virt-who service errors
Hi - hoping someone can help me with the above, pretty sure I broke our Satellite server - good job it's not live ;-)
So long story but I ran katello-remove to remove 6.1 and have done a clean install of 6.2 ... don't ask. I've started to set this up and all has gone well, up until I started to configure / run the virt-who service - we have a number of vmware servers running our RHEL clients.
So I set virt-who up just as it is on our other Satellite server, but whenever I try to start it, it reports the guests but then it just fails with the following error - logs are in DEBUG:
2016-11-17 12:09:13,242 [virtwho.main DEBUG] MainProcess(17407):MainThread @executor.py:send_report:108 - Report from "ipvcs" failed to sent
2016-11-17 12:10:06,715 [virtwho.irvso DEBUG] Esx-2(17416):MainThread @virt.py:enqueue:357 - Report for config "irvso" gathered, putting to queue for sending
2016-11-17 12:10:06,723 [virtwho.main INFO] MainProcess(17407):MainThread @executor.py:run:250 - Report for config "irvso" hasn't changed, not sending
2016-11-17 12:10:11,609 [virtwho.ipvcs DEBUG] Esx-1(17414):MainThread @virt.py:enqueue:357 - Report for config "ipvcs" gathered, putting to queue for sending
2016-11-17 12:10:13,246 [virtwho.main DEBUG] MainProcess(17407):MainThread @subscriptionmanager.py:_connect:124 - Authenticating with certificate: /etc/pki/consumer/cert.pem
2016-11-17 12:10:13,257 [virtwho.main ERROR] MainProcess(17407):MainThread @executor.py:send:156 - Error in communication with subscription manager:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/virtwho/executor.py", line 139, in send
self._sendGuestAssociation(report)
File "/usr/lib/python2.7/site-packages/virtwho/executor.py", line 166, in _sendGuestAssociation
manager.hypervisorCheckIn(report, self.options)
File "/usr/lib/python2.7/site-packages/virtwho/manager/subscriptionmanager/subscriptionmanager.py", line 171, in hypervisorCheckIn
self._connect(report.config)
File "/usr/lib/python2.7/site-packages/virtwho/manager/subscriptionmanager/subscriptionmanager.py", line 133, in _connect
if not self.connection.ping()['result']:
File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 891, in ping
return self.conn.request_get("/status/")
File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 694, in request_get
return self._request("GET", method)
File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 584, in _request
conn.request(request_type, handler, body=body, headers=headers)
File "/usr/lib64/python2.7/httplib.py", line 1017, in request
self._send_request(method, url, body, headers)
File "/usr/lib64/python2.7/httplib.py", line 1051, in _send_request
self.endheaders(body)
File "/usr/lib64/python2.7/httplib.py", line 1013, in endheaders
self._send_output(message_body)
File "/usr/lib64/python2.7/httplib.py", line 864, in _send_output
self.send(msg)
File "/usr/lib64/python2.7/httplib.py", line 826, in send
self.connect()
File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 250, in connect
sock.connect((self.host, self.port))
File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 185, in connect
ret = self.connect_ssl()
File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 178, in connect_ssl
return m2.ssl_connect(self.ssl, self._timeout)
SSLError: tlsv1 alert unknown ca
2016-11-17 12:10:13,257 [virtwho.main DEBUG] MainProcess(17407):MainThread @executor.py:send_report:108 - Report from "ipvcs" failed to sent
I've checked and double checked the login credentials of the subscription manager and they are right. I keep looking at "SSLError: tlsv1 alert unknown ca" - but no idea what it's referring to.
Any help would be appreciated. Thanks.
Responses
Red Hat
Guru
2305 points
What's your virt-who config look like? can you share the contents of /etc/sysconfig/virt-who and any drop-in files in /etc/virt-who.d/? Also, feel free to sanitize any internal hostnames and passwords. Lastly, on which system do you have virt-who running, and are there any proxies involved?
Mark,
As Rich Jerrido requested in response to Julian's issue, please provide the following:
- Satellite product version (for example, "6.2.5")
- virt-who version
- Copy of the virt-who configuration file, with private or confidential information removed.
If you would prefer not to add those details here, I recommend you raise a support case.
In Julian's case, he had copied a working virt-who configuration file from one Satellite server to another. In doing so, he had not edited the configuration file to refer to the second Satellite server's hostname. If I understand Julian's situation correctly, virt-who was successfully querying hypervisors for the virtual machines hosted on them, but trying to report those details to the original Satellite server. Even though the second virt-who configuration file might have contained the correct credentials for the original Satellite server, it had the wrong certificate, and so the connection was refused.
The key piece of information in the debug output was the following, where "unknown ca" meant "Unknown certificate authority".
"SSLError: tlsv1 alert unknown ca"
For a detailed explanation of this error, see the KBase Solution [Satellite6] subscription-manager commands fail with the error message: "Unable to verify server's identity: tlsv1 alert unknown ca".
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.