Something strange happens.. What changes i do. I change Engine SSL using this https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL.html <https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL.html> manual
I'm don’t checked how work OVN before changes. Of course i modiied '/etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf' because i changed engine certificate. What i see today: 2019-10-02 13:02:47,854 root From: ::ffff:172.19.0.10:60482 Request: GET /v2.0/ 2019-10-02 13:02:47,854 root [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')] Traceback (most recent call last): File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 138, in _handle_request method, path_parts, content File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, in handle_request return self.call_response_handler(handler, content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/neutron.py", line 35, in call_response_handler with NeutronApi() as ovn_north: File "/usr/share/ovirt-provider-ovn/neutron/neutron_api.py", line 77, in __init__ self.ovsidl, self.idl = ovn_connection.connect() File "/usr/share/ovirt-provider-ovn/ovn_connection.py", line 43, in connect ovnconst.OVN_NORTHBOUND File "/usr/lib/python2.7/site-packages/ovsdbapp/backend/ovs_idl/connection.py", line 127, in from_server helper = idlutils.get_schema_helper(connection_string, schema_name) File "/usr/lib/python2.7/site-packages/ovsdbapp/backend/ovs_idl/idlutils.py", line 118, in get_schema_helper stream.Stream.open(connection)) File "/usr/lib64/python2.7/site-packages/ovs/stream.py", line 226, in open_block error = stream.connect() File "/usr/lib64/python2.7/site-packages/ovs/stream.py", line 802, in connect self.socket.do_handshake() File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1716, in do_handshake self._raise_ssl_error(self._ssl, result) File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1456, in _raise_ssl_error _raise_current_error() File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue raise exception_type(errors) Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')] My config: # This file is automatically generated by engine-setup. Please do not edit manually [OVN REMOTE] ovn-remote=ssl:127.0.0.1:6641 [SSL] https-enabled=true #ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem #ssl-cert-file=/etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer #ssl-key-file=/etc/pki/ovirt-engine/keys/ovirt-provider-ovn.key.nopass ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem ssl-cert-file=/etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer ssl-key-file=/etc/pki/ovirt-engine/keys/ovirt-provider-ovn.key.nopass [OVIRT] ovirt-host=https://engine.set.local:443 ovirt-base=/ovirt-engine ovirt-auth-timeout=110 ovirt-sso-client-id=ovirt-provider-ovn ovirt-sso-client-secret=PzrrA0GBGwBzlKcf2s3j6PZK1BONTQG6FR6UxPWNqYY #ovirt-sso-client-secret=HO0GftT4aT1SvuDZhqB0NInAeHr5OsNu ovirt-admin-user-name=admin@internal ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem [NETWORK] port-security-enabled-default=True [PROVIDER] provider-host=engine.set.local Now try '--reconfigure-optional-components' of engine-setup. > 2 окт. 2019 г., в 10:11, Dominik Holler <dhol...@redhat.com> написал(а): > > > > On Wed, Oct 2, 2019 at 12:13 AM Mail SET Inc. Group <m...@set-pro.net > <mailto:m...@set-pro.net>> wrote: > Few hours later i'm fixed SSL error, > > Would you share how you fixed the error? > This might also help to understand the next issue. > > > but get a new error > > 2019-10-02 01:02:38,369 root Starting server > 2019-10-02 01:02:38,369 root Version: 1.2.22-1 > 2019-10-02 01:02:38,369 root Build date: 20190509114402 > 2019-10-02 01:02:38,369 root Githash: 38acbde > 2019-10-02 01:02:46,471 root From: ::ffff:172.19.0.10:33644 > <http://172.19.0.10:33644/> Request: POST /v2.0/tokens > 2019-10-02 01:02:46,471 root Request body: > {"auth": {"passwordCredentials": {"username": "admin@internal", "password": > "<PASSWORD_HIDDEN>"}}} > 2019-10-02 01:02:46,472 root Error during SSO authentication invalid_request > : Missing parameter: 'client_secret' > Traceback (most recent call last): > File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 138, in > _handle_request > method, path_parts, content > File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line > 175, in handle_request > return self.call_response_handler(handler, content, parameters) > File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in > call_response_handler > return response_handler(content, parameters) > File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line > 69, in post_tokens > if not auth.validate_token(token): > File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 31, in > validate_token > return auth.core.plugin.validate_token(token) > File > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", > line 36, in validate_token > return self._is_user_name(token, _admin_user_name()) > File > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", > line 47, in _is_user_name > timeout=AuthorizationByUserName._timeout()) > File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 131, > in get_token_info > timeout=timeout > File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 55, in > wrapper > _check_for_error(response) > File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 181, > in _check_for_error > result['error'], details)) > Unauthorized: Error during SSO authentication invalid_request : Missing > parameter: 'client_secret' > > > > > looks like the > /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf > does not fit to engine's db. > > Maybe most easy would be to move the current > /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf > away from /etc/ovirt-provider-ovn/conf.d/ and re-trigger the configuration by > using the > parameter '--reconfigure-optional-components' of engine-setup. > > Was the file /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf > modified outside engine-setup? > >> 1 окт. 2019 г., в 22:53, Mail SET Inc. Group <m...@set-pro.net >> <mailto:m...@set-pro.net>> написал(а): >> >> Hello! >> Get problems with clean installation 4.3.6.6-1.el7 and OVN >> >> When i try to test OVN get notification: >> «Import provider certificate» >> Do you approve trusting self signed certificate subject CN=Certificate >> Authority, O=SET.LOCAL, SHA-1 fingerprint >> a9d9b91160bb306667a521e6f2c66037ddc437cb? >> >> When i’m press «Yes», see old problem: >> Failed to communicate with the external provider, see log for additional >> details. >> >> [root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log >> timeout=self._timeout()) >> File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, >> in create_token >> username, password, engine_url, ca_file, timeout) >> File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91, >> in _get_sso_token >> timeout=timeout >> File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, >> in wrapper >> response = func(*args, **kwargs) >> File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, >> in wrapper >> raise BadGateway(e) >> BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed >> (_ssl.c:618) >> >> [root@engine ~]# cat >> /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf >> # This file is automatically generated by engine-setup. Please do not edit >> manually >> [OVN REMOTE] >> ovn-remote=ssl:127.0.0.1:6641 <http://127.0.0.1:6641/> >> [SSL] >> https-enabled=true >> ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem >> ssl-cert-file=/etc/pki/ovirt-engine/certs/apache.cer >> ssl-key-file=/etc/pki/ovirt-engine/keys/apache.key.nopass >> [OVIRT] >> ovirt-sso-client-id=ovirt-provider-ovn >> ovirt-ca-file=/etc/pki/ovirt-engine/certs/engine.cer >> ovirt-host=https://engine.set.local:443/ovirt-engine/ >> <https://engine.set.local/ovirt-engine/> >> ovirt-sso-client-secret=vy80-QmCNNv6wP7JFvN9GWhPmYvo0lBNl5J8hpiGRa4 >> [NETWORK] >> port-security-enabled-default=True >> [PROVIDER] >> provider-host=engine.set.local >> >> [root@engine ~]# python -c "import requests; \ >> print requests.get('https://engine.set.local <https://engine.set.local/>', \ >> verify='/etc/pki/ovirt-engine/apache-ca.pem')" >> <Response [200]> >> >> What’s wrong ? > > _______________________________________________ > Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> > To unsubscribe send an email to users-le...@ovirt.org > <mailto:users-le...@ovirt.org> > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > <https://www.ovirt.org/site/privacy-policy/> > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > <https://www.ovirt.org/community/about/community-guidelines/> > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/IDUB3LOJHLRQVC2EFLSCN3MKYDEPZIRZ/ > > <https://lists.ovirt.org/archives/list/users@ovirt.org/message/IDUB3LOJHLRQVC2EFLSCN3MKYDEPZIRZ/>
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/LSSTCJK4BK5JGBGPOKZZP77DIUGIPNBK/