Bug 1199512 - Hosted engine deploy fails to verify certificate when hypervisor can be successfully added via admin portal
Summary: Hosted engine deploy fails to verify certificate when hypervisor can be succe...
Keywords:
Status: CLOSED DUPLICATE of bug 1254838
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-hosted-engine-setup
Version: 3.5.0
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
: 3.6.0
Assignee: Yedidyah Bar David
QA Contact: Artyom
URL:
Whiteboard: integration
Depends On: 1059952
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-03-06 14:28 UTC by Jake Hunsaker
Modified: 2019-07-16 11:41 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-08-20 11:47:46 UTC
oVirt Team: Integration
Target Upstream Version:


Attachments (Terms of Use)

Description Jake Hunsaker 2015-03-06 14:28:16 UTC
Description of problem:

A hypervisor that can be added to an environment normally through the admin portal is failing to be added via the hosted-engine --deploy script with the following SSL failure:

2015-03-02 16:31:35 DEBUG otopi.plugins.ovirt_hosted_engine_setup.engine.add_host add_host._closeup:532 Connecting to the Engine
2015-03-02 16:31:35 DEBUG otopi.context context._executeMethod:152 method exception
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/otopi/context.py", line 142, in _executeMethod
    method['method']()
  File "/usr/share/ovirt-hosted-engine-setup/scripts/../plugins/ovirt-hosted-engine-setup/engine/add_host.py", line 544, in _closeup
    ohostedcons.EngineEnv.TEMPORARY_CERT_FILE
  File "/usr/lib/python2.6/site-packages/ovirtsdk/api.py", line 154, in __init__
    url=''
  File "/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py", line 118, in request
    persistent_auth=self._persistent_auth)
  File "/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/proxy.py", line 146, in __doRequest
    persistent_auth=persistent_auth
  File "/usr/lib/python2.6/site-packages/ovirtsdk/web/connection.py", line 149, in doRequest
    raise ConnectionError, str(e)
ConnectionError: [ERROR]::RHEV API connection failure, [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2015-03-02 16:31:35 ERROR otopi.context context._executeMethod:161 Failed to execute stage 'Closing up': [ERROR]::RHEV API connection failure, [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2015-03-02 16:31:35 DEBUG otopi.context context.dumpEnvironment:490 ENVIRONMENT DUMP - BEGIN
2015-03-02 16:31:35 DEBUG otopi.context context.dumpEnvironment:500 ENV BASE/error=bool:'True'
2015-03-02 16:31:35 DEBUG otopi.context context.dumpEnvironment:500 ENV BASE/exceptionInfo=list:'[(<class 'ovirtsdk.infrastructure.errors.ConnectionError'>, ConnectionError('[ERROR]::RHEV API connection failure, [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed',), <traceback object at 0x32fa1b8>)]'

Version-Release number of selected component (if applicable):
rhevm-3.5.0-0.32.el6ev

RHEL 6.5 hypervisor
kernel-2.6.32-431.el6
vdsm-4.16.8.1-6.el6ev

ovirt-hosted-engine-ha-1.2.4-5.el6ev
ovirt-hosted-engine-setup-1.2.1-9.el6ev


How reproducible:
Customer can reproduce this behavior 100%

Steps to Reproduce:
1. Remove a current RHEL hypervisor from RHEV-M
2. Try to add via hosted-engine --deploy
3.

Actual results:
Addition of hypervisor fails

Expected results:
Hypervisor should be added

Additional info:

First pass through this customer removed a working hypervisor from the admin portal and attempted to re-add it via the --deploy script. That failed so they did a re-build of RHEL and tried again with --deploy. That also failed with the same SSL error above, but they were then able to turn around and add the hypervisor via the normal method in the admin portal.

Comment 2 Sandro Bonazzola 2015-03-09 09:18:01 UTC
Hi, thanks for your report. This is a known issue and already tracked by upstream bug #1059952.

Comment 6 Yaniv Lavi 2015-08-20 11:47:46 UTC

*** This bug has been marked as a duplicate of bug 1254838 ***


Note You need to log in before you can comment on or make changes to this bug.