On Wed, Oct 2, 2019 at 12:13 AM Mail SET Inc. Group <m...@set-pro.net> wrote:
> Few hours later i'm fixed SSL error, > Would you share how you fixed the error? This might also help to understand the next issue. > but get a new error > > 2019-10-02 01:02:38,369 root Starting server > 2019-10-02 01:02:38,369 root Version: 1.2.22-1 > 2019-10-02 01:02:38,369 root Build date: 20190509114402 > 2019-10-02 01:02:38,369 root Githash: 38acbde > 2019-10-02 01:02:46,471 root From: ::ffff:172.19.0.10:33644 Request: POST > /v2.0/tokens > 2019-10-02 01:02:46,471 root Request body: > {"auth": {"passwordCredentials": {"username": "admin@internal", > "password": "<PASSWORD_HIDDEN>"}}} > 2019-10-02 01:02:46,472 root Error during SSO authentication > invalid_request : Missing parameter: 'client_secret' > Traceback (most recent call last): > File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 138, > in _handle_request > method, path_parts, content > File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line > 175, in handle_request > return self.call_response_handler(handler, content, parameters) > File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in > call_response_handler > return response_handler(content, parameters) > File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", > line 69, in post_tokens > if not auth.validate_token(token): > File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 31, in > validate_token > return auth.core.plugin.validate_token(token) > File > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", > line 36, in validate_token > return self._is_user_name(token, _admin_user_name()) > File > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", > line 47, in _is_user_name > timeout=AuthorizationByUserName._timeout()) > File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line > 131, in get_token_info > timeout=timeout > File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 55, > in wrapper > _check_for_error(response) > File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line > 181, in _check_for_error > result['error'], details)) > Unauthorized: Error during SSO authentication invalid_request : Missing > parameter: 'client_secret' > > > looks like the /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf does not fit to engine's db. Maybe most easy would be to move the current /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf away from /etc/ovirt-provider-ovn/conf.d/ and re-trigger the configuration by using the parameter '--reconfigure-optional-components' of engine-setup. Was the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf modified outside engine-setup? > 1 окт. 2019 г., в 22:53, Mail SET Inc. Group <m...@set-pro.net> > написал(а): > > Hello! > Get problems with clean installation 4.3.6.6-1.el7 and OVN > > When i try to test OVN get notification: > «Import provider certificate» > Do you approve trusting self signed certificate subject CN=Certificate > Authority, O=SET.LOCAL, SHA-1 fingerprint > a9d9b91160bb306667a521e6f2c66037ddc437cb? > > When i’m press «Yes», see old problem: > Failed to communicate with the external provider, see log for additional > details. > > [root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log > timeout=self._timeout()) > File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, > in create_token > username, password, engine_url, ca_file, timeout) > File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91, > in _get_sso_token > timeout=timeout > File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, > in wrapper > response = func(*args, **kwargs) > File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, > in wrapper > raise BadGateway(e) > BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed > (_ssl.c:618) > > [root@engine ~]# cat > /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf > # This file is automatically generated by engine-setup. Please do not edit > manually > [OVN REMOTE] > ovn-remote=ssl:127.0.0.1:6641 > [SSL] > https-enabled=true > ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem > ssl-cert-file=/etc/pki/ovirt-engine/certs/apache.cer > ssl-key-file=/etc/pki/ovirt-engine/keys/apache.key.nopass > [OVIRT] > ovirt-sso-client-id=ovirt-provider-ovn > ovirt-ca-file=/etc/pki/ovirt-engine/certs/engine.cer > ovirt-host=https://engine.set.local:443/ovirt-engine/ > <https://engine.set.local/ovirt-engine/> > ovirt-sso-client-secret=vy80-QmCNNv6wP7JFvN9GWhPmYvo0lBNl5J8hpiGRa4 > [NETWORK] > port-security-enabled-default=True > [PROVIDER] > provider-host=engine.set.local > > [root@engine ~]# python -c "import requests; \ > print requests.get('https://engine.set.local', \ > verify='/etc/pki/ovirt-engine/apache-ca.pem')" > <Response [200]> > > What’s wrong ? > > > _______________________________________________ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/IDUB3LOJHLRQVC2EFLSCN3MKYDEPZIRZ/ >
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/FPOXJV556C5NZURBUAVWQZX3HT62QXKS/