The issue is the "Drop vdsm config statements" task from /usr/share/ansible/roles/ovirt.hosted_engine_setup/tasks/initial_clean.yml
I'm not sure how those config statements got there in the first place... maybe a scriptlet from a vdsm rpm install? Either way, the task removes the following section from the bottom of /etc/libvirt/libvirtd.conf, causing it to look for the default ca_file, /etc/pki/CA/cacert.pem. ## beginning of configuration section by vdsm-4.40.0 auth_unix_rw="sasl" ca_file="/etc/pki/vdsm/certs/cacert.pem" cert_file="/etc/pki/vdsm/certs/vdsmcert.pem" host_uuid="9def7285-9ed9-4a94-8a7d-ed1f05a9a224" keepalive_interval=-1 key_file="/etc/pki/vdsm/keys/vdsmkey.pem" ## end of configuration section by vdsm-4.40.0 If I re-add this section to my bootstrap node's libvirtd.conf, I can start the libvirtd service again. I'll try to comment out the "Drop vdsm config statements" task from the playbook and see if I can proceed. On Fri, May 22, 2020 at 11:59 AM Stephen Panicho <[email protected]> wrote: > Hey Marcin. There aren't any logs for those services as they haven't been > started yet. This failure happens very early in the deploy, just after the > page where you configure the engine VM settings. > > Unfortunately, I can't try a redeploy on the same node because libvirtd is > now in a bad state and can't come up at all. I now get the following error > once we get past the Gluster Wizard and move on the the Hosted Engine > Deploy: > "libvirt is not running! Please ensure it is running before starting the > wizard, so system capabilities can be queried." > > I'll sift through the ansible to see what it changed and report back. But > I'd still like to get past this /etc/pki/CA/cacert.pem issue. > > On Fri, May 22, 2020 at 4:45 AM Marcin Sobczyk <[email protected]> > wrote: > >> Hi, >> >> On 5/22/20 7:06 AM, Stephen Panicho wrote: >> >> Hi all! I'm using Cockpit to perform an HCI install, and it fails at the >> hosted engine deploy. Libvirtd can't restart because of a missing >> /etc/pki/CA/cacert.pem file. >> >> The log (tasks seemingly from >> /usr/share/ansible/roles/ovirt.hosted_engine_setup/tasks/initial_clean.yml): >> [ INFO ] TASK [ovirt.hosted_engine_setup : Stop libvirt service] >> [ INFO ] changed: [localhost] >> [ INFO ] TASK [ovirt.hosted_engine_setup : Drop vdsm config statements] >> [ INFO ] changed: [localhost] >> [ INFO ] TASK [ovirt.hosted_engine_setup : Restore initial abrt config >> files] >> [ INFO ] changed: [localhost] >> [ INFO ] TASK [ovirt.hosted_engine_setup : Restart abrtd service] >> [ INFO ] changed: [localhost] >> [ INFO ] TASK [ovirt.hosted_engine_setup : Drop libvirt sasl2 >> configuration by vdsm] >> [ INFO ] changed: [localhost] >> [ INFO ] TASK [ovirt.hosted_engine_setup : Stop and disable services] >> [ INFO ] ok: [localhost] >> [ INFO ] TASK [ovirt.hosted_engine_setup : Restore initial libvirt >> default network configuration] >> [ INFO ] changed: [localhost] >> [ INFO ] TASK [ovirt.hosted_engine_setup : Start libvirt] >> [ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg": >> "Unable to start service libvirtd: Job for libvirtd.service failed because >> the control process exited with error code.\nSee \"systemctl status >> libvirtd.service\" and \"journalctl -xe\" for details.\n"} >> >> journalctl -u libvirtd: >> May 22 04:33:25 node1 libvirtd[26392]: libvirt version: 5.6.0, package: >> 10.el8 (CBS <[email protected]>, 2020-02-27-01:09:46, ) >> May 22 04:33:25 node1 libvirtd[26392]: hostname: node1 >> May 22 04:33:25 node1 libvirtd[26392]: Cannot read CA certificate >> '/etc/pki/CA/cacert.pem': No such file or directory >> May 22 04:33:25 node1 systemd[1]: libvirtd.service: Main process exited, >> code=exited, status=6/NOTCONFIGURED >> May 22 04:33:25 node1 systemd[1]: libvirtd.service: Failed with result >> 'exit-code'. >> May 22 04:33:25 node1 systemd[1]: Failed to start Virtualization daemon. >> >> Can you please share journalctl logs for vdsmd and supervdsmd? >> >> Regards, Marcin >> >> >> From a fresh CentOS 8.1 minimal install, I've installed the following: >> - The 4.4 repo >> - cockpit >> - ovirt-cockpit-dashboard >> - vdsm-gluster (providing glusterfs-server and allowing the Gluster >> Wizard to complete) >> - gluster-ansible-roles (only on the bootstrap host) >> >> I'm not exactly sure what that initial bit of the playbook does. >> Comparing the bootstrap node with another that has yet to be touched, both >> /etc/libvirt/libvirtd.conf and /etc/sysconfig/libvirtd are the same on both >> hosts. Yet the bootstrap host can no longer start libvirtd while the other >> host can. Neither host has the /etc/pki/CA/cacert.pem file. >> >> Please let me know if I can provide any more information. Thanks! >> >> _______________________________________________ >> Users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> Privacy Statement: https://www.ovirt.org/privacy-policy.html >> oVirt Code of Conduct: >> https://www.ovirt.org/community/about/community-guidelines/ >> List Archives: >> https://lists.ovirt.org/archives/list/[email protected]/message/XNW4HWUQUTN44VMATT4B6ARSEYVURDP7/ >> >> >>
_______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/LXTV4RA64CXGLJU7YH6GXQ6ENYYE4F7M/
