Bug 1253510 - Add host fail with error: certification is invalid. The certification has no peer certificates
Add host fail with error: certification is invalid. The certification has no ...
Status: CLOSED CURRENTRELEASE
Product: ovirt-engine
Classification: oVirt
Component: General (Show other bugs)
---
x86_64 Linux
unspecified Severity urgent (vote)
: ovirt-3.6.0-rc
: 3.6.0
Assigned To: Moti Asayag
Meni Yakove
infra
: AutomationBlocker, Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-13 18:04 EDT by Meni Yakove
Modified: 2016-02-10 14:13 EST (History)
14 users (show)

See Also:
Fixed In Version: 3.6.0-11
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-11-27 02:55:21 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
rule-engine: ovirt‑3.6.0+
rule-engine: blocker+
ylavi: planning_ack+
rule-engine: devel_ack+
rule-engine: testing_ack+


Attachments (Terms of Use)
vdsm and rhevm logs (181.18 KB, application/zip)
2015-08-13 18:04 EDT, Meni Yakove
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 45094 master MERGED core: Don't fire event if certification weren't retrieved Never
oVirt gerrit 45250 ovirt-engine-3.6 MERGED core: Don't fire event if certification weren't retrieved Never

  None (edit)
Description Meni Yakove 2015-08-13 18:04:38 EDT
Created attachment 1062832 [details]
vdsm and rhevm logs

Description of problem:
Add host to rhevm and create mgmt bridge fail with error:
host_mixed_2 certification is invalid. The certification has no peer certificates
only after restart vdsm I managed to attach the mgmt network via setupNetworks dialog

Version-Release number of selected component (if applicable):
vdsm-4.17.2-1.el7ev.noarch
rhevm-3.6.0-0.11.master.el6.noarch


How reproducible:
30% (1 of 3 hosts fail)

Steps to Reproduce:
1. Add host


Actual results:
Failed to add host

Expected results:
Host was added to rhevm
Comment 2 Moti Asayag 2015-08-17 07:38:46 EDT
At the end of the failed installation process the host moves to Non-operational state.

The reason for the failure is network error with the host

: 2015-08-14 00:37:11,923 ERROR [org.ovirt.engine.core.bll.network.host.HostSetupNetworksCommand] (org.ovirt.thread.pool-7-thread-6) [32c52382] Command 'org.ovirt.engine.core.bll.network.host.HostSetupNetworksCommand' failed: EngineException: org.ovirt.engine.core.vdsbroker.vdsbroker.VDSNetworkException: VDSGenericException: VDSNetworkException: Vds timeout occured (Failed with error VDS_NETWORK_ERROR and code 5022)

Since the host in on non-operational (one of the supported statuses for the certification validity check) - we periodically attempt to check its certs.
Since there is no connectivity to the host from the engine, the check fails and log that event to the event log.

I couldn't find any evident in the logs for the connection error - and since ovirt-host-deploy restarts the vdsm service.

Does it happen for any host or just for this particular host ?
Comment 3 Pavel Stehlik 2015-08-18 02:34:06 EDT
Which spin of RHEL7 ?
Any HW diversity among these 3 hosts?
Comment 4 Meni Yakove 2015-08-18 06:31:02 EDT
All hosts have the same HW.
RHEL 7.2 from nightly/RHEL-7.2-20150810.n.0
Comment 5 Meni Yakove 2015-08-18 06:31:54 EDT
(In reply to Moti Asayag from comment #2)
> At the end of the failed installation process the host moves to
> Non-operational state.
> 
> The reason for the failure is network error with the host
> 
> : 2015-08-14 00:37:11,923 ERROR
> [org.ovirt.engine.core.bll.network.host.HostSetupNetworksCommand]
> (org.ovirt.thread.pool-7-thread-6) [32c52382] Command
> 'org.ovirt.engine.core.bll.network.host.HostSetupNetworksCommand' failed:
> EngineException:
> org.ovirt.engine.core.vdsbroker.vdsbroker.VDSNetworkException:
> VDSGenericException: VDSNetworkException: Vds timeout occured (Failed with
> error VDS_NETWORK_ERROR and code 5022)
> 
> Since the host in on non-operational (one of the supported statuses for the
> certification validity check) - we periodically attempt to check its certs.
> Since there is no connectivity to the host from the engine, the check fails
> and log that event to the event log.
> 
> I couldn't find any evident in the logs for the connection error - and since
> ovirt-host-deploy restarts the vdsm service.
> 
> Does it happen for any host or just for this particular host ?

Only for this host out of 3
Comment 6 Moti Asayag 2015-08-19 00:49:51 EDT
(In reply to Meni Yakove from comment #5)
> (In reply to Moti Asayag from comment #2)
> > At the end of the failed installation process the host moves to
> > Non-operational state.
> > 
> > The reason for the failure is network error with the host
> > 
> > : 2015-08-14 00:37:11,923 ERROR
> > [org.ovirt.engine.core.bll.network.host.HostSetupNetworksCommand]
> > (org.ovirt.thread.pool-7-thread-6) [32c52382] Command
> > 'org.ovirt.engine.core.bll.network.host.HostSetupNetworksCommand' failed:
> > EngineException:
> > org.ovirt.engine.core.vdsbroker.vdsbroker.VDSNetworkException:
> > VDSGenericException: VDSNetworkException: Vds timeout occured (Failed with
> > error VDS_NETWORK_ERROR and code 5022)
> > 
> > Since the host in on non-operational (one of the supported statuses for the
> > certification validity check) - we periodically attempt to check its certs.
> > Since there is no connectivity to the host from the engine, the check fails
> > and log that event to the event log.
> > 
> > I couldn't find any evident in the logs for the connection error - and since
> > ovirt-host-deploy restarts the vdsm service.
> > 
> > Does it happen for any host or just for this particular host ?
> 
> Only for this host out of 3

Please add also /var/log/messages. 

Did vdsm service was up after host was installed ? did local vdsm commands via vdsClient worked ?
Comment 7 Alon Bar-Lev 2015-08-19 09:27:23 EDT
vdsmd was restarted by host-deploy after all files were modified, restarting it again should not have any impact on functionality.
Comment 8 Moti Asayag 2015-08-23 07:53:32 EDT
The "no peer certificates" message will not appear in case the engine fails to retrieve it from the host.
Comment 9 Red Hat Bugzilla Rules Engine 2015-09-22 03:43:54 EDT
This bug report has Keywords: Regression or TestBlocker.
Since no regressions or test blockers are allowed between releases, it is also being identified as a blocker for this release. Please resolve ASAP.
Comment 10 Meni Yakove 2015-11-17 05:05:51 EST
didn't reproduced on the latest version.
Comment 11 Sandro Bonazzola 2015-11-27 02:55:21 EST
Since oVirt 3.6.0 has been released, moving from verified to closed current release.

Note You need to log in before you can comment on or make changes to this bug.