Hello,
We try to use ovirt-imageio-proxy to upload ISO image to a node. Some
errors appear and the upload do not work.
We use ovirt-engine 4.3.6 and our engine is configured to use a SSL/TLS
certificate validated by Digicert (documented in
https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL.html )
Our configuration file
|/etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf is :|
|/[proxy]//
//# Listening port//
//port = 54323//
//
//# Listening addresses (empty for all)//
//host = infra-eple.ac-guadeloupe.fr//
//
//# Wrap incoming connections with SSL//
//use_ssl = true//
//
//# Key file for SSL connections//
//ssl_key_file = /etc/pki/ovirt-engine/keys/apache.key.nopass//
//
//# Certificate file for SSL connections//
//ssl_cert_file = /etc/pki/ovirt-engine/certs/apache.cer//
//
//# Certificate file used when decoding signed token//
//engine_cert_file = /etc/pki/ovirt-engine/certs/engine.cer//
//
//# CA certificate file used to verify signed token//
//engine_ca_cert_file = /etc/pki/ovirt-engine/ca.pem//
//
//# Verify the certificate used to decode the signed token//
//verify_certificate = true//
//
//# Server shutdown request polling interval, in seconds//
//# poll_interval = 1.0//
//
//# Signed proxy ticket; false for plain-text JSON//
//# signed_proxy_ticket = true//
//
//# Allowed time drift between signed ticket issuer and proxy//
//# host, considered when checking ticket validity//
//# allowed_skew_seconds = 0//
//
//# Seconds to wait while connecting to the ovirt-imageio-daemon//
//# imaged_connection_timeout_sec = 10//
//
//# Seconds to wait while reading from the ovirt-imageio-daemon//
//# imaged_read_timeout_sec = 30/
|
|
|
*|To upload the image ISO, we use the web portal, select the host's
storage Domains, select Disks and Upload|**|--> Start.|**||**|
|**
**|When the upload||starts, the message on the web page is "Transferring
via Brower" then after sometimes it changes to "Paused by System".|**
*|*In the /var/log/ovirt-imageio-proxy/image-proxy.log file we can read :*
|
/|(Thread-6 ) INFO 2019-10-14 14:38:17,186
auth:197:auth2:(add_signed_ticket) Adding new ticket: <Ticket
id=u'e633a89d-4dd8-4155-85ef-0eb6375e4117',
transfer_id=u'11a1fb8b-22b7-4182-ac7f-b897830fffc3',
url=u'https://eple-rectorat-proto1.ac-guadeloupe.fr:54322'
timeout=35999.813010931015 at 0x7f793bc720d0>|/
*|So, it seems good, but in /var/log/ovirt-engine/engine.log some errors
are presents :|*
/|2019-10-14 14:41:13,279-04 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.GetImageTicketVDSCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-75)
[af987639-b3f7-4907-a11f-d2ffde5a6de8] START,
GetImageTicketVDSCommand(HostName = eple-rectorat-proto1,
GetImageTicketVDSCommandParameters:{hostId='56c658ea-148c-4a55-af65-e9c89ec1a984',
ticketId='e633a89d-4dd8-4155-85ef-0eb6375e4117', timeout='null'}), log
id: 728b11ad
2019-10-14 14:41:13,286-04 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.GetImageTicketVDSCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-75)
[af987639-b3f7-4907-a11f-d2ffde5a6de8] FINISH, GetImageTicketVDSCommand,
return:
org.ovirt.engine.core.common.businessentities.storage.ImageTicketInformation@8bc98ba3,
log id: 728b11ad
2019-10-14 14:41:15,136-04 INFO
[org.ovirt.engine.core.bll.storage.disk.image.TransferImageStatusCommand]
(default task-23) [98c1bb29-7c86-433c-b8f7-40cc4815b083] Running
command: TransferImageStatusCommand internal: false. Entities affected
: ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group
CREATE_DISK with role type USER
2019-10-14 14:41:16,487-04 WARN
[org.ovirt.vdsm.jsonrpc.client.utils.retry.Retryable] (SSL Stomp
Reactor) [] Retry failed
2019-10-14 14:41:16,487-04 ERROR
[org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient]
(EE-ManagedThreadFactory-engineScheduled-Thread-89) [] Exception during
connection
2019-10-14 14:41:16,487-04 ERROR
[org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring]
(EE-ManagedThreadFactory-engineScheduled-Thread-89) [] Unable to
RefreshCapabilities: ConnectException: Connection timeout
2019-10-14 14:41:16,487-04 ERROR
[org.ovirt.engine.core.vdsbroker.vdsbroker.GetCapabilitiesAsyncVDSCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-89) [] Command
'GetCapabilitiesAsyncVDSCommand(HostName = lgt-faustinfleret,
VdsIdAndVdsVDSCommandParametersBase:{hostId='8dfa9c9d-d7ac-4184-ae61-1c80fbbf487b',
vds='Host[lgt-faustinfleret,8dfa9c9d-d7ac-4184-ae61-1c80fbbf487b]'})'
execution failed: java.rmi.ConnectException: Connection timeout
2019-10-14 14:41:16,488-04 INFO
[org.ovirt.engine.core.bll.storage.disk.image.TransferImageStatusCommand]
(default task-23) [bd47f950-d4f9-42d7-980a-7e99465079dd] Running
command: TransferImageStatusCommand internal: false. Entities affected
: ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group
CREATE_DISK with role type USER
2019-10-14 14:41:16,489-04 INFO
[org.ovirt.engine.core.bll.storage.disk.image.ImageTransferUpdater]
(default task-23) [bd47f950-d4f9-42d7-980a-7e99465079dd] Updating image
transfer 11a1fb8b-22b7-4182-ac7f-b897830fffc3 (image
def85ea0-5eb4-463f-83fb-afd788e77379) phase to Paused by System
(message: 'Sent 0MB')
2019-10-14 14:41:16,495-04 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-23) [bd47f950-d4f9-42d7-980a-7e99465079dd] EVENT_ID:
UPLOAD_IMAGE_NETWORK_ERROR(1,062), Unable to upload image to disk
def85ea0-5eb4-463f-83fb-afd788e77379 due to a network error. Ensure that
ovirt-imageio-proxy service is installed and configured and that
ovirt-engine's CA certificate is registered as a trusted CA in the
browser. The certificate can be fetched from
https://infra-eple.ac-guadeloupe.fr/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA
|/
/|
|/
*|The certificate seems to be correctely configured :|*
|//etc/pki/ovirt-engine/keys/apache.key.nopass : key of our certificate/|
|||//etc/pki/ovirt-engine/certs/apache.cer : our certifcate validated by
Digicert/|
|||//etc/pki/ovirt-engine/ca.pem : the CA from /|/|fetched from
https://infra-eple.ac-guadeloupe.fr/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA|/
||/||/
||//etc/pki/ovirt-engine/certs/engine.cer : the original file producted
bye the ovirt engine/||
||/There is no network paquet going out of the engine when the upload
begins, the ovirt engine seems to block before.
/||
||/
/||
*||/Where do you think I make a mistake ?/||*
*||/
/||*
*||/Sincerely,/||*
||*/Fabrice SOLER/*/
/||
--
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/KETDA3H2RM2MMFYIV3GIS2UHYIDSPEXO/
