On Thu, May 24, 2018 at 11:49 PM, Peter Harman <phar...@homeyertool.com> wrote:
> Ovirt is Hosted Engine and version 4.2 installed a week ago. > > OS is Centos7.4 on hosted engine and hosts > > > > *Peter Harman – Systems and Safety Cordinator | Homeyer Precision > Manufacturing* > > > > [image: Description: C:\Users\gruether\AppData\Local\Temp\Temp1_Homeyer > Logo (2).zip\Homeyer Logo\Homeyer Logo.jpg] > > > > 16051 State Hwy 47, Marthasville, MO 63357 > <https://maps.google.com/?q=16051+State+Hwy+47,+Marthasville,+MO+63357&entry=gmail&source=g>| > *E *phar...@homeyertool.com | *P* 636.433.2244 | *F* 636.433.5257 > > > > *From:* Nir Soffer <nsof...@redhat.com> > *Sent:* Thursday, May 24, 2018 3:39 PM > *To:* Peter Harman <phar...@homeyertool.com>; Yedidyah Bar David < > d...@redhat.com> > *Cc:* users@ovirt.org; Daniel Erez <de...@redhat.com> > *Subject:* Re: [ovirt-users] Upload Image Error > > > > On Thu, May 24, 2018 at 10:57 PM Peter Harman <phar...@homeyertool.com> > wrote: > > Ovirt Users, > > > > What version are you running? > > > > > > I am running into a strange problem with uploading images through the > webUI. When I test the connection on an upload I get “*Connection to > ovirt-imageio-proxy service has failed. Make sure the service is installed, > configured, and ovirt-engine certificate is registered as a valid CA in the > browser.*” I have conducted this operation on several computers using > both chrome and firefox and ensuring the certs were loaded into the > browsers. > > > > Are you sure you import the certificate correctly info the browser? > > > > > > I went to this page: https://ovirt.org/develop/ > release-management/features/infra/pki/ to find cert info and checked both > the engine and hosts for the certificates and the identity of the > certificates – everything seemed to match up. > > > > This issue means that the browser refuse to communicate > > with the proxy because the proxy certificate does not match > > the browser certificates. > > > > Is it possible that you changed engine fqdn and regenerated > > engine certificates? > > > > Didi, how can we regenerate all certificates to make sure everything > > is configured correctly? > I do not think we have a documented procedure directly aimed at "making sure everything is configured correctly", but a similar one is: https://www.ovirt.org/documentation/how-to/migrate-pki-to-sha256/ It keeps the internal CA cert (only changes it), but re-creates all the others. > > > Or verify that the certificates in a host are correct? > > > > Next thing I looked at was the ovirt-imageio-proxy service. I checked it > and restarted it below is a status output from one of the failed operations: > > > > [root@hpm-engine ~]# systemctl status ovirt-imageio-proxy > > ● ovirt-imageio-proxy.service - oVirt ImageIO Proxy > > Loaded: loaded (/usr/lib/systemd/system/ovirt-imageio-proxy.service; > enabled; vendor preset: disabled) > > Active: active (running) since Thu 2018-05-24 13:25:38 CDT; 1h 13min ago > > Main PID: 21239 (ovirt-imageio-p) > > Tasks: 2 > > CGroup: /system.slice/ovirt-imageio-proxy.service > > └─21239 /usr/bin/python /usr/bin/ovirt-imageio-proxy > > > > May 24 13:25:38 hpm-engine.server.local systemd[1]: Starting oVirt ImageIO > Proxy... > > May 24 13:25:38 hpm-engine.server.local systemd[1]: Started oVirt ImageIO > Proxy. > > May 24 14:38:02 hpm-engine.server.local ovirt-imageio-proxy[21239]: > 127.0.0.1 - - [24/May/2018 14:38:02] "PUT /tickets/ HTTP/1.1" 200 0 > > > > This means proxy is running, and engine is able to communicate > > with it. Unfortunately, this does not mean that the browser is able to > > communicate with the proxy. > > > > ovirt-imageio-proxy service seems to check out. So, next step was checking > out VDSM process output is below (NOTE: I redacted a bunch of unrelated > warnings): > > ... > > Vdsm is not related to proxy connection errors. > > > > Did you know that you can upload using the SDK? It is also much > > faster since you can upload directly to the host, instead of via the proxy. > > > > Here is an example: > > https://github.com/oVirt/ovirt-engine-sdk/blob/master/ > sdk/examples/upload_disk.py > > > > Nir > -- Didi
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org
