ### >>> 2015-10-21 17:36:33 DEBUG otopi.plugins.otopi.dialog.machine >>> dialog.__logString:219 DIALOG:SEND ### type >>> '--=451b80dc-996f-432e-9e4f-2b29ef6d1141=--' in own line to mark end, >>> '--=451b80dc-996f-ABORT-9e4f-2b29ef6d1141=--' aborts >>> 2015-10-21 17:36:33 DEBUG otopi.context context._executeMethod:156 >>> method exception >>> Traceback (most recent call last): >>> File "/tmp/ovirt-xP0lq4KMou/pythonlib/otopi/context.py", line 146, in >>> _executeMethod >>> method['method']() >>> File >>> "/tmp/ovirt-xP0lq4KMou/otopi-plugins/ovirt-host-common/vdsm/pki.py", line >>> 319, in _misc >>> '\n\nPlease input VDSM certificate chain that ' >>> File "/tmp/ovirt-xP0lq4KMou/otopi-plugins/otopi/dialog/machine.py", >>> line 207, in queryMultiString >>> v = self._readline() >>> File "/tmp/ovirt-xP0lq4KMou/pythonlib/otopi/dialog.py", line 263, in >>> _readline >>> raise IOError(_('End of file')) >>> IOError: End of file >>> 2015-10-21 17:36:33 ERROR otopi.context context._executeMethod:165 >>> Failed to execute stage 'Misc configuration': End of file >>> 2015-10-21 17:36:33 DEBUG otopi.transaction transaction.abort:134 >>> aborting 'Yum Transaction' >>> 2015-10-21 17:36:33 INFO otopi.plugins.otopi.packagers.yumpackager >>> yumpackager.info:95 Yum Performing yum transaction rollback >>> Loaded plugins: fastestmirror, langpacks >>> >> >> The issue seams to be there: >> we have an input request on host-deploy to have somebody explicitly >> trusting the VDSM cert chain but of course, being an automated process, >> nobody will respond and so it failed. >> Did you manually changed the engine cert or some others CA cert? >> >> No. > The only thing is that I first ran > hosted-engine --deploy > without putting the hostname of engine inside /etc/hosts of hypervisor and > it failed (see my first mail of the thread), I think without doing anything > (at least at engine VM level, I don't know if it created a cert...), but > generating an answer file. > > And then I ran, as you suggested (with the warning you noted) > hosted-engine --deploy --config-append=answer_file > > Inside log of first run > (ovirt-hosted-engine-setup-20151021151938-j4hy5g.log) I see > > 2015-10-21 15:20:13 DEBUG > otopi.plugins.ovirt_hosted_engine_setup.pki.vdsmpki plugin.execute:936 > execut > e-output: ('/bin/openssl', 'x509', '-noout', '-text', '-in', > '/etc/pki/vdsm/libvirt-spice/server-cert.p > em') stdout: > Certificate: > Data: > Version: 1 (0x0) > Serial Number: 1 (0x1) > Signature Algorithm: sha1WithRSAEncryption > Issuer: C=EN, L=Test, O=Test, CN=TestCA > Validity > Not Before: Oct 21 13:20:13 2015 GMT > Not After : Oct 20 13:20:13 2018 GMT > Subject: C=EN, L=Test, O=Test, CN=Test > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > Public-Key: (1024 bit) > Modulus: > 00:bd:f8:d4:a0:87:9e:20:7f:71:12:8d:8e:90:e0: > ... > > Inside the run with answer file > (ovirt-hosted-engine-setup-20151021170822-p1iv3y.log) I see > 2015-10-21 17:08:22 DEBUG > otopi.plugins.ovirt_hosted_engine_setup.pki.vdsmpki plugin.execute:936 > execute-output: ('/bin/openssl', 'x509', '-noout', '-text', '-in', > '/etc/pki/vdsm/libvirt-spice/server-cert.pem') stdout: > Certificate: > Data: > Version: 1 (0x0) > Serial Number: 1 (0x1) > Signature Algorithm: sha1WithRSAEncryption > Issuer: C=EN, L=Test, O=Test, CN=TestCA > Validity > Not Before: Oct 21 13:20:13 2015 GMT > Not After : Oct 20 13:20:13 2018 GMT > Subject: C=EN, L=Test, O=Test, CN=Test > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > Public-Key: (1024 bit) > Modulus: > 00:bd:f8:d4:a0:87:9e:20:7f:71:12:8d:8e:90:e0: > > > Any particular file or section in log files to cross check? > I can also start from scratch in case.... just to be sure that I don't get > into same problem, so that it can be useful to find it before... > > I suspect that that host-deploy fails cause you have in place a leftover VDSM cert from the previous attempt which is still signed by your previous attempt engine and so it fails to match this new engine: on the second attempt hosted-engine-setup deployed again the engine appliance creating a new instance with different certs. You could try to run on the host: /bin/rm /etc/vdsm/vdsm.conf /bin/rm /etc/pki/vdsm/*/*.pem /bin/rm /etc/pki/CA/cacert.pem /bin/rm /etc/pki/libvirt/*.pem /bin/rm /etc/pki/libvirt/private/*.pem vdsm-tool configure --force systemctl restart vdsmd than try to redeploy the host from the web-ui. Hosted-engine configuration should be keep so it should work. To be sure simply reboot the host: if everything is fine the HA agent should restart your engine VM. > Thanks, > Gianluca >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users