Discussions
Categories
- 17.9K All Categories
- 3.4K Industry Applications
- 3.4K Intelligent Advisor
- 73 Insurance
- 537.3K On-Premises Infrastructure
- 138.6K Analytics Software
- 38.6K Application Development Software
- 6K Cloud Platform
- 109.6K Database Software
- 17.6K Enterprise Manager
- 8.8K Hardware
- 71.2K Infrastructure Software
- 105.3K Integration
- 41.6K Security Software
KVM deploy engine
I am installing Oracle Virtualization Manager self-hosted engine on Oracle Enterprise Linux 7.9. The installation starts fine but after a while it got stuck at a point and fails. Until now I am not able to identify the root cause of this error or troubleshoot it.
I tried by CLI and Cockpit but the error is the same
[ ERROR ] fatal: [localhost -> CL4A0V-DCC-MG01.cloud.sonda.com]: FAILED! => {"attempts": 12, "changed": false, "msg": "Failed to validate the SSL certificate for localhost:443. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible. The exception msg was: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618).", "status": -1, "url": "http://localhost/ovirt-engine/services/health"}
Could you help me?
Best Answer
-
Hi
There are various workarounds in the following discussion link with similar problema as you described.
Answers
-
Hi.
It's look like at this moment hostname is localhost. It's can be problem.
Assign some hostname with domain. Check that new hostname can be resolved to IP.
Regards,
Nik
-
Hi,
The problem is when i m doing engine deploy
INFO ] changed: [localhost -> cl4a0v-dcc-mg01.cloud.sonda.com]
[ INFO ] TASK [ovirt.engine-setup : Make sure `ovirt-engine` service is running]
[ INFO ] ok: [localhost -> cl4a0v-dcc-mg01.cloud.sonda.com]
[ INFO ] TASK [ovirt.engine-setup : Check if Engine health page is up]
[ ERROR ] fatal: [localhost -> cl4a0v-dcc-mg01.cloud.sonda.com]:
FAILED! => {"attempts": 12, "changed": false, "msg":
"Failed to validate the SSL certificate for localhost:443.
Make sure your managed systems have a valid CA certificate installed.
You can use validate_certs=False if you do not need to confirm the servers
identity but this is unsafe and not recommended. Paths checked for
this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs,
/usr/share/ca-certificates/cacert.org, /etc/ansible. The exception msg was:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618).", "status": -1, "url":
"http://localhost/ovirt-engine/services/health"}
[ INFO ] TASK [ovirt.engine-setup : Clean temporary files]
[ INFO ] changed: [localhost -> cl4a0v-dcc-mg01.cloud.sonda.com]
I don´t have option for change local hosts.
DNS is resolving name to IP withoit problem.
-
Hi
There are various workarounds in the following discussion link with similar problema as you described.
-
Hi
Thank you for your answer.
I fixed my problem whth the next workaroud.
=======================================================================
1) During the hosted-engine setup, wait for the local VM to be deployed
2) After the local VM is deployed and ovirt-engine packages are installated
(visible in installation script output) you will have a few minutes to do the following:
Check the HostedEngineLocalVM IP Address in the Hypervisor /etc/hosts
Open up a ssh session to the HostedEngineLocalVM IP and execute the following commands:
# mv /etc/httpd/conf.d/ovirt-enable-strict-transport-security.conf /var/tmp
ll# systemctl restart httpd
3) The installation script is at this stage trying to access to health page with http,
and it will succeed after step (2) is performed
-
An easier solution would be to add a task at the end of "/usr/share/ansible/roles/ovirt.hosted_engine_setup/hooks/enginevm_before_engine_setup" to rename "/etc/httpd/conf.d/ovirt-enable-strict-transport-security.conf". (adding an additional suffix, rather than moving to /var/tmp.
- name: Rename ovirt-enable-strict-transport-security.conf
command:
cmd: mv ovirt-enable-strict-transport-security.conf ovirt-enable-strict-transport-security.conf.save
chdir /etc/httpd/conf.d/
removes: ovirt-enable-strict-transport-security.conf
creates: ovirt-enable-strict-transport-security.conf.save