On Sun, 24 Apr 2016 21:37:07 +0200 Piotr wrote: PK> Looking at the info you pasted I see: PK> "java.net.NoRouteToHostException: No route to host". PK> It usually mean that there is/was something wrong with your network.
I saw that too, and tried pings first. Those worked fine, and the re-install worked right away after I made the java sslv3 change. I'm going to reinstall and move a host from a different lab. We'll see if I have the same experience with it... Robert PK> On Wed, Apr 20, 2016 at 3:28 PM, Robert Story <rst...@tislabs.com> wrote: PK> > On Wed, 20 Apr 2016 08:52:49 -0400 Alexander wrote: PK> > AW> On Wednesday, April 20, 2016 08:39:14 AM Robert Story wrote: PK> > AW> > Yesterday I had to re-install a host node in my 3.5.6 cluster. After a fresh PK> > AW> > install of CentOS 7.2, attempts to re-install failed, as did removing and PK> > AW> > re-adding the node. Here is a log excerpt from the engine: PK> > AW> > PK> > AW> > [...] PK> > AW> > [org.ovirt.engine.core.vdsbroker.VdsManager] PK> > AW> > (DefaultQuartzScheduler_Worker-38) Host eclipse is not responding. It will PK> > AW> > stay in Connecting state for a grace period of 120 seconds and after that PK> > AW> > an attempt to fence the host will be issued. 2016-04-19 18:22:01,938 ERROR PK> > AW> > [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] PK> > AW> > (DefaultQuartzScheduler_Worker-38) Failure to refresh Vds runtime info: PK> > AW> > org.ovirt.engine.core.vdsbroker.vdsbroker.VDSNetworkException: PK> > AW> > java.net.NoRouteToHostException: No route to host at PK> > AW> > org.ovirt.engine.core.vdsbroker.vdsbroker.VdsBrokerCommand.createNetworkExc PK> > AW> > eption(VdsBrokerCommand.java:126) [vdsbroker.jar:] PK> > AW> > PK> > AW> > Luckily seeing SSL+java in the log tickled my memory about java disabling PK> > AW> > SSLv3, and google helped me find this workaround: PK> > AW> > PK> > AW> > - edit /usr/lib/jvm/java/jre/lib/security/java.security PK> > AW> > - look for jdk.tls.disabledAlgorithms PK> > AW> > - remove SSLv3 from the list PK> > AW> > - service ovirt-engine restart PK> > AW> > PK> > AW> > Google also tells me that this should be an issue for 3.5, and there is a PK> > AW> > vdsm setting, VdsmSSLProtocol, that can be set to use TLS, but I can't find PK> > AW> > how to change/set it. Anyone know the secret? PK> > AW> PK> > AW> Pretty much everything engine related can be configured with PK> > AW> engine-config. engine-config -l will give you a list of all the PK> > AW> options. engine-config -g <key> will get the current value, PK> > AW> engine-config -s <key>=<value> will set it. A quick grep indicates that PK> > AW> you are looking for the VdsmSSLProtocol key. PK> > PK> > Hmmm.. PK> > PK> > # engine-config -g VdsmSSLProtocol PK> > VdsmSSLProtocol: TLSv1 version: general PK> > PK> > Looks like it's already set to TLS, making me wonder why I needed to remove SSLv3. I just put it back and restarted the engine, and it seems to be communicating with all hosts ok. So maybe it's just some process/code using during install that isn't using this setting...
pgpEdK00i1P3K.pgp
Description: OpenPGP digital signature
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
