Simone Tiraboschi has posted comments on this change.
Change subject: packaging: setup: WebSocketProxy on a separate host
......................................................................
Patch Set 28: Verified+1
engine-setup seams to work correctly with the engine alone, with
engine+websocket-proxy, with websocket-proxy alone
engine-cleanup seams to work correctly both removing the whole setup and only
the websocket proxy
--== SYSTEM CONFIGURATION ==--
Configure WebSocket Proxy on this machine? (Yes, No) [Yes]:
--== MISC CONFIGURATION ==--
--== END OF CONFIGURATION ==--
[ INFO ] Stage: Setup validation
[WARNING] Cannot validate host name settings, reason: resolved host does not
match any of the local addresses
--== CONFIGURATION PREVIEW ==--
Update Firewall : True
Host FQDN : localhost.localdomain
Firewall manager : firewalld
Engine installation : False
Configure fence_kdump listener : False
Configure WebSocket Proxy : True
Please confirm installation settings (OK, Cancel) [OK]:
[ INFO ] Stage: Transaction setup
[ INFO ] Stopping engine service
[ INFO ] Stopping ovirt-fence-kdump-listener service
[ INFO ] Stopping websocket-proxy service
[ INFO ] Stage: Misc configuration
[ INFO ] Stage: Package installation
[ INFO ] Stage: Misc configuration
[ INFO ] Configuring WebSocket Proxy
ATTENTION
Manual actions are required on the engine host
in order to enroll certs for this host and configure the engine about
it.
Please execute this command on the engine host:
engine-config -s WebSocketProxy=localhost.localdomain:6100
Please issue WebSocket Proxy certificate based on this certificate
request
D:MULTI-STRING WSP_CERTIFICATE_REQUEST
--=451b80dc-996f-432e-9e4f-2b29ef6d1141=--
-----BEGIN CERTIFICATE REQUEST-----
MIICRDCCASwCADAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rJx
L3pl5T67stclOEvIaqqvXyJL+DHSZ7zpZmdan/DR2iRkiEANHlCIfrbdqBvV4qVk
qjSdi66hHIAghLWoUWA6e142LyevV7nmY5jE2jASIedtg5wRPyCZcZOnfMZROfG8
f+ascvilg9ylVP8bDLGdUTfa1H6KAfB3HUAnv28sR20KF5zxSOXC2KmQZHFPAKy+
PBLv+sgiwz/BTNEVu9zhflmkbLdzFqRVG2q4iQ+h/nHgtOQdD0KNX5FY7xVwAuTC
+Odb8Q712xfDG/8cZgqTx6djQHVYZFPWRfEjyI+r/R5i7cSQ6gHpD3Mnnw/OblOk
UNg0cKumpMjNwURWQwIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBADrjHqkRmDTo
JI7PlI4zfkhp5k19BFBLgkQ1Szg/6p0+tMTEr104dXi3gP6IX5Z6o6ntKkdryo6v
b6kLLhKIK8MVLJZE7cJSUDx+wKdumy35sa3DoDjT7vVxI70LMEa/KwMGQb61qwbz
Z4CaOzMPqtsJJUsktkpacDvUBF2dnODqAnrdGGGrFys1in6R0JEbcKo4LsyX7BAs
AdAmMLHGs3FiXQqthBeHnNPlkAMwHMIoHpfNn9iIl1qiszT28GyvpAD2kPLXL69C
b9r3IgTrYF6asDZMODvOQNGg6gGq2bar9QdH9/8TmDaCKoU9CJ1rMKm9Ge+Irodd
0yc4mV2rXe0=
-----END CERTIFICATE REQUEST-----
--=451b80dc-996f-432e-9e4f-2b29ef6d1141=--
Enroll SSL certificate for the websocket proxy service.
It can be done using engine internal CA, if no 3rd party CA is
available, with this sequence:
1. Copy and save certificate request at
/etc/pki/ovirt-engine/requests/websocket-proxy.req
on the engine server
2. execute, on the engine host, this command to enroll the cert:
/usr/share/ovirt-engine/bin/pki-enroll-request.sh \
--name=websocket-proxy \
--subject="/C=<country>/O=<organization>/CN=localhost.localdomain"
Substitute <country>, <organization> to suite your environment
(i.e. the values must match values in the certificate authority of
your engine)
3. Certificate will be available at
/etc/pki/ovirt-engine/certs/websocket-proxy.cer
on the engine host, please copy that content here when required
Please input WSP certificate chain that matches certificate request,
(issuer is not mandatory, from intermediate and upper)
type '--=451b80dc-996f-432e-9e4f-2b29ef6d1141=--' in own line to mark
end.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4101 (0x1005)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=localdomain, CN=localhost.localdomain.15999
Validity
Not Before: Jun 12 17:54:23 2014
Not After : May 18 17:54:23 2019 GMT
Subject: C=it, O=localdomain, CN=localhost.localdomain
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:aa:7c:00:35:16:4c:1b:46:00:45:e0:3a:77:50:
f4:98:ad:5a:fa:58:5b:d7:8d:6a:5a:1b:07:1e:c5:
23:33:2f:12:8f:53:ce:f8:98:93:27:ef:e2:a6:de:
af:dc:dd:ed:6f:e2:41:0a:06:d2:31:1c:c4:6a:e7:
c1:03:bd:14:d6:62:e3:ea:c7:df:2a:55:43:9a:47:
38:d8:81:5d:c5:35:88:ed:44:a0:5e:73:8b:a0:01:
e7:74:1a:cc:cf:49:60:2b:90:dd:c9:17:9c:69:bf:
ce:f5:e5:04:02:ef:a6:ba:4e:c8:2d:ab:24:ca:28:
4d:c2:9b:7f:0c:6e:a1:88:8f:17:e3:94:f5:c4:04:
0c:4c:44:ab:27:e8:22:4e:51:33:b2:8c:9c:02:1a:
c2:2b:b8:0b:b3:d8:c3:0f:bb:1d:07:5b:2b:b6:14:
cf:84:66:c9:fe:1f:3d:35:6f:4e:3b:fb:27:cf:61:
39:9d:0f:ef:64:69:17:07:eb:4e:b6:57:f4:c9:55:
55:d7:b9:69:8d:3e:d6:e8:01:ac:3f:8c:80:b4:46:
a6:bf:74:dd:f9:0a:c8:ec:ff:71:fe:d7:d6:b5:b9:
84:a0:15:23:e1:6f:c5:40:2b:1e:2f:4a:75:eb:55:
f0:75:c3:71:9c:02:e8:fd:57:5b:1b:75:d1:ac:5c:
3f:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:D1:BC:F9:9A:C1:CF:8A:7C:18:32:FA:8C:B0:FE:10:DB:17:94:AC
Authority Information Access:
CA Issuers -
URI:http://localhost.localdomain:80/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA
X509v3 Authority Key Identifier:
keyid:47:C8:73:D5:83:C9:91:34:A0:56:06:81:93:19:87:25:BD:CF:FB:B0
DirName:/C=US/O=localdomain/CN=localhost.localdomain.15999
serial:10:00
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage: critical
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha1WithRSAEncryption
0a:03:d5:12:38:c7:c7:08:26:cd:83:94:87:dd:3b:4c:05:a9:
6e:c8:31:73:44:3e:9d:0c:32:06:3f:3a:f1:21:53:eb:07:b6:
6c:a5:38:59:b0:bb:5d:81:db:91:90:75:7d:85:59:a7:be:71:
a1:23:70:98:53:d5:18:9f:ba:89:c2:9b:16:fc:54:c9:10:15:
bc:ec:ce:64:bb:cc:b8:84:87:29:2b:a7:a9:8c:e7:25:73:26:
3b:16:94:23:ed:74:30:4e:11:96:60:3a:d0:e4:30:75:08:09:
fa:a2:5b:8b:41:8b:bd:65:fd:44:89:cc:de:d8:ff:d0:dc:86:
e3:68:b1:1d:78:92:1b:d3:38:0d:9d:72:6c:21:1a:07:15:4b:
99:b1:95:1d:e9:b7:c4:4f:05:88:a0:c9:f3:c9:08:51:46:1a:
cb:31:e7:b5:71:cb:05:f6:b4:70:f2:c6:e6:9f:56:d3:72:0c:
60:2d:c9:f2:61:8c:ab:ba:7e:77:b7:8b:89:32:5e:fa:de:b6:
36:5a:c5:4b:46:9c:15:04:de:b2:33:0e:6c:9d:4a:24:cb:68:
5e:fa:10:a6:43:43:6b:c9:d5:a6:76:3b:ab:9f:86:e0:23:07:
a0:91:b9:fe:98:b4:a7:f4:8e:61:e2:27:9a:6b:5a:bf:66:b6:
92:ed:04:e3
-----BEGIN CERTIFICATE-----
MIIEbjCCA1agAwIBAgICEAUwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMx
FDASBgNVBAoTC2xvY2FsZG9tYWluMSQwIgYDVQQDExtsb2NhbGhvc3QubG9jYWxk
b21haW4uMTU5OTkwIhcRMTQwNjEyMTc1NDIzKzAwMDAXDTE5MDUxODE3NTQyM1ow
QzELMAkGA1UEBhMCaXQxFDASBgNVBAoTC2xvY2FsZG9tYWluMR4wHAYDVQQDExVs
b2NhbGhvc3QubG9jYWxkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCqfAA1FkwbRgBF4Dp3UPSYrVr6WFvXjWpaGwcexSMzLxKPU874mJMn7+Km
3q/c3e1v4kEKBtIxHMRq58EDvRTWYuPqx98qVUOaRzjYgV3FNYjtRKBec4ugAed0
GszPSWArkN3JF5xpv8715QQC76a6TsgtqyTKKE3Cm38MbqGIjxfjlPXEBAxMRKsn
6CJOUTOyjJwCGsIruAuz2MMPux0HWyu2FM+EZsn+Hz01b047+yfPYTmdD+9kaRcH
6062V/TJVVXXuWmNPtboAaw/jIC0Rqa/dN35Csjs/3H+19a1uYSgFSPhb8VAKx4v
SnXrVfB1w3GcAuj9V1sbddGsXD9PAgMBAAGjggFgMIIBXDAdBgNVHQ4EFgQUjNG8
+ZrBz4p8GDL6jLD+ENsXlKwwgYkGCCsGAQUFBwEBBH0wezB5BggrBgEFBQcwAoZt
aHR0cDovL2xvY2FsaG9zdC5sb2NhbGRvbWFpbjo4MC9vdmlydC1lbmdpbmUvc2Vy
dmljZXMvcGtpLXJlc291cmNlP3Jlc291cmNlPWNhLWNlcnRpZmljYXRlJmZvcm1h
dD1YNTA5LVBFTS1DQTByBgNVHSMEazBpgBRHyHPVg8mRNKBWBoGTGYclvc/7sKFN
pEswSTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC2xvY2FsZG9tYWluMSQwIgYDVQQD
Extsb2NhbGhvc3QubG9jYWxkb21haW4uMTU5OTmCAhAAMAkGA1UdEwQCMAAwDgYD
VR0PAQH/BAQDAgWgMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAN
BgkqhkiG9w0BAQUFAAOCAQEACgPVEjjHxwgmzYOUh907TAWpbsgxc0Q+nQwyBj86
8SFT6we2bKU4WbC7XYHbkZB1fYVZp75xoSNwmFPVGJ+6icKbFvxUyRAVvOzOZLvM
uISHKSunqYznJXMmOxaUI+10ME4RlmA60OQwdQgJ+qJbi0GLvWX9RInM3tj/0NyG
42ixHXiSG9M4DZ1ybCEaBxVLmbGVHem3xE8FiKDJ88kIUUYayzHntXHLBfa0cPLG
5p9W03IMYC3J8mGMq7p+d7eLiTJe+t62NlrFS0acFQTesjMObJ1KJMtoXvoQpkND
a8nVpnY7q5+G4CMHoJG5/pi0p/SOYeInmmtav2a2ku0E4w==
-----END CERTIFICATE-----
--=451b80dc-996f-432e-9e4f-2b29ef6d1141=--
Please provide the FQDN or IP of the remote engine host: 192.168.122.9
[ INFO ] Generating post install configuration file
'/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf'
[ INFO ] Stage: Transaction commit
[ INFO ] Stage: Closing up
--== SUMMARY ==--
--== END OF SUMMARY ==--
[ INFO ] Stage: Clean up
Log file is located at
/var/log/ovirt-engine/setup/ovirt-engine-setup-20140614115721-erfzhb.log
[ INFO ] Generating answer file
'/var/lib/ovirt-engine/setup/answers/20140614120013-setup.conf'
[ INFO ] Stage: Pre-termination
[ INFO ] Stage: Termination
[ INFO ] Execution of setup completed successfully
------------------------------------------------------------
[ INFO ] Stage: Environment customization
Do you want to remove all components? (Yes, No) [Yes]: no
Do you want to remove the WebSocket proxy? (Yes, No) [Yes]: yes
[ INFO ] Stage: Setup validation
[WARNING] Cannot validate host name settings, reason: resolved host does not
match any of the local addresses
ovirt-engine-websocket-proxy is/are about to be removed, data will be
lost (OK, Cancel) [Cancel]: ok
[ INFO ] Stage: Transaction setup
[ INFO ] Stopping engine service
[ INFO ] Stopping ovirt-fence-kdump-listener service
[ INFO ] Stopping websocket-proxy service
[ INFO ] Stage: Misc configuration
[ INFO ] Stage: Package installation
[ INFO ] Stage: Misc configuration
[ INFO ] Removing files
[ INFO ] Reverting changes to files
[ INFO ] Stage: Transaction commit
[ INFO ] Stage: Closing up
--== SUMMARY ==--
Core files files not removed
YUM version locking configuration files not removed
Engine setup successfully cleaned up
--== END OF SUMMARY ==--
[ INFO ] Stage: Clean up
Log file is located at
/var/log/ovirt-engine/setup/ovirt-engine-remove-20140614120337-6p08dq.log
[ INFO ] Generating answer file
'/var/lib/ovirt-engine/setup/answers/20140614120347-cleanup.conf'
[ INFO ] Stage: Pre-termination
[ INFO ] Stage: Termination
[ INFO ] Execution of cleanup completed successfully
--
To view, visit http://gerrit.ovirt.org/28534
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Ifceddd5aa44a77f67a3b6b30c6678d9a3b485f9c
Gerrit-PatchSet: 28
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Simone Tiraboschi <stira...@redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com>
Gerrit-Reviewer: Doron Fediuck <dfedi...@redhat.com>
Gerrit-Reviewer: Itamar Heim <ih...@redhat.com>
Gerrit-Reviewer: Sandro Bonazzola <sbona...@redhat.com>
Gerrit-Reviewer: Simone Tiraboschi <stira...@redhat.com>
Gerrit-Reviewer: Yedidyah Bar David <d...@redhat.com>
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
