On Thu, 13 Sep 2018 11:08:28 +0200 Robert O'Kane <ok...@khm.de> wrote:
> Hello, > > I have a simmilar issue with ovirt-provider-ovn. > > But in my config I see: > > ovirt-sso-client-secret=to_be_set > > Where do I find / how do I generate this token? > Usually engine-setup will generate an appropriate automatically. /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf. If you want to (or have to?) generate manually the client secrete, follow this steps: 1. Run /usr/share/ovirt-engine/bin/ovirt-register-sso-client-tool.sh with Client Id: ovirt-provider-ovn Client CA Certificate File Location: /etc/pki/ovirt-engine/certs/engine.cer Callback Prefix URL: https://<ENGINE_FQDN>:443/ovirt-engine/ 2. Use the SSO_CLIENT_SECRET from the outfile produced by the previous command in /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf 3. Restart ovirt-engine and ovirt-provider-ovn systemctl restart ovirt-engine systemctl restart ovirt-provider-ovn > Thanks, > > Robert O'Kane > > > > On 09/12/2018 04:42 PM, m...@set-pro.net wrote: > > I have a same issue with OVN provider and SSL, but certificate > > changes not helps to resolve it. I use following > > https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2/html/administration_guide/appe-red_hat_enterprise_virtualization_and_ssl#Replacing_the_Manager_SSL_Certificate > > to replace my cert, and after reboot get this error. > > ovirt-ca-file= is a same SSL file which use WebUI. > > I restart ovirt-provider-ovn, i restart engine, i restart > > everything what i can restart. Nothing helps... > > > > Logs below. > > > > [root@engine ~]# tail -n 50 /var/log/ovirt-provider-ovn.log > > 2018-09-12 14:10:23,828 root [SSL: CERTIFICATE_VERIFY_FAILED] > > certificate verify failed (_ssl.c:579) Traceback (most recent call > > last): File > > "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 133, > > in _handle_request method, path_parts, content File > > "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line > > 175, in handle_request return self.call_response_handler(handler, > > content, parameters) File > > "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in > > call_response_handler return response_handler(content, parameters) > > File > > "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", > > line 62, in post_tokens user_password=user_password) File > > "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 26, in > > create_token return auth.core.plugin.create_token(user_at_domain, > > user_password) File > > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/plugin.py", line > > 48, in create_token timeout=self._timeout()) File > > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, > > in create_token username, password, engine_url, ca_file, timeout) > > File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", > > line 91, in _get_sso_token timeout=timeout File > > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54, > > in wrapper response = func(*args, **kwargs) File > > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47, > > in wrapper raise BadGateway(e) BadGateway: [SSL: > > CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579) > > > > > > [root@engine ~]# tail -n 20 /var/log/ovirt-engine/engine.log > > 2018-09-12 14:10:23,773+03 INFO > > [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] > > (EE-ManagedThreadFactory-engineScheduled-Thread-47) [316db685] Lock > > Acquired to object > > 'EngineLock:{exclusiveLocks='[14e4fb72-9764-4757-b37d-4d487995571a=PROVIDER]', > > sharedLocks=''}' 2018-09-12 14:10:23,778+03 INFO > > [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] > > (EE-ManagedThreadFactory-engineScheduled-Thread-47) [316db685] > > Running command: SyncNetworkProviderCommand internal: true. > > 2018-09-12 14:10:23,836+03 ERROR > > [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] > > (EE-ManagedThreadFactory-engineScheduled-Thread-47) [316db685] > > Command > > 'org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand' > > failed: EngineException: (Failed with error Bad Gateway and code > > 5050) 2018-09-12 14:10:23,837+03 INFO > > [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] > > (EE-ManagedThreadFactory-engineScheduled-Thread-47) [316db685] Lock > > freed to object > > 'EngineLock:{exclusiveLocks='[14e4fb72-9764-4757-b37d-4d487995571a=PROVIDER]', > > sharedLocks=''}' 2018-09-12 14:14:12,477+03 INFO > > [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default > > task-6) [] User admin@internal successfully logged in with scopes: > > ovirt-app-admin ovirt-app-api ovirt-app-portal > > ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all > > ovirt-ext=token-info:authz-search > > ovirt-ext=token-info:public-authz-search > > ovirt-ext=token-info:validate ovirt-ext=token:password-access > > 2018-09-12 14:14:12,587+03 INFO > > [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default > > task-6) [1bf1b763] Running command: CreateUserSessionCommand > > internal: false. 2018-09-12 14:14:12,628+03 INFO > > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > > (default task-6) [1bf1b763] EVENT_ID: USER_VDC_LOGIN(30), User > > admin@internal-authz connecting from '10.0.3.61' using session > > 's8jAm7BUJGlicthm6yZBA3CUM8QpRdtwFaK3M/IppfhB3fHFB9gmNf0cAlbl1xIhcJ2WX+ww7e71Ri+MxJSsIg==' > > logged in. 2018-09-12 14:14:30,972+03 INFO > > [org.ovirt.engine.core.bll.provider.ImportProviderCertificateCommand] > > (default task-6) [ee3cc8a7-4485-4fdf-a0c2-e9d67b5cfcd3] Running > > command: ImportProviderCertificateCommand internal: false. Entities > > affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: > > SystemAction group CREATE_STORAGE_POOL with role type ADMIN > > 2018-09-12 14:14:30,982+03 INFO > > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > > (default task-6) [ee3cc8a7-4485-4fdf-a0c2-e9d67b5cfcd3] EVENT_ID: > > PROVIDER_CERTIFICATE_IMPORTED(213), Certificate for provider > > ovirt-provider-ovn was imported. (User: admin@internal-authz) > > 2018-09-12 14:14:31,006+03 INFO > > [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] > > (default task-6) [a48d94ab-b0b2-42a2-a667-0525b4c652ea] Running > > command: TestProviderConnectivityCommand internal: false. Entities > > affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: > > SystemAction group CREATE_STORAGE_POOL with role type ADMIN > > 2018-09-12 14:14:31,058+03 ERROR > > [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] > > (default task-6) [a48d94ab-b0b2-42a2-a667-0525b4c652ea] Command > > 'org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand' > > failed: EngineException: (Failed with error Bad Gateway and code > > 5050) 2018-09-12 14:15:10,954+03 INFO > > [org.ovirt.engine.core.bll.utils.ThreadPoolMonitoringService] > > (EE-ManagedThreadFactory-engineThreadMonitoring-Thread-1) [] Thread > > pool 'default' is using 0 threads out of 1, 5 threads waiting for > > tasks. 2018-09-12 14:15:10,954+03 INFO > > [org.ovirt.engine.core.bll.utils.ThreadPoolMonitoringService] > > (EE-ManagedThreadFactory-engineThreadMonitoring-Thread-1) [] Thread > > pool 'engine' is using 0 threads out of 500, 16 threads waiting for > > tasks and 0 tasks in queue. 2018-09-12 14:15:10,954+03 INFO > > [org.ovirt.engine.core.bll.utils.ThreadPoolMonitoringService] > > (EE-ManagedThreadFactory-engineThreadMonitoring-Thread-1) [] Thread > > pool 'engineScheduled' is using 0 threads out of 100, 100 threads > > waiting for tasks. 2018-09-12 14:15:10,954+03 INFO > > [org.ovirt.engine.core.bll.utils.ThreadPoolMonitoringService] > > (EE-ManagedThreadFactory-engineThreadMonitoring-Thread-1) [] Thread > > pool 'engineThreadMonitoring' is using 1 threads out of 1, 0 > > threads waiting for tasks. 2018-09-12 14:15:10,954+03 INFO > > [org.ovirt.engine.core.bll.utils.ThreadPoolMonitoringService] > > (EE-ManagedThreadFactory-engineThreadMonitoring-Thread-1) [] Thread > > pool 'hostUpdatesChecker' is using 0 threads out of 5, 2 threads > > waiting for tasks. 2018-09-12 14:15:23,843+03 INFO > > [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] > > (EE-ManagedThreadFactory-engineScheduled-Thread-61) [2455041f] Lock > > Acquired to object > > 'EngineLock:{exclusiveLocks='[14e4fb72-9764-4757-b37d-4d487995571a=PROVIDER]', > > sharedLocks=''}' 2018-09-12 14:15:23,849+03 INFO > > [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] > > (EE-ManagedThreadFactory-engineScheduled-Thread-61) [2455041f] > > Running command: SyncNetworkProviderCommand internal: true. > > 2018-09-12 14:15:23,900+03 ERROR > > [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] > > (EE-ManagedThreadFactory-engineScheduled-Thread-61) [2455041f] > > Command > > 'org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand' > > failed: EngineException: (Failed with error Bad Gateway and code > > 5050) 2018-09-12 14:15:23,901+03 INFO > > [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] > > (EE-ManagedThreadFactory-engineScheduled-Thread-61) [2455041f] Lock > > freed to object > > 'EngineLock:{exclusiveLocks='[14e4fb72-9764-4757-b37d-4d487995571a=PROVIDER]', > > sharedLocks=''}' > > > > > > [root@engine ~]# > > cat /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf > > # This file is automatically generated by engine-setup. Please do > > not edit manually [OVN REMOTE] ovn-remote=ssl:127.0.0.1:6641 > > [SSL] > > https-enabled=true > > ssl-cacert-file=/etc/pki/ovirt-engine/ca.pem > > ssl-cert-file=/etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer > > ssl-key-file=/etc/pki/ovirt-engine/keys/ovirt-provider-ovn.key.nopass > > [OVIRT] > > ovirt-sso-client-secret=Ms7Gw9qNT6IkXu7oA54tDmxaZDIukABV > > ovirt-host=https://engine.set.local:443 > > ovirt-sso-client-id=ovirt-provider-ovn > > ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem > > [PROVIDER] > > provider-host=engine.set.local > > _______________________________________________ > > Users mailing list -- users@ovirt.org > > To unsubscribe send an email to users-le...@ovirt.org > > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > > oVirt Code of Conduct: > > https://www.ovirt.org/community/about/community-guidelines/ List > > Archives: > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/Y3IK7XXW2VQQSX574QGC3SD5NFUGGJO4/ > > > _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/DSXB3SIBTSAK2TX3ZPWY3VSZYS7LAVXK/