Created attachment 1285458 [details] Screen-shot of validating provider Description of problem: Unable to Add provider running on SSL (with validation). CFME is not validating the provider. Version-Release number of selected component (if applicable): 5.8.0.17.20170525183055_6317a22 How reproducible: Steps to Reproduce: 1. Install HS using SSL (no clear document how to do this) ************************************* Create key file and pem file 1) mkdir /client-secrets and run below command inside this directory 2) openssl genrsa -out hawkular-services-private.key 2048 3) openssl req -new -sha256 -key hawkular-services-private.key -out csr.csr 4)openssl req -x509 -sha256 -days 365 -key hawkular-services-private.key -in csr.csr -out hawkular-services-public.pem Start Casandra: docker run --name hawkular-cassandra -d -e CASSANDRA_START_RPC=true brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/jboss-mm-7-tech-preview/middleware-manager-datastore Start Hawkular server: docker run -d --link=hawkular-cassandra -e HAWKULAR_USER=jdoe -e HAWKULAR_PASSWORD=password -e CASSANDRA_NODES=hawkular-cassandra -e HAWKULAR_BACKEND=remote -e DB_TIMEOUT=300 -e CASSANDRA_CONNECT_TIMEOUT=40000 -e CASSANDRA_READ_TIMEOUT=40000 -e CASSANDRA_REQUEST_TIMEOUT=40000 -e HAWKULAR_USE_SSL=true -p 8443:8443 -p 9990:9990 -v /client-secrets:/client-secrets brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/jboss-mm-7-tech-preview/middleware-manager:7.0.0-16 ************************************* 2. Access https://<IP:8443>, should accessible 3. Login to CFME 4. Add Middleware provider 5. Select "Security protocol" "SSL" 6. Select IP and port=8443 7. Validate Actual results: Validation failed Expected results: Validation Successful Additional info: No document is available how it works and how it should be setup
Prachi, please attach miq logs with detailed exception. thank you
CFME logs while validating HS using SSL *********************************** [----] I, [2017-06-07T12:01:20.782036 #5739:b1713c] INFO -- : MIQ(MiqQueue.put) Message id: [80896], id: [], Zone: [default], Role: [smartstate], Server: [], Ident: [generic], Target id: [], Instance id: [], Task id: [job_dispatcher], Command: [JobProxyDispatcher.dispatch], Timeout: [600], Priority: [20], State: [ready], Deliver On: [], Data: [], Args: [] [----] E, [2017-06-07T12:01:21.420943 #5801:14d1434] ERROR -- : SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (RestClient::SSLCertificateNotVerified) /opt/rh/cfme-gemset/gems/rest-client-2.0.2/lib/restclient/request.rb:758:in `rescue in transmit' /opt/rh/cfme-gemset/gems/rest-client-2.0.2/lib/restclient/request.rb:647:in `transmit' /opt/rh/cfme-gemset/gems/rest-client-2.0.2/lib/restclient/request.rb:145:in `execute' /opt/rh/cfme-gemset/gems/rest-client-2.0.2/lib/restclient/request.rb:52:in `execute' /opt/rh/cfme-gemset/gems/rest-client-2.0.2/lib/restclient/resource.rb:51:in `get' /opt/rh/cfme-gemset/gems/hawkular-client-3.0.1/lib/hawkular/base_client.rb:41:in `http_get' /opt/rh/cfme-gemset/gems/hawkular-client-3.0.1/lib/hawkular/inventory/inventory_api.rb:298:in `fetch_version_and_status' /opt/rh/cfme-gemset/gems/hawkular-client-3.0.1/lib/hawkular/inventory/inventory_api.rb:28:in `initialize' /opt/rh/cfme-gemset/gems/hawkular-client-3.0.1/lib/hawkular/hawkular_client.rb:35:in `new' /opt/rh/cfme-gemset/gems/hawkular-client-3.0.1/lib/hawkular/hawkular_client.rb:35:in `inventory' /var/www/miq/vmdb/app/models/manageiq/providers/hawkular/middleware_manager.rb:37:in `verify_credentials' /var/www/miq/vmdb/app/models/mixins/authentication_mixin.rb:326:in `authentication_check_no_validation' /var/www/miq/vmdb/app/models/mixins/authentication_mixin.rb:304:in `authentication_check' /opt/rh/cfme-gemset/bundler/gems/manageiq-ui-classic-1048ffdbd63f/app/controllers/mixins/ems_common_angular.rb:58:in `update_ems_button_validate' /opt/rh/cfme-gemset/bundler/gems/manageiq-ui-classic-1048ffdbd63f/app/controllers/mixins/ems_common_angular.rb:105:in `create_ems_button_validate' /opt/rh/cfme-gemset/bundler/gems/manageiq-ui-classic-1048ffdbd63f/app/controllers/mixins/ems_common_angular.rb:76:in `create' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_controller/metal/basic_implicit_render.rb:4:in `send_action' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/abstract_controller/base.rb:188:in `process_action' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_controller/metal/rendering.rb:30:in `process_action' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/abstract_controller/callbacks.rb:20:in `block in process_action' /opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/callbacks.rb:126:in `call' /opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/callbacks.rb:506:in `block (2 levels) in compile' /opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/callbacks.rb:455:in `call' /opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/callbacks.rb:101:in `__run_callbacks__' /opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/callbacks.rb:750:in `_run_process_action_callbacks' /opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/callbacks.rb:90:in `run_callbacks' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/abstract_controller/callbacks.rb:19:in `process_action' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_controller/metal/rescue.rb:20:in `process_action' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_controller/metal/instrumentation.rb:32:in `block in process_action' /opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/notifications.rb:164:in `block in instrument' /opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/notifications/instrumenter.rb:21:in `instrument' /opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/notifications.rb:164:in `instrument' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_controller/metal/instrumentation.rb:30:in `process_action' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_controller/metal/params_wrapper.rb:248:in `process_action' /opt/rh/cfme-gemset/gems/activerecord-5.0.3/lib/active_record/railties/controller_runtime.rb:18:in `process_action' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/abstract_controller/base.rb:126:in `process' /opt/rh/cfme-gemset/gems/actionview-5.0.3/lib/action_view/rendering.rb:30:in `process' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_controller/metal.rb:190:in `dispatch' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_controller/metal.rb:262:in `dispatch' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/routing/route_set.rb:50:in `dispatch' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/routing/route_set.rb:32:in `serve' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/journey/router.rb:39:in `block in serve' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/journey/router.rb:26:in `each' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/journey/router.rb:26:in `serve' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/routing/route_set.rb:725:in `call' /opt/rh/cfme-gemset/gems/secure_headers-3.0.3/lib/secure_headers/middleware.rb:10:in `call' /opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/etag.rb:25:in `call' /opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/conditional_get.rb:38:in `call' /opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/head.rb:12:in `call' /opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/session/abstract/id.rb:232:in `context' /opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/session/abstract/id.rb:226:in `call' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/middleware/cookies.rb:613:in `call' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/middleware/callbacks.rb:38:in `block in call' /opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/callbacks.rb:97:in `__run_callbacks__' /opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/callbacks.rb:750:in `_run_call_callbacks' /opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/callbacks.rb:90:in `run_callbacks' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/middleware/callbacks.rb:36:in `call' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/middleware/remote_ip.rb:79:in `call' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/middleware/debug_exceptions.rb:49:in `call' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/middleware/show_exceptions.rb:31:in `call' /opt/rh/cfme-gemset/gems/railties-5.0.3/lib/rails/rack/logger.rb:36:in `call_app' /opt/rh/cfme-gemset/gems/railties-5.0.3/lib/rails/rack/logger.rb:26:in `call' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/middleware/request_id.rb:24:in `call' /opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/method_override.rb:22:in `call' /opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/runtime.rb:22:in `call' /opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call' /opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/middleware/executor.rb:12:in `call' /opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/sendfile.rb:111:in `call' /opt/rh/cfme-gemset/gems/railties-5.0.3/lib/rails/engine.rb:522:in `call' /opt/rh/rh-ruby23/root/usr/share/gems/gems/puma-3.3.0/lib/puma/configuration.rb:224:in `call' /opt/rh/rh-ruby23/root/usr/share/gems/gems/puma-3.3.0/lib/puma/server.rb:561:in `handle_request' /opt/rh/rh-ruby23/root/usr/share/gems/gems/puma-3.3.0/lib/puma/server.rb:406:in `process_client' /opt/rh/rh-ruby23/root/usr/share/gems/gems/puma-3.3.0/lib/puma/server.rb:271:in `block in run' /opt/rh/rh-ruby23/root/usr/share/gems/gems/puma-3.3.0/lib/puma/thread_pool.rb:111:in `block in spawn_thread' [----] W, [2017-06-07T12:01:21.421342 #5801:14d1434] WARN -- : MIQ(ManageIQ::Providers::Hawkular::MiddlewareManager#authentication_check_no_validation) type: ["default"] for [] [hawkular-SSL] Validation failed: error, Unable to verify credentials [----] E, [2017-06-07T12:01:21.421514 #5801:14d1434] ERROR -- : MIQ(ems_middleware_controller-create): Credential validation was not successful: Unable to verify credentials ***********************************
1) Is hawkular configured ok on ssl? Able to access Hawkular on IP:8443 but do not have documented command so that we can confirm if the steps followed are correct and it is working as expected. Steps already described in description. However, Hawkular agent is also not connecting to server. 2) the issue is in miq side not able to validate/connect to it? Or both? AS per above logs we can see that MIQ is not validating HS and giving error.
Created attachment 1285839 [details] CFME logs