The issue is the "Drop vdsm config statements" task from
/usr/share/ansible/roles/ovirt.hosted_engine_setup/tasks/initial_clean.yml

I'm not sure how those config statements got there in the first place...
maybe a scriptlet from a vdsm rpm install? Either way, the task removes the
following section from the bottom of /etc/libvirt/libvirtd.conf, causing it
to look for the default ca_file, /etc/pki/CA/cacert.pem.

## beginning of configuration section by vdsm-4.40.0
auth_unix_rw="sasl"
ca_file="/etc/pki/vdsm/certs/cacert.pem"
cert_file="/etc/pki/vdsm/certs/vdsmcert.pem"
host_uuid="9def7285-9ed9-4a94-8a7d-ed1f05a9a224"
keepalive_interval=-1
key_file="/etc/pki/vdsm/keys/vdsmkey.pem"
## end of configuration section by vdsm-4.40.0

If I re-add this section to my bootstrap node's libvirtd.conf, I can start
the libvirtd service again. I'll try to comment out the "Drop vdsm config
statements" task from the playbook and see if I can proceed.

On Fri, May 22, 2020 at 11:59 AM Stephen Panicho <s.pani...@gmail.com>
wrote:

> Hey Marcin. There aren't any logs for those services as they haven't been
> started yet. This failure happens very early in the deploy, just after the
> page where you configure the engine VM settings.
>
> Unfortunately, I can't try a redeploy on the same node because libvirtd is
> now in a bad state and can't come up at all. I now get the following error
> once we get past the Gluster Wizard and move on the the Hosted Engine
> Deploy:
> "libvirt is not running! Please ensure it is running before starting the
> wizard, so system capabilities can be queried."
>
> I'll sift through the ansible to see what it changed and report back. But
> I'd still like to get past this /etc/pki/CA/cacert.pem issue.
>
> On Fri, May 22, 2020 at 4:45 AM Marcin Sobczyk <msobc...@redhat.com>
> wrote:
>
>> Hi,
>>
>> On 5/22/20 7:06 AM, Stephen Panicho wrote:
>>
>> Hi all! I'm using Cockpit to perform an HCI install, and it fails at the
>> hosted engine deploy. Libvirtd can't restart because of a missing
>> /etc/pki/CA/cacert.pem file.
>>
>> The log (tasks seemingly from
>> /usr/share/ansible/roles/ovirt.hosted_engine_setup/tasks/initial_clean.yml):
>> [ INFO ] TASK [ovirt.hosted_engine_setup : Stop libvirt service]
>> [ INFO ] changed: [localhost]
>> [ INFO ] TASK [ovirt.hosted_engine_setup : Drop vdsm config statements]
>> [ INFO ] changed: [localhost]
>> [ INFO ] TASK [ovirt.hosted_engine_setup : Restore initial abrt config
>> files]
>> [ INFO ] changed: [localhost]
>> [ INFO ] TASK [ovirt.hosted_engine_setup : Restart abrtd service]
>> [ INFO ] changed: [localhost]
>> [ INFO ] TASK [ovirt.hosted_engine_setup : Drop libvirt sasl2
>> configuration by vdsm]
>> [ INFO ] changed: [localhost]
>> [ INFO ] TASK [ovirt.hosted_engine_setup : Stop and disable services]
>> [ INFO ] ok: [localhost]
>> [ INFO ] TASK [ovirt.hosted_engine_setup : Restore initial libvirt
>> default network configuration]
>> [ INFO ] changed: [localhost]
>> [ INFO ] TASK [ovirt.hosted_engine_setup : Start libvirt]
>> [ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg":
>> "Unable to start service libvirtd: Job for libvirtd.service failed because
>> the control process exited with error code.\nSee \"systemctl status
>> libvirtd.service\" and \"journalctl -xe\" for details.\n"}
>>
>> journalctl -u libvirtd:
>> May 22 04:33:25 node1 libvirtd[26392]: libvirt version: 5.6.0, package:
>> 10.el8 (CBS <c...@centos.org>, 2020-02-27-01:09:46, )
>> May 22 04:33:25 node1 libvirtd[26392]: hostname: node1
>> May 22 04:33:25 node1 libvirtd[26392]: Cannot read CA certificate
>> '/etc/pki/CA/cacert.pem': No such file or directory
>> May 22 04:33:25 node1 systemd[1]: libvirtd.service: Main process exited,
>> code=exited, status=6/NOTCONFIGURED
>> May 22 04:33:25 node1 systemd[1]: libvirtd.service: Failed with result
>> 'exit-code'.
>> May 22 04:33:25 node1 systemd[1]: Failed to start Virtualization daemon.
>>
>> Can you please share journalctl logs for vdsmd and supervdsmd?
>>
>> Regards, Marcin
>>
>>
>> From a fresh CentOS 8.1 minimal install, I've installed the following:
>> - The 4.4 repo
>> - cockpit
>> - ovirt-cockpit-dashboard
>> - vdsm-gluster (providing glusterfs-server and allowing the Gluster
>> Wizard to complete)
>> - gluster-ansible-roles (only on the bootstrap host)
>>
>> I'm not exactly sure what that initial bit of the playbook does.
>> Comparing the bootstrap node with another that has yet to be touched, both
>> /etc/libvirt/libvirtd.conf and /etc/sysconfig/libvirtd are the same on both
>> hosts. Yet the bootstrap host can no longer start libvirtd while the other
>> host can. Neither host has the /etc/pki/CA/cacert.pem file.
>>
>> Please let me know if I can provide any more information. Thanks!
>>
>> _______________________________________________
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct: 
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives: 
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/XNW4HWUQUTN44VMATT4B6ARSEYVURDP7/
>>
>>
>>
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/LXTV4RA64CXGLJU7YH6GXQ6ENYYE4F7M/

Reply via email to