On February 3, 2020 11:23:57 AM GMT+02:00, Dominik Holler <[email protected]> wrote: >On Wed, Oct 2, 2019 at 12:29 PM Mail SET Inc. Group <[email protected]> >wrote: > >> --reconfigure-optional-components not helps. And the file >/etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf >> not exists after setup. >> >> [root@engine ~]# rm >> /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf >> >> >> [root@engine ~]# engine-setup --reconfigure-optional-components >> [ INFO ] Stage: Initializing >> [ INFO ] Stage: Environment setup >> Configuration files: >> ['/etc/ovirt-engine-setup.conf.d/10-packaging-jboss.conf', >> '/etc/ovirt-engine-setup.conf.d/10-packaging.conf', >> '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf'] >> Log file: >> >/var/log/ovirt-engine/setup/ovirt-engine-setup-20191002131904-4iwth0.log >> Version: otopi-1.8.3 (otopi-1.8.3-1.el7) >> [ INFO ] Stage: Environment packages setup >> [ INFO ] Stage: Programs detection >> [ INFO ] Stage: Environment setup (late) >> [ INFO ] Stage: Environment customization >> >> >> --== PRODUCT OPTIONS ==-- >> >> >> Set up Cinderlib integration >> (Currently in tech preview) >> (Yes, No) [No]: >> [ INFO ] ovirt-provider-ovn already installed, skipping. >> >> >> > > >The old installation is still detected. > >1. backup /etc/ovirt-provider-ovn/ >2. restore the original >/etc/ovirt-provider-ovn/ovirt-provider-ovn.conf, >e.g. to >https://github.com/oVirt/ovirt-provider-ovn/blob/master/provider/ovirt-provider-ovn.conf >3. /backup etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf, >4. rename ovirt-provider-ovn external provider entity in oVirt >webadmin, >5. comment OVESETUP_OVN/ovirtProviderOvnId >in /etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf >6. engine-setup --reconfigure-optional-components >7. If modifications of the certificates are required, please create a >new >file in /etc/ovirt-provider-ovn/conf.d/ , e.g. 50-ssl-modifications > >Do these steps solve the problem for you? > > >Dec 18 21:01:02 <dholler> password should be the usual admin@interal >password > > >> >> --== PACKAGES ==-- >> >> >> [ INFO ] Checking for product updates... >> [ INFO ] No product updates found >> >> >> --== NETWORK CONFIGURATION ==-- >> >> >> Setup can automatically configure the firewall on this >system. >> Note: automatic configuration of the firewall may overwrite >> current settings. >> NOTICE: iptables is deprecated and will be removed in >future >> releases >> Do you want Setup to configure the firewall? (Yes, No) >[Yes]: >> [ INFO ] firewalld will be configured as firewall manager. >> >> >> --== DATABASE CONFIGURATION ==-- >> >> >> The detected DWH database size is 111 MB. >> Setup can backup the existing database. The time and space >> required for the database backup depend on its size. This process >takes >> time, and in some cases (for instance, when the size is few GBs) may >take >> several hours to complete. >> If you choose to not back up the database, and Setup later >fails >> for some reason, it will not be able to restore the database and all >DWH >> data will be lost. >> Would you like to backup the existing database before >upgrading >> it? (Yes, No) [Yes]: >> Perform full vacuum on the oVirt engine history >> database ovirt_engine_history@localhost? >> This operation may take a while depending on this setup >health >> and the >> configuration of the db vacuum process. >> See https://www.postgresql.org/docs/10/sql-vacuum.html >> (Yes, No) [No]: >> >> >> --== OVIRT ENGINE CONFIGURATION ==-- >> >> >> Perform full vacuum on the engine database >engine@localhost? >> This operation may take a while depending on this setup >health >> and the >> configuration of the db vacuum process. >> See https://www.postgresql.org/docs/10/sql-vacuum.html >> (Yes, No) [No]: >> >> >> --== STORAGE CONFIGURATION ==-- >> >> >> >> >> --== PKI CONFIGURATION ==-- >> >> >> [WARNING] Failed to read or parse >'/etc/pki/ovirt-engine/keys/apache.p12' >> Perhaps it was changed since last Setup. >> Error was: >> Mac verify error: invalid password? >> >> >> >> >> --== APACHE CONFIGURATION ==-- >> >> >> >> >> --== SYSTEM CONFIGURATION ==-- >> >> >> >> >> --== MISC CONFIGURATION ==-- >> >> >> >> >> --== END OF CONFIGURATION ==-- >> >> >> [ INFO ] Stage: Setup validation >> During execution engine service will be stopped (OK, >Cancel) >> [OK]: >> [ INFO ] Hosted Engine HA is in Global Maintenance mode. >> [WARNING] Less than 16384MB of memory is available >> [ INFO ] Cleaning stale zombie tasks and commands >> >> >> --== CONFIGURATION PREVIEW ==-- >> >> >> Default SAN wipe after delete : False >> Firewall manager : firewalld >> Update Firewall : True >> Host FQDN : engine.set.local >> Set up Cinderlib integration : False >> Engine database secured connection : False >> Engine database user name : engine >> Engine database name : engine >> Engine database host : localhost >> Engine database port : 5432 >> Engine database host name validation : False >> Engine installation : True >> PKI organization : set.local >> Set up ovirt-provider-ovn : True >> Configure WebSocket Proxy : True >> DWH installation : True >> DWH database secured connection : False >> DWH database host : localhost >> DWH database user name : >ovirt_engine_history >> DWH database name : >ovirt_engine_history >> Backup DWH database : True >> DWH database port : 5432 >> DWH database host name validation : False >> Configure Image I/O Proxy : True >> Configure VMConsole Proxy : True >> >> >> Please confirm installation settings (OK, Cancel) [OK]: >> [ INFO ] Cleaning async tasks and compensations >> [ INFO ] Unlocking existing entities >> [ INFO ] Checking the Engine database consistency >> [ INFO ] Stage: Transaction setup >> [ INFO ] Stopping engine service >> [ INFO ] Stopping ovirt-fence-kdump-listener service >> [ INFO ] Stopping dwh service >> [ INFO ] Stopping Image I/O Proxy service >> [ INFO ] Stopping vmconsole-proxy service >> [ INFO ] Stopping websocket-proxy service >> [ INFO ] Stage: Misc configuration (early) >> [ INFO ] Stage: Package installation >> [ INFO ] Stage: Misc configuration >> [ INFO ] Upgrading CA >> [ INFO ] Updating /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf >to >> use apache key and certificate >> [ INFO ] Backing up database localhost:ovirt_engine_history to >> '/var/lib/ovirt-engine-dwh/backups/dwh-20191002132135.4DV89M.dump'. >> [ INFO ] Creating/refreshing DWH database schema >> [ INFO ] Configuring Image I/O Proxy >> [ INFO ] Configuring WebSocket Proxy >> [ INFO ] Backing up database localhost:engine to >> '/var/lib/ovirt-engine/backups/engine-20191002132145.CzmG31.dump'. >> [ INFO ] Creating/refreshing Engine database schema >> [ INFO ] Creating/refreshing Engine 'internal' domain database >schema >> Unregistering existing client registration info. >> [ INFO ] Generating post install configuration file >> '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf' >> [ INFO ] Stage: Transaction commit >> [ INFO ] Stage: Closing up >> [ INFO ] Starting engine service >> [ INFO ] Starting dwh service >> [ INFO ] Restarting ovirt-vmconsole proxy service >> >> >> --== SUMMARY ==-- >> >> >> [ INFO ] Restarting httpd >> Web access is enabled at: >> http://engine.set.local:80/ovirt-engine >> https://engine.set.local:443/ovirt-engine >> Internal CA >> 98:A1:43:62:A6:0E:FE:4E:13:FA:0E:3F:F8:68:0C:62:01:31:16:BA >> SSH fingerprint: >> SHA256:NrIqDX9x7XrqE7CXpm/D9xpqnF9J162+42xiFiR5m1s >> [WARNING] Less than 16384MB of memory is available >> >> >> --== END OF SUMMARY ==-- >> >> >> [ INFO ] Stage: Clean up >> Log file is located at >> >/var/log/ovirt-engine/setup/ovirt-engine-setup-20191002131904-4iwth0.log >> [ INFO ] Generating answer file >> '/var/lib/ovirt-engine/setup/answers/20191002132222-setup.conf' >> [ INFO ] Stage: Pre-termination >> [ INFO ] Stage: Termination >> [ INFO ] Execution of setup completed successfully >> >> >> [root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log >> error = stream.connect() >> File "/usr/lib64/python2.7/site-packages/ovs/stream.py", line 802, >in >> connect >> self.socket.do_handshake() >> File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1716, >in >> do_handshake >> self._raise_ssl_error(self._ssl, result) >> File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1456, >in >> _raise_ssl_error >> _raise_current_error() >> File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, >in >> exception_from_error_queue >> raise exception_type(errors) >> Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate >> verify failed’)] >> >> >> [root@engine ~]# ls -la /etc/ovirt-provider-ovn/conf.d/ >> итого 4 >> drwxr-xr-x. 2 root root 20 окт 2 13:19 . >> drwxr-xr-x. 3 root root 70 окт 2 01:14 .. >> -rw-r--r--. 1 root root 194 май 9 14:44 README >> >> >> >> 2 окт. 2019 г., в 10:11, Dominik Holler <[email protected]> >написал(а): >> >> >> >> On Wed, Oct 2, 2019 at 12:13 AM Mail SET Inc. Group ><[email protected]> >> wrote: >> >>> Few hours later i'm fixed SSL error, >>> >> >> Would you share how you fixed the error? >> This might also help to understand the next issue. >> >> >> >>> but get a new error >>> >>> 2019-10-02 01:02:38,369 root Starting server >>> 2019-10-02 01:02:38,369 root Version: 1.2.22-1 >>> 2019-10-02 01:02:38,369 root Build date: 20190509114402 >>> 2019-10-02 01:02:38,369 root Githash: 38acbde >>> 2019-10-02 01:02:46,471 root From: ::ffff:172.19.0.10:33644 Request: >>> POST /v2.0/tokens >>> 2019-10-02 01:02:46,471 root Request body: >>> {"auth": {"passwordCredentials": {"username": "admin@internal", >>> "password": "<PASSWORD_HIDDEN>"}}} >>> 2019-10-02 01:02:46,472 root Error during SSO authentication >>> invalid_request : Missing parameter: 'client_secret' >>> Traceback (most recent call last): >>> File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", >line >>> 138, in _handle_request >>> method, path_parts, content >>> File >"/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", >>> line 175, in handle_request >>> return self.call_response_handler(handler, content, parameters) >>> File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line >33, in >>> call_response_handler >>> return response_handler(content, parameters) >>> File >"/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", >>> line 69, in post_tokens >>> if not auth.validate_token(token): >>> File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line >31, >>> in validate_token >>> return auth.core.plugin.validate_token(token) >>> File >>> >"/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", >>> line 36, in validate_token >>> return self._is_user_name(token, _admin_user_name()) >>> File >>> >"/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/authorization_by_username.py", >>> line 47, in _is_user_name >>> timeout=AuthorizationByUserName._timeout()) >>> File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", >line >>> 131, in get_token_info >>> timeout=timeout >>> File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", >line >>> 55, in wrapper >>> _check_for_error(response) >>> File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", >line >>> 181, in _check_for_error >>> result['error'], details)) >>> Unauthorized: Error during SSO authentication invalid_request : >Missing >>> parameter: 'client_secret' >>> >>> >>> >> >> looks like the >> /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf >> does not fit to engine's db. >> >> Maybe most easy would be to move the current >> /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf >> away from /etc/ovirt-provider-ovn/conf.d/ and re-trigger the >> configuration by using the >> parameter '--reconfigure-optional-components' of engine-setup. >> >> Was the file >/etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf >> modified outside engine-setup? >> >> >>> 1 окт. 2019 г., в 22:53, Mail SET Inc. Group <[email protected]> >>> написал(а): >>> >>> Hello! >>> Get problems with clean installation 4.3.6.6-1.el7 and OVN >>> >>> When i try to test OVN get notification: >>> «Import provider certificate» >>> Do you approve trusting self signed certificate subject >CN=Certificate >>> Authority, O=SET.LOCAL, SHA-1 fingerprint >>> a9d9b91160bb306667a521e6f2c66037ddc437cb? >>> >>> When i’m press «Yes», see old problem: >>> Failed to communicate with the external provider, see log for >additional >>> details. >>> >>> [root@engine ~]# tail -f /var/log/ovirt-provider-ovn.log >>> timeout=self._timeout()) >>> File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", >line >>> 75, in create_token >>> username, password, engine_url, ca_file, timeout) >>> File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", >line >>> 91, in _get_sso_token >>> timeout=timeout >>> File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", >line >>> 54, in wrapper >>> response = func(*args, **kwargs) >>> File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", >line >>> 47, in wrapper >>> raise BadGateway(e) >>> BadGateway: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify >failed >>> (_ssl.c:618) >>> >>> [root@engine ~]# cat >>> /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf >>> # This file is automatically generated by engine-setup. Please do >not >>> edit manually >>> [OVN REMOTE] >>> ovn-remote=ssl:127.0.0.1:6641 >>> [SSL] >>> https-enabled=true >>> ssl-cacert-file=/etc/pki/ovirt-engine/apache-ca.pem >>> ssl-cert-file=/etc/pki/ovirt-engine/certs/apache.cer >>> ssl-key-file=/etc/pki/ovirt-engine/keys/apache.key.nopass >>> [OVIRT] >>> ovirt-sso-client-id=ovirt-provider-ovn >>> ovirt-ca-file=/etc/pki/ovirt-engine/certs/engine.cer >>> ovirt-host=https://engine.set.local:443/ovirt-engine/ >>> <https://engine.set.local/ovirt-engine/> >>> ovirt-sso-client-secret=vy80-QmCNNv6wP7JFvN9GWhPmYvo0lBNl5J8hpiGRa4 >>> [NETWORK] >>> port-security-enabled-default=True >>> [PROVIDER] >>> provider-host=engine.set.local >>> >>> [root@engine ~]# python -c "import requests; \ >>> print requests.get('https://engine.set.local', \ >>> verify='/etc/pki/ovirt-engine/apache-ca.pem')" >>> <Response [200]> >>> >>> What’s wrong ? >>> >>> >>> _______________________________________________ >>> Users mailing list -- [email protected] >>> To unsubscribe send an email to [email protected] >>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >>> oVirt Code of Conduct: >>> https://www.ovirt.org/community/about/community-guidelines/ >>> List Archives: >>> >https://lists.ovirt.org/archives/list/[email protected]/message/IDUB3LOJHLRQVC2EFLSCN3MKYDEPZIRZ/ >> >> >>
Hi Dominik, Can this approach be used to 'reset' OVN to original state ? Best Regards, Strahil Nikolov _______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/4IRY3O2QUPXFVSOFX6XP6LK7TRVTZZDT/
