RHEV 3 Beta Manager Debug

Latest response

Hi,

 

  I am evaluating REHV 3 Beta.

 

  I am trying the minimal path. Currently I have just installed RHEV 3 Manager and run rhevm-setup with success.

 

I have a Windows XP SP3 where I have IE7, and .NET 4.0 installed.

 

I am visiting: rhev3.mydomain.com:8080/ and trying to use RHEVManager from it.

 

I am getting this error:

 

Could not connect to RHEV Manager Service, please try to refresh the page. If the problem persists contact your System Administration.

 

How to debug this?

* Is there any log file in the machine where Manager is that I could check?

* Is there any debug switch than I can activate so that when visiting RHEVManager from IE7 I get a bunch of debug messages?

 

Thank you very much for any hint you might give me.

 

P.S.: The only non-standard thing that I have is that sshd is not listening in port 22 and root cannot login via ssh. Just in case it helps.

ad
Log in to join the conversation

Responses

DY Guru 5340 points
20 December 2011 9:37 AM

Hi Adrian,

 

The message means that the GUI could not connect to the RHEV-Manager service, that is running on JBoss. Please check that jbossas service is started, and that the client machine can reach the WPF ports, as described here: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization/3.0/html/Administration_Guide/List-of-Ports.html

(ports 8006-8009)

 

Hope this helps,

Dan

ad Active Contributor 210 points
20 December 2011 10:07 AM

From inside:

 

service jbossas status
jbossas (pid 4593) is running
 

and:

 

telnet localhost 8006
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
 

 

From outside:

 

Starting Nmap 5.21 ( http://nmap.org ) at 2011-12-20 10:54 CET
Nmap scan report for rhev3.mydomain.net (1.2.3.4)
Host is up (0.088s latency).
Not shown: 994 filtered ports
PORT     STATE  SERVICE
111/tcp  open   rpcbind
2049/tcp open   nfs
2425/tcp open   unknown
8007/tcp closed ajp12
8008/tcp closed http
8080/tcp open   http-proxy
 

and:

 

adrian@adrianworktop:~$ telnet rhev3.mydomain.net 8006
Trying 1.2.3.4...
telnet: Unable to connect to remote host: Connection refused
adrian@adrianworktop:~$ telnet rhev3.mydomain.net 8007
Trying 1.2.3.4...
telnet: Unable to connect to remote host: Connection refused
adrian@adrianworktop:~$ telnet rhev3.mydomain.net 8008
Trying 1.2.3.4...
telnet: Unable to connect to remote host: Connection refused
 

The revelant part of iptables:

 

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8006 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8007 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8008 -j ACCEPT
 

I am going to try to check jbossas log files. If you could lead me to the right log file that would be fine too.

 

Thank you for the piece of help.

DY Guru 5340 points
20 December 2011 10:27 AM

Bit of a shot in the dark, but I do like to keep all bases covered - is the RHEV-Manager in the Trusted Sites list in the IE?

 

Try to also restart the jbossas service, just in case. Then take a look at /var/log/rhevm/rhevm.log, see if there are any errors listed there

ad Active Contributor 210 points
20 December 2011 10:39 AM

I don't have this trusted sistes list problem in my version of IE.

 

I join Rhevm log. It seems I have some problem with decryption.

 

* Is there any encryption tool package that needs rhevm which it is not handled by its own package dependencies?

* Is there any way that I can make the debug level higher so that we know why it fails to decrypt?

 

Thank you very much.

 

2011-12-20 11:33:32,130 INFO  [org.ovirt.engine.core.bll.Backend] (main) Start time: 20/12/11 11:33
2011-12-20 11:33:32,353 WARN  [org.ovirt.engine.core.utils.ConfigUtilsBase] (main) Could not find enum value for option: CARhevmKey
2011-12-20 11:33:32,429 ERROR [org.ovirt.engine.core.rhevmencryptutils.EncryptionUtils] (main) Failed to decrypt
2011-12-20 11:33:32,429 ERROR [org.ovirt.engine.core.dal.dbbroker.generic.DBConfigUtils] (main) Failed to decrypt value for property TruststorePass will be used encrypted value
2011-12-20 11:33:32,445 WARN  [org.ovirt.engine.core.utils.ConfigUtilsBase] (main) Could not find enum value for option: CbcCheckOnVdsChange
2011-12-20 11:33:32,900 WARN  [org.ovirt.engine.core.utils.ConfigUtilsBase] (main) Could not find enum value for option: ScriptsPath
2011-12-20 11:33:32,902 WARN  [org.ovirt.engine.core.utils.ConfigUtilsBase] (main) Could not find enum value for option: SQLServerI18NPrefix
2011-12-20 11:33:32,911 WARN  [org.ovirt.engine.core.utils.ConfigUtilsBase] (main) Could not find enum value for option: MinimalETLVersion
2011-12-20 11:33:32,911 WARN  [org.ovirt.engine.core.utils.ConfigUtilsBase] (main) Could not find enum value for option: RHEVMEARLib
2011-12-20 11:33:32,924 INFO  [org.ovirt.engine.core.bll.Backend] (main) VDSBrokerFrontend: 20/12/11 11:33
2011-12-20 11:33:32,934 INFO  [org.ovirt.engine.core.bll.Backend] (main) CpuFlagsManager: 20/12/11 11:33
2011-12-20 11:33:32,937 INFO  [org.ovirt.engine.core.bll.AuditLogCleanupManager] (main) Setting audit clean up manager to run at: 35 35 3 * * ?
2011-12-20 11:33:32,990 INFO  [org.ovirt.engine.core.bll.Backend] (main) AuditLogCleanupManager: 20/12/11 11:33
2011-12-20 11:33:33,002 INFO  [org.ovirt.engine.core.bll.TagsDirector] (main) TagsDirector initialization
2011-12-20 11:33:33,025 INFO  [org.ovirt.engine.core.bll.TagsDirector] (main) Tag root added to tree
2011-12-20 11:33:33,058 INFO  [org.ovirt.engine.core.bll.Backend] (main) TagsDirector: 20/12/11 11:33
2011-12-20 11:33:33,069 INFO  [org.ovirt.engine.core.bll.Backend] (main) ImagesSyncronizer: 20/12/11 11:33
2011-12-20 11:33:33,080 INFO  [org.ovirt.engine.core.bll.Backend] (main) IsoDomainListSyncronizer: 20/12/11 11:33
2011-12-20 11:33:33,123 INFO  [org.ovirt.engine.core.bll.Backend] (main) InitHandlers: 20/12/11 11:33
2011-12-20 11:33:33,142 INFO  [org.ovirt.engine.core.bll.Backend] (main) ErrorTranslator: 20/12/11 11:33
2011-12-20 11:33:33,143 INFO  [org.ovirt.engine.core.bll.Backend] (main) VdsErrorTranslator: 20/12/11 11:33
2011-12-20 11:33:33,353 INFO  [org.ovirt.engine.core.bll.adbroker.UsersDomainsCacheManagerService] (main) UsersDomainsCacheManager: 20/12/11 11:33
2011-12-20 11:33:33,410 INFO  [org.ovirt.engine.core.bll.adbroker.UsersDomainsCacheManagerService] (main) DbUserCacheManager: 20/12/11 11:33
2011-12-20 11:33:33,536 INFO  [org.ovirt.engine.core.bll.DbUserCacheManager] (QuartzScheduler_Worker-1) DbUserCacheManager::refreshAllUserData() - entered
2011-12-20 11:33:33,602 INFO  [org.ovirt.engine.core.bll.InitBackendServicesOnStartupBean] (main) InitResourceManager: 20/12/11 11:33
2011-12-20 11:33:33,634 INFO  [org.ovirt.engine.core.vdsbroker.ResourceManager] (main) ResourceManager::ResourceManager::Entered
2011-12-20 11:33:33,806 INFO  [org.ovirt.engine.core.bll.AsyncTaskManager] (main) AsyncTaskManager: Initialization of AsyncTaskManager completed successfully.
2011-12-20 11:33:33,806 INFO  [org.ovirt.engine.core.bll.InitBackendServicesOnStartupBean] (main) AsyncTaskManager: 20/12/11 11:33
2011-12-20 11:33:33,810 INFO  [org.ovirt.engine.core.bll.InitBackendServicesOnStartupBean] (main) VdsLoadBalancer: 20/12/11 11:33
2011-12-20 11:33:33,851 INFO  [org.ovirt.engine.core.bll.TimeLeasedVmPoolManager] (main) TimeLeasedVmPoolManager constractor entered
2011-12-20 11:33:33,852 INFO  [org.ovirt.engine.core.bll.InitBackendServicesOnStartupBean] (main) TimeLeasedVmPoolManager: 20/12/11 11:33
2011-12-20 11:33:33,880 INFO  [org.ovirt.engine.core.bll.InitBackendServicesOnStartupBean] (main) MacPoolManager: 20/12/11 11:33
DY Guru 5340 points
21 December 2011 12:10 PM

The log snippet is not much of an indication of a problem, just a warning. Have you tried using the https access to the GUI instead of http? That's port 8443

ad Active Contributor 210 points
21 December 2011 1:29 PM

I have tried 8443. Installed certificates. Checked that IE7 does not complain about certificate (no Red certificate shown).

 

But I still have the same "Could not connect to RHEV Manager".

 

  Are you sure that I don't have to care about not being able to access 8006, 8007, 8008 ports from inside the server?

 

Thank you for your help.

DY Guru 5340 points
21 December 2011 3:23 PM

 

Try browsing with IE to:

https://{your host name}:8443/rhevm-rhevm-genericapi/GenericApiService?wsdl

 

If you get a message like:

"The security certificate presented by this website was not issued by a trusted certificate authority"

then it's a CA certificate not trusted.

If you get a message on host name, then it's dns, and you may work around it using an entry in etc\hosts.

ad Active Contributor 210 points
21 December 2011 3:36 PM

It does not complain about any certificate.

 

Here is the beginning of the file:

 

<?xml version="1.0" encoding="UTF-8" ?>
- <wsdl:definitions name="IBackend" targetNamespace="http://service.engine.ovirt.org" xmlns:ns1="http://schemas.xmlsoap.org/wsdl/soap/http" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
ad Active Contributor 210 points
20 December 2011 10:18 AM

I have copied-and-pasted an extract from: /var/log/jbossas/rhevm-slimmed/console.log file.

 

Should I care about the:

WARNING [config] Unable to process deployment descriptor for context

messages or not?

 

Thank you.

 

 

19:44:30,794 INFO  [DefaultEndpointRegistry] register: jboss.ws:context=rhevm-rhevm-genericapi,endpoint=GenericApiService
19:44:30,816 INFO  [DescriptorDeploymentAspect] Add Service
 id=GenericApiService
 address=http://rhev3.mydomain:8080/rhevm-rhevm-genericapi/GenericApiService
 implementor=org.ovirt.engine.ui.genericapi.GenericApiService
 invoker=org.jboss.wsf.stack.cxf.InvokerEJB3
 mtomEnabled=false
19:44:30,819 INFO  [DescriptorDeploymentAspect] JBossWS-CXF configuration generated: file:/var/lib/jbossas/server/rhevm-slimmed/tmp/jbossws/jbossws-cxf2720315855674429622.xml
19:44:31,025 INFO  [TomcatDeployment] deploy, ctxPath=/rhevm-rhevm-genericapi
19:44:31,137 WARNING [config] Unable to process deployment descriptor for context '/rhevm-rhevm-genericapi'
19:44:31,137 INFO  [config] Initializing Mojarra (1.2_13-b01-FCS) for context '/rhevm-rhevm-genericapi'
19:44:31,270 INFO  [TomcatDeployment] deploy, ctxPath=/Components
19:44:31,339 INFO  [TomcatDeployment] deploy, ctxPath=/api
19:44:31,953 INFO  [[/api]] Initializing Spring root WebApplicationContext
19:44:33,223 INFO  [TomcatDeployment] deploy, ctxPath=/rhev-docs
19:44:33,259 INFO  [TomcatDeployment] deploy, ctxPath=/RHEVManager
19:44:33,291 INFO  [TomcatDeployment] deploy, ctxPath=/RHEVManagerWeb
19:44:33,326 INFO  [TomcatDeployment] deploy, ctxPath=/UserPortal
19:44:33,389 INFO  [TomcatDeployment] deploy, ctxPath=/webadmin
19:44:33,406 WARNING [config] Unable to process deployment descriptor for context '/webadmin'
19:44:33,406 INFO  [config] Initializing Mojarra (1.2_13-b01-FCS) for context '/webadmin'
19:44:33,516 INFO  [ProfileServiceBootstrap] Loading profile: ProfileKey@7d846aed[domain=default, server=default, name=rhevm-slimmed]
19:44:33,527 INFO  [Http11Protocol] Arrancando Coyote HTTP/1.1 en puerto http-0.0.0.0-8080
19:44:33,551 INFO  [AjpProtocol] Arrancando Coyote AJP/1.3 en ajp-0.0.0.0-8009
19:44:33,570 INFO  [Http11Protocol] Arrancando Coyote HTTP/1.1 en puerto http-0.0.0.0-8443
19:44:33,581 INFO  [ServerImpl] JBoss (Microcontainer) [5.1.2 (build: SVNTag=JBPAPP_5_1_2 date=201111102209)] Started in 46s:474ms
ma Active Contributor 135 points
20 December 2011 11:17 AM

Piccolo Aiuto,

controlla il file /etc/resolv.conf

e controlla l'hostname.

 

Ho avuto lo stesso problema e l'ho risolto controllando questi file.

 

----little- english-------

 

Little Help,

control the file /etc/resolv.conf

 

e control the name of host

 

The my problem was solved with these controls.

 

Mauro

 

 

ad Active Contributor 210 points
20 December 2011 11:42 AM

Ok. I have done:

 

http://www.xenocafe.com/tutorials/linux/redhat/change_hostname_without_reboot/index.php

 

restarted network and restarted jbossas service.

 

I haven't tried to connect from IE7 but I have got the same errors at rhevm.log file.

 

So I think that your tip has not worked for me.

 

Thank you anyway!

ad Active Contributor 210 points
22 December 2011 3:32 PM

I think that RHEV 3 is in beta status so I have to use beta channels.

 

So I have to use:

 

rhn-channel -v -u YOUR-RHN-USERNAME -a -c rhel-x86_64-server-6-beta -c rhel-x86_64-server-6-rhevm-3-beta -c rhel-x86_64-server-6-rhevm-3-jboss-5-beta -c rhel-x86_64-server-supplementary-6-beta -c rhel-x86_64-server-supplementary-6

instead of:

 

rhn-channel -v -u YOUR-RHN-USERNAME -a -c rhel-x86_64-server-6-rhevm-3 -c rhel-x86_64-server-6-rhevm-3-jboss-5 -c rhel-x86_64-server-supplementary-6

.

As seen on:

 

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization/3.0/html/Evaluation_Guide/Evaluation_Guide-Single_Host.html#Evaluation_Guide-Install_RHEVM

 

Am I perhaps making a bad assumption about the beta status and I should use the stable channels instead?

 

Am I not using the right instructions perhaps?

 

Thank you.

ad Active Contributor 210 points
23 December 2011 10:47 AM

  I attach /usr/share/rhevm/conf/rhevm-config-install.properties contents.

 

  Include has plenty of variable assignations and this file has not any assignation. I was asking myself if it was ok or not.

 

  I just hope it helps on debugging my problem. I might finish making a video of all the process. Or a document.

 

Any other ideas on how to debug this? I suppose that it's not easy to insert a hook in the java application that opens port 8006, 8007 and 8008. Is it? Because they don't get ever opened in my case.

 

include=/etc/rhevm/rhevm-config/rhevm-config.properties

SQLServerSearchTemplate
OrganizationName
CertAlias
InstallVds
TruststoreUrl
PostgresSearchTemplate
RHEVMEARLib
ScriptsPath
UseSecureConnectionWithServers
VdsErrorsFileName
SQLServerPagingSyntax
DataDir
AsyncPollingCyclesBeforeCallbackCleanup
AsyncPollingCyclesBeforeRefreshSuspend
SQLServerPagingType
keystoreUrl
keystorePass
PostgresPagingSyntax
PostgresPagingType
ConfigDir
SignScriptName
CARhevmKey
BootstrapInstallerFileName
CACertificatePath
TruststorePass
PublicURLPort
AdUserId
VdcVersion
LdapServers
MinimalETLVersion
AdminPassword
DY Guru 5340 points
23 December 2011 11:25 AM

Hi Adrian,

 

Can we try something a bit different instead:

1. Start up IE, and browse to http://your.rhev-m.com:8080

2. In there, click the "Administrator Portal (no SSL) link

3. At this point you should be presented with the certificate installation prompt, or if you already installed it, you should see the client downloaded and started in the IE window.

4. Once the client is started, you should be presented with the login prompt. As I understand, this is where you get the message about service connection failure. 

 

Please confirm this is exactly how you get to this point

ad Active Contributor 210 points
23 December 2011 11:38 AM

Yes, that's exactly what I have done.

 

The same thing happens if I try the SSL/8443 (Choosing Administrador portal without the (No ssl)) way accepting all the certificates as you requested in another thread.

DY Guru 5340 points
23 December 2011 2:11 PM

Any firewalls/proxies between your client machine and the RHEV-M?

ad Active Contributor 210 points
23 December 2011 3:18 PM

  I'm still thinking that I am missing something because ports 8006, 8007 and 8008 are not available from the RHEVM machine itself. If RHEVM beta 3 is working ok is it normal not being to able to access them from inside RHEVM machine itself?

 

About firewall: No. That I am not aware of it.

 

Windows has Windows firewall disabled.

 

Windows machine is inside a Virtualbox in my laptop. It connects to the internet thanks to the "Host-only vboxnet0".

 

About the rhevm3 machine is being virtualized by Virtualbox and uses an ip-fail-over.

 

My laptop in order to allow vboxnet0 internet connection is setup as:

 

echo -e "\n\nLoading simple rc.firewall-iptables version $FWVER..\n"
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe

EXTIF="eth1"
INTIF="vboxnet0"
INTIF2="vboxnet1"
INTIF3="vboxnet2"
#INTIF4="vboxnet3"
#INTIF5="vboxnet4"
#INTIF6="vboxnet5"

echo "   External Interface:  $EXTIF"
echo "   Internal Interface:  $INTIF"
echo "   Internal Interface:  ${INTIF2}"
echo "   Internal Interface:  ${INTIF3}"
#echo "   Internal Interface:  ${INTIF4}"
#echo "   Internal Interface:  ${INTIF5}"
#echo "   Internal Interface:  ${INTIF6}"

#======================================================================
#== No editing beyond this line is required for initial MASQ testing ==
echo -en "   loading modules: "
echo "  - Verifying that all kernel modules are ok"
$DEPMOD -a
echo "----------------------------------------------------------------------"
echo -en "ip_tables, "
$MODPROBE ip_tables
echo -en "nf_conntrack, "
$MODPROBE nf_conntrack
echo -en "nf_conntrack_ftp, "
$MODPROBE nf_conntrack_ftp
echo -en "nf_conntrack_irc, "
$MODPROBE nf_conntrack_irc
echo -en "iptable_nat, "
$MODPROBE iptable_nat
echo -en "nf_nat_ftp, "
$MODPROBE nf_nat_ftp
echo "----------------------------------------------------------------------"
echo -e "   Done loading modules.\n"
echo "   Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "   Enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo "   Clearing any existing rules and setting default policy.."

iptables-restore <<-EOF
*nat
-A POSTROUTING -o "$EXTIF" -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -i "$EXTIF" -o "$INTIF" -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i "$INTIF" -o "$EXTIF" -j ACCEPT
-A FORWARD -i "$EXTIF" -o "$INTIF2" -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i "$INTIF2" -o "$EXTIF" -j ACCEPT
-A FORWARD -i "$EXTIF" -o "$INTIF3" -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i "$INTIF3" -o "$EXTIF" -j ACCEPT
-A FORWARD -j LOG
COMMIT
EOF

Thank you for any more hints you might give me.

DY Guru 5340 points
23 December 2011 4:41 PM

it seems more and more like you have a rhev-m setup gone wrong, OR there might be some really serious network weirdness happening there. Did RHEV-M install without issues? Any chance of trying to connect to the GUI without virtualbox in the way, some Windows laptop in a dark corner of the building maybe?

ad Active Contributor 210 points
25 December 2011 11:44 AM

>Any chance of trying to connect to the GUI without virtualbox in the way, some Windows >laptop in a dark corner of the building maybe.

 

:(

 

It works! The Windows physical machine does work!

 

I am going to try with virtualized machine but using NAT or BRIDGE instead of hostonly+router connection.

 

I need to find what makes a windows xp not being able to connect to Administrator portal.

 

Thank you very much for your effort and patience.

 

I am not able to access 8006, 8007, 8008 ports from inside rhevm machine though. Is the documentation outdated about these ports?

 

Thank you.

ad Active Contributor 210 points
25 December 2011 6:33 PM

I just wanted to share with you that I have virtualized Windows 7 and it does work.

 

I did some more tests (bridged and nat networking setup on vbox) with my wxp but I was unable to make it work.

 

I suppose that if I install a raw wxp (just installed wxp) everything should work ok but I have not actually tested it.

 

So... you can close this thread and mark as solved. (Or whatever you do in this forum ;) )

But just before closing explain about the MPF ports not being open and thus documentation being wrong... or not.

 

Thank you!

DY Guru 5340 points
26 December 2011 8:54 AM

Great to hear it worked for you, thanks for keeping at it while we tried to figure out what was going on

 

Looking at my setup, I also don't see it listening to ports 8006-8009, this is likely a documentation bug I'll report in a minute. These ports were relevant in RHEV 2.x, when the WPF portal was running on IIS, so I do apologise for misleading you there.