On 30/04/12 19:23, Itamar Heim wrote: > On 04/30/2012 06:45 PM, Sascha Littel wrote: >> Am Montag, 30. April 2012, 16:45:12 schrieben Sie: >>> Hi Sasha, >>> This may be an issue of SSH authentication method. >>> Can you please check you SSH server in the host- >>> Password auth should be password and not Keyboard-interactive. >>> This may lead to SSH auth failure as you engine log indicates. >> Thanks dude this was the hint I need. I changed the PasswordAuthentication in >> /etc/ssh/sshd_config. Now I can add the vdsm into the oVirt engine host. Now >> the real work can beginn. > > Doron - can we catch this error and give this hint to users as something > worth checking? > (added engine-devel, as this extends to the engine side).
AFAICT, we get auth failure, with no reason. In order to handle it we can go in to ways (need to decide)- 1. Add the keyboard-interactive auth to Mina SSHD. There's a guy who added it[a] and we may try and ask for hints from him. I know that patches are welcomed there as well ;) 2. Try to diagnose the failure we get, or scan Mina's err / debug stream. I suspect we should be able to see something like: debug1: Authentications that can continue: password,publickey ... debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password So if server does not report 'password' as an option we could give a better auth-failure message. It will be nice if someone from our community could pick this up, and if not this would be a nice feature for one of the coming versions. [a] http://mail-archives.apache.org/mod_mbox/mina-dev/201112.mbox/%3ccacpdtxmmweqtq+as+fqzwpgxcxday4hzxk0jarvczkyntfw...@mail.gmail.com%3E >>> >>>> Am Montag, 30. April 2012, 13:09:25 schrieben Sie: >>>>> On 04/30/2012 02:07 PM, Sascha Littel wrote: >>>>>> Am Montag, 30. April 2012, 05:04:09 schrieben Sie: >>>>>>> On 04/29/2012 10:24 PM, S. Littel wrote: >>>>>>>> Hi everybody, I'm working currently on a running version of vdsm >>>>>>>> 4.9.1 for openSuSE 11.3. I'm changing many lines in the start/stop >>>>>>>> scripts e.g. paths, rc commands. Most of this work looks fine but >>>>>>>> if I try to get a connection between the oVirt engine (runs on a >>>>>>>> openSuSE 12.1) and the vdsm host I get a ssl error. Also after >>>>>>>> setting ssl in vdsm.conf to false and changing the settings in >>>>>>>> oVirt engine database I still get this error. >>>>>>> >>>>>>> which settings are you changing in the db? >>>>>> >>>>>> I changed the seetings in the database with this 2 commands: >>>>> did you restart engine after changing these? >>>> >>>> Yes. I found this page in the oVirt Wiki: >>>> http://ovirt.org/w/index.php?title=OVirt_- >>>> _disable_SSL_in_VDSM&diff=3036&oldid=prev >>>> >>>>>> psql engine -U postgres -c "UPDATE vdc_options set option_value = >>>>>> 'false' where option_name = 'SSLEnabled'" >>>>>> >>>>>> psql engine -U postgres -c "UPDATE vdc_options set option_value = >>>>>> 'false' where option_name = 'UseSecureConnectionWithServers'" >>>>>> >>>>>>> UseSecureConnectionWithServers? >>>>>> >>>>>> Yes. >>>>>> >>>>>>>> So the general question, is there someone working on a openSuSE 11.3 >>>>>>>> or 11.4 version of vdsm? Or someone who has experience how to get >>>>>>>> it work? >>>>>>>> >>>>>>>> Regards >>>>>>>> >>>>>>>> Sascha Littel >>>>>> >>>>>> Here is the failure massage from the vdsm-reg.log I get on the vdsm >>>>>> host: >>>>>> >>>>>> SSLError: [Errno 185090050] _ssl.c:328: error:0B084002:x509 >>>>>> certificate routines:X509_load_cert_crl_file:system lib >>>>>> MainThread::DEBUG::::deployUtil::1413::root::getRemoteFile end. >>>>>> MainThread::DEBUG::::deployUtil::621::root::handleSSHKey start >>>>>> MainThread::ERROR::::deployUtil::614::root::restorecon >>>>>> /root/.ssh/authorized_keys failed >>>>>> >>>>>> And this is the failure message from engine.log on the oVirt engine >>>>>> host: >>>>>> >>>>>> ERROR [org.ovirt.engine.core.utils.hostinstall.MinaInstallWrapper] >>>>>> (http--0.0.0.0-8443-1) Could not connect to server >>>>>> xen007.f1.aiges.net: Failed connecting >>>>>> >>>>>> to xen007.f1.aiges.net using given password! Please verify your >>>>>> password is >>>>>> >>>>>> correct and that the host accepts password-based authentication >>>>>> WARN [org.ovirt.engine.core.bll.AddVdsCommand] (http--0.0.0.0-8443-1) >>>>>> CanDoAction of action AddVds failed. >>>>>> Reasons:VDS_CANNOT_CONNECT_TO_SERVER,VAR__ACTION >>>>>> __ADD,VAR__TYPE__HOST >>>>>> >>>>>> Regards >>>>>> >>>>>> Sascha Littel >> >> > -- /d Never say "OOPS!" always say "Ah, Interesting!" _______________________________________________ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
