Bug 1081042
| Summary: | [vdsm] RHEVH vdsm-reg needs to fetch Certificate before register | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Pavel Stehlik <pstehlik> | ||||
| Component: | ovirt-node-plugin-vdsm | Assignee: | Douglas Schilling Landgraf <dougsland> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Tareq Alayan <talayan> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 3.3.0 | CC: | alonbl, bazulay, cpelland, danken, dougsland, eedri, fdeutsch, gklein, iheim, knesenko, lbopf, lpeer, mburns, pstehlik, yeylon | ||||
| Target Milestone: | --- | Keywords: | ZStream | ||||
| Target Release: | 3.4.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | infra | ||||||
| Fixed In Version: | ovirt-node-plugin-vdsm-0.1.1-15.el6ev | Doc Type: | Bug Fix | ||||
| Doc Text: |
Previously, attempting to register a Red Hat Enterprise Virtualization Hypervisor with the Red Hat Enterprise Virtualization Manager would fail if the user specified port 443 as the port by which to connect to the Red Hat Enterprise Virtualization Manager but the certificate of that Red Hat Enterprise Virtualization Manager had not been retrieved. Now, users are prompted to accept the certificate provided by the Red Hat Enterprise Virtualization Manager specified in the Management Server field when registering the Red Hat Enterprise Virtualization Hypervisor and no certificate has been retrieved.
|
Story Points: | --- | ||||
| Clone Of: | |||||||
| : | 1086841 (view as bug list) | Environment: | |||||
| Last Closed: | 2014-06-09 14:26:25 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1086841 | ||||||
| Attachments: |
|
||||||
AFAIR in past there was a dialogue which provides cert info & offered Approve/Reject. Currently it's hidden behind another separate button. Pavel, can you just confirm: The intdended workflow is: Provide URL -> Retrieve Cert -> Save/Register -> Done You did: Provide URL-> Save/Register -> FAIL Right? Fabian, to me looks like ovirt-node-plugin-vdsm isn't? Hey Douglas, we need to take crae that we are not mixing two issues here. In the description I see the 500 error - that might be one issue. And the "unusual" workflow might be a second issue. Maybe someone with vdsm knowledge can tell if the 500 error is okay? Hi, Please attach engine log so we can see why 500 was returned. Thanks,
2014-03-25 20:01:34,009 ERROR [org.ovirt.engine.core.bll.RegisterVdsQuery] (ajp-/127.0.0.1:8702-11) Query execution failed due to invalid inputs. Invalid OTP for host 10.34.63.135
2014-03-25 20:01:34,009 ERROR [org.ovirt.engine.core.register.RegisterServlet] (ajp-/127.0.0.1:8702-11) Failed to run RegisterVds.
Never saw this message... and no ticket is sent:
URI= /RHEVManagerWeb/VdsAutoRegistration.aspx?vds_ip=10.34.63.135&__VIEWSTATE=&vds_unique_id=4C4C4544-0052-4C10-8058-B4C04F43354A&vds_name=slot-5.rhev.lab.eng.brq.redhat.com&ticket=&port=54321
So it is very strange, can you please enable engine debug log and retry? Please do not use http it should not be used for production.
I would like to see this from RegisterServlet:
log.debug("Using the following parameters to call query:\nIP: " + strIP + ", Name: "
+ strName + ", UUID: " + strID + ", Port: " + nPort + otpMessage);
Just for the record in 3.4 I removed the entire otp handling... as it was a mess.
IMO ovirt-node-plugin-vdsm should popup to users the certificate when they register via https to accept it or not (even if they do not select "Retrieve Certificate" button). Pavel, raising needinfo by comment#7, we might need to split this bugzilla. Moving to post since the original bug report is about collect the cert without the Retrieve Certificate button. Removing the Regression keyword, as it has been like this since 3.3 GA. verified with verified on ovirt-node-plugin-vdsm-0.1.1-17.el6ev.noarch Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-0673.html |
Created attachment 879023 [details] vdsm-reg-ssl.tgz Description of problem: Issue found during registering REHVH via TUI & SSL port. After providing FQDN and Port the host didn't appear in rhevm. Workaround is either to use port 80 or to Retrieve certificate (then Cert. status in tui is 'Verified'. If this is supposed workflow, feel free to change subject as 'missing error dialogue - fetch certificate first' (or similar). .... MainThread::DEBUG::2014-03-26 14:15:05,640::vdsm-reg-setup::124::root::registerVDS URI= /RHEVManagerWeb/VdsAutoRegistration.aspx?vds_ip=10.34.63.135&__VIEWSTATE=&vds_unique_id=4C4C4544-0052-4C10-8058-B4C04F43354A&vds_name=slot-5.rhev.lab.eng.brq.redhat.com&ticket=&port=54321 MainThread::DEBUG::2014-03-26 14:15:05,666::vdsm-reg-setup::155::root::registerVDS status: 500 reason: Internal Server Error MainThread::DEBUG::2014-03-26 14:15:05,666::vdsm-reg-setup::174::root::registerVDS end. .... Version-Release number of selected component (if applicable): RHEVH 6.5 (20140324.0.el6ev) vdsm-4.13.2-0.13.el6ev.x86_64 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: