On Fri, 16 Mar 2018 17:46:36 +0200 Kapetanakis Giannis <bil...@edu.physics.uoc.gr> wrote:
> On 16/03/18 17:40, Kapetanakis Giannis wrote: > > On 16/03/18 15:21, Dominik Holler wrote: > >> On Fri, 16 Mar 2018 12:46:13 +0200 > >> Kapetanakis Giannis <bil...@edu.physics.uoc.gr> wrote: > >> > >>> Hi, > >>> > >>> After upgrading to 4.2.1 I have problems with ovn provider. > >>> I'm getting "Failed to synchronize networks of Provider > >>> ovirt-provider-ovn." > >>> > >>> I use custom SSL certificate in apache and I guess this is the > >>> reason. > >>> > >>> I've tried to update ovirt-provider-ovn.conf with > >>> [OVIRT] > >>> #ovirt-ca-file=/etc/pki/ovirt-engine/ca.pem > >>> ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem > >>> > >>> but still no go > > > >> > >> Would you share the lines in engine.log produced by clicking the > >> "Test" button in the "Edit Provider" dialog? > >> On Clicking the test button, are you asked about "Import provider > >> certificate"? > > SORRY wrong provider. > > It asks for the cert. > Failed to communicate with the external provider, see log for > additional details. > > 2018-03-16 17:44:08,262+02 INFO > [org.ovirt.engine.core.bll.provider.ImportProviderCertificateCommand] > (default task-52) [4731d25d-fce3-4408-99ea-8f9d1b5ee5b6] Running > command: ImportProviderCertificateCommand internal: false. Entities > affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: > SystemAction group CREATE_STORAGE_POOL with role type ADMIN > 2018-03-16 17:44:08,275+02 INFO > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > (default task-52) [4731d25d-fce3-4408-99ea-8f9d1b5ee5b6] EVENT_ID: > PROVIDER_CERTIFICATE_IMPORTED(213), Certificate for provider > ovirt-provider-ovn was imported. (User: admin@internal) 2018-03-16 > 17:44:08,302+02 INFO > [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] > (default task-44) [f4b2c57b-60c7-4ef9-a59f-0c5b22fa0356] Running > command: TestProviderConnectivityCommand internal: false. Entities > affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: > SystemAction group CREATE_STORAGE_POOL with role type ADMIN > 2018-03-16 17:44:08,360+02 ERROR > [org.ovirt.engine.core.bll.provider.network.openstack.BaseNetworkProviderProxy] > (default task-44) [f4b2c57b-60c7-4ef9-a59f-0c5b22fa0356] Bad Gateway > (OpenStack response error code: 502) 2018-03-16 17:44:08,360+02 ERROR > [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] > (default task-44) [f4b2c57b-60c7-4ef9-a59f-0c5b22fa0356] Command > 'org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand' > failed: EngineException: (Failed with error PROVIDER_FAILURE and code > 5050) > > and in provider log: > > 2018-03-16 17:45:33,961 requests.packages.urllib3.connectionpool > Starting new HTTPS connection (1): engine-host 2018-03-16 > 17:45:33,961 requests.packages.urllib3.connectionpool Starting new > HTTPS connection (1): engine-host 2018-03-16 17:45:33,966 root [SSL: > CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579) > Traceback (most recent call last): File > "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 131, > in _handle_request method, path_parts, content) File > "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line > 175, in handle_request return self.call_response_handler(handler, > content, parameters) File > "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in > call_response_handler return response_handler(content, parameters) > File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", > line 62, in post_tokens user_password=user_password) File > "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 26, in > create_token return auth.core.plugin.create_token(user_at_domain, > user_password) File > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/plugin.py", line > 48, in create_token timeout=self._timeout()) File > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, > in create_token username, password, engine_url, ca_file, timeout) > File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line > 91, in _get_sso_token timeout=timeout File > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, > in wrapper response = func(*args, **kwargs) File > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, > in wrapper raise BadGateway(e) BadGateway: [SSL: > CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579) > Thanks. Yes, the ovirt-provider-ovn refuses to connect to ovirt-engine for authentication because ovirt-provider-ovn does not trust the ssl-certificate and propagates this as the BadGateway error. Please not that engine-setup creates the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf which overwrites the default values from /etc/ovirt-provider-ovn/ovirt-provider-ovn.conf If you want to check if the referenced /etc/pki/ovirt-engine/apache-ca.pem is correct, you can use the following python snippet: import requests response = requests.get('https://ENGINE_FQDN/', verify='/etc/pki/ovirt-engine/apache-ca.pem') assert response.status_code == 200 Does this help to solve the issue? _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users