Re: [ovirt-users] Foreman: Add external provider (Failed with error PROVIDER_FAILURE and code 5050)

[Nathanaël Blanchet]

Thank you so much Alexander, everyhting works as expected now :)

Le 25/09/2015 16:14, Alexander Wels a écrit :

On Friday, September 25, 2015 11:27:11 AM Nathanaël Blanchet wrote:

hi Yaniv,

When using http request, ovirt tells me " I Failed to communicate with

the external provider." and I get this on the foreman side:
   | Started GET "/api/v2" for 192.168.52.116 at 2015-09-25 11:18:32 +0200

2015-09-25 11:18:32 [app] [I] Processing by
Api::V2::HomeController#index as JSON
2015-09-25 11:18:32 [app] [I]   Parameters: {"apiv"=>"v2", "home"=>{}}
2015-09-25 11:18:32 [app] [I] Redirected to https://euphorbe.v3.abes.fr/api
2015-09-25 11:18:32 [app] [I] Filter chain halted as
#<Proc:0x000000093503a0@/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-
3.2.8/lib/action_controller/metal/force_ssl.rb:28> rendered or redirected
2015-09-25 11:18:32 [app] [I] Completed 301 Moved Permanently in 1ms
(ActiveRecord: 0.0ms)

But no log comes using https on the foreman side and I get "Test Failed
(unknown error)." with 5-09-25 11:25:31,181 ERROR
[org.ovirt.engine.core.bll.GetProviderCertificateChainQuery]
(ajp--127.0.0.1-8702-4) Error in encoding certificate. Error is {}
java.io.IOException: Keystore was tampered with, or password was incorrect.
I've just updated to 3.5.4 and otopi asked me for renewing the
certificate. May it be the reason of the issue?

I actually just had a similar issue, basically if I tried to make a http
connection and clicked the test button. The foreman side would show me it is
doing a redirect (presumably to https), which the ovirt side doesn't handle
very well.

And if I tried to make a https request I would get the IOException Keystore
has been tampered with, or password was incorrect. For me it turned out the
/var/lib/ovirt-engine/external_truststore was corrupted. What normally will
happen when trying to make an https connection to foreman is it will receive
certificate from foreman, notice it is not trusted and ask the user to trust it
(and it will put it in the external_truststore, if the user trusts it). Since
it was corrupted it was unable to properly open the trust store and the
mentioned IOException would get logged.

Assuming your trust store is corrupted (Mine was only 32 bytes, it should be
much bigger), you can just rename it or delete it. And a new one will be
created when you try to make an HTTPS connection to foreman. Once I did both
(remove the corrupted trust store, and make an HTTPS connection). Everything
started working correctly for me.

Le 25/09/2015 11:14, Yaniv Bronheim a écrit :

Hi Nathanael,

This error means that the restAPI request to foreman returned an
error. Most of the time it is a communication issue.. but we can't
know much from this report.
Can you please share the production.log file from your foreman host?
Better to try to add the server as provider, get the error and then
check the production.log file - it will show us if engine request got
to foreman server, the internal fields and why foreman returned 5050.

Greeting,
Yaniv Bronhaim.

On Wed, Sep 23, 2015 at 5:31 PM, Nathanaël Blanchet <blanc...@abes.fr

<mailto:blanc...@abes.fr>> wrote:
     Hello,

I have a working foreman 1.9.1 installed with katello 2.3.

     ruby193-rubygem-ovirt_provision_plugin-1.0.1-1.el7 is also
     installed on the same host.
     But the issue is the same as below when testing  in "add external
     provider" from ovirt 3.5.4.
     What can I do now?

Le 06/11/2014 12:31, Oved Ourfali a écrit :

         ----- Original Message -----

From: "Daniel Helgenberger" <daniel.helgenber...@m-box.de

             <mailto:daniel.helgenber...@m-box.de>>
             To: "Oved Ourfali" <oourf...@redhat.com
             <mailto:oourf...@redhat.com>>
             Cc: users@ovirt.org <mailto:users@ovirt.org>
             Sent: Thursday, November 6, 2014 1:29:38 PM
             Subject: Re: [ovirt-users] Foreman: Add external provider
             (Failed with error PROVIDER_FAILURE and code 5050)

On 06.11.2014 05:47, Oved Ourfali wrote:

                 These steps are also in the feature page

Thanks Oved for pointing to the doc; my bad. I was using

             the foreman
             integration document [1]. Maybe the pages should be merged?

Yaniv - you planned to merge them, right? That would be a good

         time...

, but it would be nice if you review them to see

                 nothing is missing.

http://www.ovirt.org/Features/AdvancedForemanIntegration With foreman 1.6 (at least) there is no need to enable the

             nightly
             builds any more as rb-ovirt is resolved by yum.

Lastly, I think you need to enable foreman_discovery with

             the foreman
             installer to work and download images:

# foreman-installer --enable-foreman-plugin-discovery

             --foreman-plugin-discovery-install-images=true

You have that already listed in the testing env setup; but

             this needs to
             be put in context with installing foreman-ovirt on the
             foreman host.

Yaniv - please add a note there too. Daniel - thanks for the review and the comments! Regards,

         Oved

Thanks

                 Oved

[1] http://www.ovirt.org/Features/ForemanIntegration On Nov 6, 2014 12:40 AM, Daniel Helgenberger

                 <daniel.helgenber...@m-box.de
                 <mailto:daniel.helgenber...@m-box.de>>

wrote:

                     Answering my own question; and maybe a very
                     obvious cause for the
                     failing provider: the missiAnswering my own
                     question; and maybe a very
                     obvious cause for the

failing provider: the missing provider plugin in forman!

                 So one needs to do:

yum install ruby193-rubygem-ovirt_provision_plugin on the foreman host. After that, the connection test in the engine comes up

                 positive. Sadly,
                 this is not documented anywhere; only on the GitHub
                 repo readme [1].
                 This is also a little bit outdated, as the rbovirt
                 dependency is
                 resolved now automatically.

Also, but I am not sure, the porvider lugin needs the

                 foreman_discovery
                 plugin to work:

yum install ruby193-rubygem-foreman_discovery [1]

                 https://github.com/theforeman/ovirt_provision_plugin/blob/
                 master/README.md

On 29.10.2014 00:36, Daniel Helgenberger wrote:

                     Hello,

did anyone actually get this working in oVirt 3.5

                     / EL6 - Engine? I am
                     trying this for two days now.

Setup:

                     Engine; EL6.5
                     Foreman; EL6.5

Foreman seems to do it's as I can use it to deploy

                     hosts and also smart
                     proxies are running fine.

I have opened a BZ [1]; because this really can

                     not work out of the box
                     with EL6 plain vanilla packages. I wonder if this
                     was ever tested... ?
                     Java 7 used i n EL6 [4] does only support DH keys
                     up to 1024byte. This
                     is known issue in Foreman [2] as longer DH keys
                     are now used by default
                     in Foreman / PuppetCA.
                     A dirty fix confirmed working is adding default DH
                     parameters to the
                     foreman cert; effectively disabling it [3].

So I got SSL working and I get beyond the

                     authentication (entering wrong
                     data gets me auth errors)- however, I am still not
                     able to add the
                     external provider. Pressing 'test' results in
                     (Failed with error PROVIDER_FAILURE and code 5050)

Sample engine.log

                     2014-10-28 23:49:40,860 ERROR
                     [org.ovirt.engine.core.bll.provider.TestProviderConnec
                     tivityCommand]
                     (ajp--127.0.0.1-8702-1) [6a3da4e7] Command
                     org.ovirt.engine.core.bll.provider.TestProviderConnect
                     ivityCommand
                     throw
                     Vdc Bll exception. With error message
                     VdcBLLException: PROVIDER_FAILURE
                     (Failed with error PROVIDER_FAILURE and code 5050)

I can't find any more hints in oVirt; access logs

                     in Foreman are telling
                     me API queries by the engine. Did I miss a crucial
                     step in the foreman
                     setup? How can I debug this issue?

I am willing to upgrade openjdk; provided this

                     does not break my engine...

Thanks! [1]

                     https://bugzilla.redhat.com/show_bug.cgi?id=1157749
                     [2] https://tickets.puppetlabs.com/browse/SERVER-17
                     [3]
                     http://httpd.apache.org/docs/current/ssl/ssl_faq.html#
                     javadh
                     [4] java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5.x86_64

--

             Daniel Helgenberger
             m box bewegtbild GmbH

P: +49/30/2408781-22

             F: +49/30/2408781-10

ACKERSTR. 19

             D-10115 BERLIN

www.m-box.de <http://www.m-box.de> www.monkeymen.tv

             <http://www.monkeymen.tv>

Geschäftsführer: Martin Retschitzegger / Michaela Göllner

             Handeslregister: Amtsgericht Charlottenburg / HRB 112767

_______________________________________________

         Users mailing list
         Users@ovirt.org <mailto:Users@ovirt.org>
         http://lists.ovirt.org/mailman/listinfo/users

Supervision réseau

     Pôle Infrastrutures Informatiques
     227 avenue Professeur-Jean-Louis-Viala
     34193 MONTPELLIER CEDEX 5
     Tél. 33 (0)4 67 54 84 55
     Fax  33 (0)4 67 54 84 14
     blanc...@abes.fr <mailto:blanc...@abes.fr>

_______________________________________________

     Users mailing list
     Users@ovirt.org <mailto:Users@ovirt.org>
     http://lists.ovirt.org/mailman/listinfo/users

--
Nathanaël Blanchet

Supervision réseau
Pôle Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5       
Tél. 33 (0)4 67 54 84 55
Fax  33 (0)4 67 54 84 14
blanc...@abes.fr

_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users