[ovirt-users] Re: Failed to read or parse '/etc/pki/ovirt-engine/keys/engine.p12'

2023-05-12 Thread Frank Wall 

On 2023-05-12 15:34 Volenbovskyi, Konstantin wrote:

what are 'source' and 'target' ovirt engine versions?


I was attempting to perform a direct upgrade from 4.3.x to 4.5.4 
(nightly).

It was said to work properly and I've done this before already,
so I wasn't expecting trouble. :)


Indeed, update key&certificate on old engine seems as good way forward
It seems that
https://myhomelab.gr/linux/2020/01/20/replacing_ovirt_ssl.html
and/or
https://rhv.bradmin.org/ovirt-engine/docs/Upgrade_Guide/Replacing_SHA-1_Certificates_with_SHA-256_Certificates_4-0_remote_db.html
will solve it for you.


Neat, I've bookmarked these guides. Very useful, thanks!

However, I found another way to make it work using the following steps:

- downgraded ovirt-engine-appliance-4.5 from version 
20230501063412.1.el9 (nightly) to 20221206125848.1.el9 (release)
- answered "YES" to the setup question "Renew engine PKI on restore if 
needed"


Due to time constraints I could not verify which of these
steps did the trick, but the upgrade was successfully.

Side note: I also had to downgrade ansible-core to 2.14.1, because
version 2.14.2 lead to troubles in early stages of the `hosted-engine 
--deploy`
setup process (a Python error: cannot import name 'Callable' from 
'collections').



Regards
- Frank
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3EUHCKFM27TNHID3AJAPUUMD2P546T2W/

[ovirt-users] Re: engine setup fails: error creating bridge interface virbr0: File exists - ?

2023-05-12 Thread Volenbovskyi, Konstantin 
Hi,
maybe you should do
virsh net-undefine default
virsh net-destroy default

And maybe there is some change in Libvirt and ovirt-hosted-engine-cleanup 
doesn’t cleanup default network (which results in virbr0 interface)
(and at the same time this Ansible code is not idempotent)

BR,
Konstantin
P.S. Sorry, I will top-post…

Von: lejeczek via Users 
Antworten an: lejeczek 
Datum: Donnerstag, 11. Mai 2023 um 21:29
An: "users@ovirt.org" 
Betreff: [ovirt-users] Re: engine setup fails: error creating bridge interface 
virbr0: File exists - ?


On 11/05/2023 18:18, Volenbovskyi, Konstantin wrote:
Hi,
Is it actually first attempt to install HE? Or maybe you ran into some 
(different) problem and this is like second (third, fourth…) attempt.
While installation script takes care of some cleanup, I would say that you 
should consider doing
ovirt-hosted-engine-cleanup
,checking that virbr0 is absent in ‘ip a’ output
and trying once again



BR,
Konstantin

Von: lejeczek via Users 
Antworten an: lejeczek 
Datum: Donnerstag, 11. Mai 2023 um 13:25
An: "users@ovirt.org" 

Betreff: [ovirt-users] engine setup fails: error creating bridge interface 
virbr0: File exists - ?

Hi guys.

I'm trying to setup the engine on the latest stable ovirt node(in a VM), so a 
clean, vanilla-default system.

-> $  hosted-engine --deploy --4
...
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Activate default libvirt 
network]
[ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "cmd": ["virsh", 
"net-start", "default"], "delta": "0:00:00.042134", "end": "2023-05-11 
11:08:59.248405", "msg": "non-zero return code", "rc": 1, "start": "2023-05-11 
11:08:59.206271", "stderr": "error: Failed to start network default\nerror: 
error creating bridge interface virbr0: File exists", "stderr_lines": ["error: 
Failed to start network default", "error: error creating bridge interface 
virbr0: File exists"], "stdout": "", "stdout_lines": []}
[ ERROR ] Failed to execute stage 'Closing up': Failed getting local_vm_dir
...

Any & all suggestions on how to fix/troubleshoot this are much appreciated.
many thanks, L.


No, it is a clean install of oVirt node in a KVM guest/VM.
All I do in the node is I configure two ifaces and both are "regular" 
ethernets, then I start HE setup.
Bare-metal host is Centos 9 Stream with everything up-to-dayte off the distro 
repos.
I'd think this should be easily reproducible.

ps. please keep replies to the bottom - this is not a conversion between two of 
us nor any two persons, Mailing to list - think of it a book, which always 
reads top-to-bottom.

many thanks, L.

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/I7PEJIKQNMNQ7EHKKFHSQYVBOZZ5PM3Q/

[ovirt-users] Re: Failed to read or parse '/etc/pki/ovirt-engine/keys/engine.p12'

2023-05-12 Thread Volenbovskyi, Konstantin 
Hi,
what are 'source' and 'target' ovirt engine versions?
Indeed, update key&certificate on old engine seems as good way forward
It seems that
https://myhomelab.gr/linux/2020/01/20/replacing_ovirt_ssl.html
and/or
https://rhv.bradmin.org/ovirt-engine/docs/Upgrade_Guide/Replacing_SHA-1_Certificates_with_SHA-256_Certificates_4-0_remote_db.html
will solve it for you.


BR,
Konstantin

Am 12.05.23, 12:50 schrieb "Frank Wall" mailto:f...@moov.de>>:


Hi,


I was trying to restore a oVirt Engine Backup into a new Hosted Engine
appliance (as part of an upgrade), but this failed with the following
error:


--== PKI CONFIGURATION ==--
[WARNING] Failed to read or parse
'/etc/pki/ovirt-engine/keys/engine.p12'
Perhaps it was changed since last Setup.
Error was:
Error outputting keys and certificates
80EBCC44677F:error:0308010C:digital envelope
routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global
default library context, Algorithm (RC2-40-CBC : 0)


It looks like this is related to openssl requiring legacy mode
to use the old Engine cert/key.


Is there any way to workaround this? Or would it be possible
to repackage the existing PCKS#12 file with new encryption (on
the old Engine)?




Regards
- Frank
___
Users mailing list -- users@ovirt.org 
To unsubscribe send an email to users-le...@ovirt.org 

Privacy Statement: https://www.ovirt.org/privacy-policy.html 

oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/ 

List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org 
/message/YI647H7YWRHJKDXNP4DJDEHU4ZWKCHY2/



___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/PWXZZ42WWV7C5PG7CURMEIGVLIUXQXZC/

[ovirt-users] Failed to read or parse '/etc/pki/ovirt-engine/keys/engine.p12'

2023-05-12 Thread Frank Wall 

Hi,

I was trying to restore a oVirt Engine Backup into a new Hosted Engine
appliance (as part of an upgrade), but this failed with the following
error:

--== PKI CONFIGURATION ==--
[WARNING] Failed to read or parse 
'/etc/pki/ovirt-engine/keys/engine.p12'

Perhaps it was changed since last Setup.
Error was:
Error outputting keys and certificates
80EBCC44677F:error:0308010C:digital envelope
routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global
default library context, Algorithm (RC2-40-CBC : 0)

It looks like this is related to openssl requiring legacy mode
to use the old Engine cert/key.

Is there any way to workaround this? Or would it be possible
to repackage the existing PCKS#12 file with new encryption (on
the old Engine)?


Regards
- Frank
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YI647H7YWRHJKDXNP4DJDEHU4ZWKCHY2/