oVirt Engine setup fails - Command '/usr/bin/ovirt-aaa-jdbc-tool' failed to execute

[carun-netapp]

Affected version

• oVirt Engine: ovirt-engine-4.5.6-1.el8.noarch
• Host OS Variant: CentOS 8 Stream
• VDSM version: vdsm-4.50.5.1-1.el8.x86_64
• Additional relevant package versions: Please refer to the other package versions from sosreport.

Describe the bug

engine-setup fails with following error: " Failed to execute stage 'Misc configuration': Command '/usr/bin/ovirt-aaa-jdbc-tool' failed to execute "

To reproduce Run $engine-setup and follow the default installer options for setup.

Expected behavior $engine-setup is expected to finish with out any setup issues.

Screenshots

[root@R650xs-13-211 ~]# engine-setup [ INFO ] Stage: Initializing [ INFO ] Stage: Environment setup Configuration files: /etc/ovirt-engine-setup.conf.d/10-packaging-jboss.conf, /etc/ovirt-engine-setup.conf.d/10-packaging.conf Log file: /var/log/ovirt-engine/setup/ovirt-engine-setup-20240517205118-wzuv8f.log Version: otopi-1.10.4 (otopi-1.10.4-1.el8) [ INFO ] Stage: Environment packages setup [ INFO ] Stage: Programs detection [ INFO ] Stage: Environment setup (late) [ INFO ] Stage: Environment customization

      --== PRODUCT OPTIONS ==--

      Configure Cinderlib integration (Currently in tech preview) (Yes, No) [No]:
      Configure Engine on this host (Yes, No) [Yes]:

      Configuring ovirt-provider-ovn also sets the Default cluster's default network provider to ovirt-provider-ovn.
      Non-Default clusters may be configured with an OVN after installation.
      Configure ovirt-provider-ovn (Yes, No) [Yes]:
      Configure WebSocket Proxy on this host (Yes, No) [Yes]:

      * Please note * : Data Warehouse is required for the engine.
      If you choose to not configure it on this host, you have to configure
      it on a remote host, and then configure the engine on this host so
      that it can access the database of the remote Data Warehouse host.
      Configure Data Warehouse on this host (Yes, No) [Yes]:

      * Please note * : Keycloak is now deprecating AAA/JDBC authentication module.
      It is highly recommended to install Keycloak based authentication.
      Configure Keycloak on this host (Yes, No) [Yes]:
      Configure VM Console Proxy on this host (Yes, No) [Yes]:
      Configure Grafana on this host (Yes, No) [Yes]:

      --== PACKAGES ==--

[ INFO ] Checking for product updates... [ INFO ] No product updates found

      --== NETWORK CONFIGURATION ==--

      Host fully qualified DNS name of this server [R650xs-13-211.lab.eng.btc.netapp.in]:

      Setup can automatically configure the firewall on this system.
      Note: automatic configuration of the firewall may overwrite current settings.
      Do you want Setup to configure the firewall? (Yes, No) [Yes]:

[ INFO ] firewalld will be configured as firewall manager.

      --== DATABASE CONFIGURATION ==--

      Where is the DWH database located? (Local, Remote) [Local]:

      Setup can configure the local postgresql server automatically for the DWH to run. This may conflict with existing applications.
      Would you like Setup to automatically configure postgresql and create DWH database, or prefer to perform that manually? (Automatic, Manual) [Automatic]:
      Where is the Keycloak database located? (Local, Remote) [Local]:

      Setup can configure the local postgresql server automatically for the Keycloak to run. This may conflict with existing applications.
      Would you like Setup to automatically configure postgresql and create Keycloak database, or prefer to perform that manually? (Automatic, Manual) [Automatic]:
      Where is the Engine database located? (Local, Remote) [Local]:

      Setup can configure the local postgresql server automatically for the engine to run. This may conflict with existing applications.
      Would you like Setup to automatically configure postgresql and create Engine database, or prefer to perform that manually? (Automatic, Manual) [Automatic]:

      --== OVIRT ENGINE CONFIGURATION ==--

      Engine admin password:
      Confirm engine admin password:
      Application mode (Virt, Gluster, Both) [Both]:
      Use Engine admin password as initial keycloak admin password (Yes, No) [Yes]:

      --== STORAGE CONFIGURATION ==--

      Default SAN wipe after delete (Yes, No) [No]:

      --== PKI CONFIGURATION ==--

      Found existing PKI files, but /etc/pki/ovirt-engine/ca.pem is missing. If you continue, Setup will overwrite existing PKI files with new ones, including /etc/pki/ovirt-engine/ca.pem. After
      Setup completes you must reinstall or re-enroll certificates for all your hosts.

      If /etc/pki/ovirt-engine/ca.pem was accidentally deleted, stop Setup, restore /etc/pki/ovirt-engine/ca.pem from backup (/etc/pki/ovirt-engine/certs/ca.der), and then run Setup again.

      Continue with Setup and overwrite existing PKI files? (Yes, No) [No]:Yes
      Organization name for certificate [lab.eng.btc.netapp.in]:

      --== APACHE CONFIGURATION ==--

      Setup can configure the default page of the web server to present the application home page. This may conflict with existing applications.
      Do you wish to set the application as the default page of the web server? (Yes, No) [Yes]:

      Setup can configure apache to use SSL using a certificate issued from the internal CA.
      Do you wish Setup to configure that, or prefer to perform that manually? (Automatic, Manual) [Automatic]:

      --== SYSTEM CONFIGURATION ==--

      --== MISC CONFIGURATION ==--

      Please choose Data Warehouse sampling scale:
      (1) Basic
      (2) Full
      (1, 2)[1]:
      Use Engine admin password as initial Grafana admin password (Yes, No) [Yes]:

      --== END OF CONFIGURATION ==--

[ INFO ] Stage: Setup validation

      --== CONFIGURATION PREVIEW ==--

      Application mode                        : both
      Default SAN wipe after delete           : False
      Host FQDN                               : R650xs-13-211.lab.eng.btc.netapp.in
      Firewall manager                        : firewalld
      Update Firewall                         : True
      Set up Cinderlib integration            : False
      Configure local Engine database         : True
      Set application as default page         : True
      Configure Apache SSL                    : True
      Keycloak installation                   : True
      Engine database host                    : localhost
      Engine database port                    : 5432
      Engine database secured connection      : False
      Engine database host name validation    : False
      Engine database name                    : engine
      Engine database user name               : engine
      Engine installation                     : True
      PKI organization                        : lab.eng.btc.netapp.in
      Set up ovirt-provider-ovn               : True
      DWH installation                        : True
      DWH database host                       : localhost
      DWH database port                       : 5432
      DWH database secured connection         : False
      DWH database host name validation       : False
      DWH database name                       : ovirt_engine_history
      Configure local DWH database            : True
      Grafana integration                     : True
      Grafana database user name              : ovirt_engine_history_grafana
      Keycloak database host                  : localhost
      Keycloak database port                  : 5432
      Keycloak database secured connection    : False
      Keycloak database host name validation  : False
      Keycloak database name                  : ovirt_engine_keycloak
      Keycloak database user name             : ovirt_engine_keycloak
      Configure local Keycloak database       : True
      Configure VMConsole Proxy               : True
      Configure WebSocket Proxy               : True

      Please confirm installation settings (OK, Cancel) [OK]:

[ INFO ] Stage: Transaction setup [ INFO ] Stopping engine service [ INFO ] Stopping ovirt-fence-kdump-listener service [ INFO ] Stopping dwh service [ INFO ] Stopping vmconsole-proxy service [ INFO ] Stopping websocket-proxy service [ INFO ] Stage: Misc configuration (early) [ INFO ] Stage: Package installation [ INFO ] Stage: Misc configuration [ INFO ] Upgrading CA [ INFO ] Creating PostgreSQL 'engine' database [ INFO ] Configuring PostgreSQL [ INFO ] Creating PostgreSQL 'ovirt_engine_history' database [ INFO ] Configuring PostgreSQL [ INFO ] Creating PostgreSQL 'ovirt_engine_keycloak' database [ INFO ] Configuring PostgreSQL [ INFO ] Creating CA: /etc/pki/ovirt-engine/ca.pem [ INFO ] Creating CA: /etc/pki/ovirt-engine/qemu-ca.pem [ INFO ] Creating a user for Grafana [ INFO ] Setting up ovirt-vmconsole proxy helper PKI artifacts [ INFO ] Setting up ovirt-vmconsole SSH PKI artifacts [ INFO ] Configuring WebSocket Proxy [ INFO ] Creating/refreshing Engine database schema [ INFO ] Creating/refreshing DWH database schema [ INFO ] Updating OVN SSL configuration [ INFO ] Updating OVN timeout configuration [ INFO ] Creating/refreshing Engine 'internal' domain database schema [ ERROR ] Failed to execute stage 'Misc configuration': Command '/usr/bin/ovirt-aaa-jdbc-tool' failed to execute <----- [ INFO ] DNF Performing DNF transaction rollback [ INFO ] Rolling back database schema [ INFO ] Clearing Engine database engine [ INFO ] Rolling back DWH database schema [ INFO ] Clearing DWH database ovirt_engine_history [ INFO ] Stage: Clean up Log file is located at /var/log/ovirt-engine/setup/ovirt-engine-setup-20240517205118-wzuv8f.log [ INFO ] Generating answer file '/var/lib/ovirt-engine/setup/answers/20240517205443-setup.conf' [ INFO ] Stage: Pre-termination [ INFO ] Stage: Termination [ ERROR ] Execution of setup failed [root@R650xs-13-211 ~]#

Manual verfication of the failed script:

[root@R650xs-13-211 ~]# [root@R650xs-13-211 ~]# file /usr/bin/ovirt-aaa-jdbc-tool /usr/bin/ovirt-aaa-jdbc-tool: symbolic link to /usr/share/ovirt-engine-extension-aaa-jdbc/bin/ovirt-aaa-jdbc-tool.sh [root@R650xs-13-211 ~]# [root@R650xs-13-211 ~]# [root@R650xs-13-211 ~]# ls -l /usr/bin/ovirt-aaa-jdbc-tool lrwxrwxrwx. 1 root root 69 Oct 3 2022 /usr/bin/ovirt-aaa-jdbc-tool -> /usr/share/ovirt-engine-extension-aaa-jdbc/bin/ovirt-aaa-jdbc-tool.sh [root@R650xs-13-211 ~]# [root@R650xs-13-211 ~]# [root@R650xs-13-211 ~]# /usr/bin/ovirt-aaa-jdbc-tool Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false May 17, 2024 10:57:46 PM org.ovirt.engine.extension.aaa.jdbc.binding.cli.Cli main SEVERE: Unexpected Exception invoking Cli: Could not read properties from: /etc/ovirt-engine/aaa/internal.properties [root@R650xs-13-211 ~]# [root@R650xs-13-211 ~]# [root@R650xs-13-211 ~]# file /etc/ovirt-engine/aaa/internal.properties /etc/ovirt-engine/aaa/internal.properties: cannot open `/etc/ovirt-engine/aaa/internal.properties' (No such file or directory) [root@R650xs-13-211 ~]# [root@R650xs-13-211 ~]# ls -l /etc/ovirt-engine/aaa/internal.properties ls: cannot access '/etc/ovirt-engine/aaa/internal.properties': No such file or directory [root@R650xs-13-211 ~]# [root@R650xs-13-211 ~]# yum provides "/etc/ovirt-engine/aaa/internal.properties" Last metadata expiration check: 2:24:30 ago on Fri 17 May 2024 08:34:46 PM IST. Error: No Matches found [root@R650xs-13-211 ~]#

Additional context

[root@R650xs-13-211 ~]# cat /var/lib/ovirt-engine/setup/answers/20240517205443-setup.conf

OTOPI answer file, generated by human dialog

[environment:default] QUESTION/1/GRAFANA_USE_ENGINE_ADMIN_PASSWORD=str:yes QUESTION/1/KEYCLOAK_USE_ENGINE_ADMIN_PASSWORD=str:yes QUESTION/1/OVESETUP_APACHE_CONFIG_ROOT_REDIRECTION=str:yes QUESTION/1/OVESETUP_APACHE_CONFIG_SSL=str:automatic QUESTION/1/OVESETUP_CONFIG_ADMIN_SETUP=str:netapp@1 QUESTION/1/OVESETUP_CONFIG_APPLICATION_MODE=str:both QUESTION/1/OVESETUP_CONFIG_SAN_WIPE_AFTER_DELETE=str:no QUESTION/1/OVESETUP_CONFIG_VMCONSOLE_PROXY=str:yes QUESTION/1/OVESETUP_CONFIG_WEBSOCKET_PROXY=str:yes QUESTION/1/OVESETUP_DIALOG_CONFIRM_SETTINGS=str:ok QUESTION/1/OVESETUP_DWH_ENABLE=str:yes QUESTION/1/OVESETUP_DWH_PROVISIONING_POSTGRES_ENABLED=str:automatic QUESTION/1/OVESETUP_DWH_PROVISIONING_POSTGRES_LOCATION=str:local QUESTION/1/OVESETUP_DWH_SCALE=str:1 QUESTION/1/OVESETUP_ENGINE_ENABLE=str:yes QUESTION/1/OVESETUP_GRAFANA_ENABLE=str:yes QUESTION/1/OVESETUP_KEYCLOAK_ENABLE=str:yes QUESTION/1/OVESETUP_KEYCLOAK_PROVISIONING_POSTGRES_ENABLED=str:automatic QUESTION/1/OVESETUP_KEYCLOAK_PROVISIONING_POSTGRES_LOCATION=str:local QUESTION/1/OVESETUP_NETWORK_FQDN_this=str:R650xs-13-211.lab.eng.btc.netapp.in QUESTION/1/OVESETUP_PKI_ORG=str:lab.eng.btc.netapp.in QUESTION/1/OVESETUP_PKI_VERIFY_MISSING_CA_PEM=str:yes QUESTION/1/OVESETUP_PROVISIONING_POSTGRES_ENABLED=str:automatic QUESTION/1/OVESETUP_PROVISIONING_POSTGRES_LOCATION=str:local QUESTION/1/OVESETUP_UPDATE_FIREWALL=str:yes QUESTION/1/ovirt-cinderlib-enable=str:no QUESTION/1/ovirt-provider-ovn=str:yes QUESTION/2/OVESETUP_CONFIG_ADMIN_SETUP=str:netapp@1 [root@R650xs-13-211 ~]#

[carun-netapp]

ovirt-engine-setup-20240517205118-wzuv8f.log

[carun-netapp]

pls rename the .zip extension to .tar.xz

sosreport-LogCollector-20240517232602.zip

[carun-netapp]

pls rename the .zip extension to .tar.xz sosreport-R650xs-13-211-issue945-2024-05-17-hpehten.zip

[JaroslavSpanko]

The engine-setup fails on the ovirt-aaa-jdbc-tool

2024-05-17 20:54:31,723+0530 DEBUG otopi.plugins.ovirt_engine_setup.ovirt_engine.config.aaajdbc plugin.execute:926 execute-output: ('/usr/bin/ovirt-aaa-jdbc-tool', '--db-config=/etc/ovirt-engine/aaa/internal.properties', 'query', '--what=user', '--pattern=name=admin') stderr:
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
May 17, 2024 8:54:31 PM org.ovirt.engine.extension.aaa.jdbc.binding.cli.Cli main 
SEVERE: Unexpected Exception invoking Cli: com/ongres/scram/common/stringprep/StringPreparation

2024-05-17 20:54:31,723+0530 DEBUG otopi.context context._executeMethod:145 method exception
Traceback (most recent call last): 
  File "/usr/lib/python3.6/site-packages/otopi/context.py", line 132, in _executeMethod
    method['method']()
  File "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/config/aaajdbc.py", line 414, in _misc
    self._setupAdminUser()
  File "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/config/aaajdbc.py", line 301, in _setupAdminUser
    name=adminUser,
  File "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/config/aaajdbc.py", line 55, in _userExists
    envAppend=toolEnv,
  File "/usr/lib/python3.6/site-packages/otopi/plugin.py", line 931, in execute
    command=args[0],
RuntimeError: Command '/usr/bin/ovirt-aaa-jdbc-tool' failed to execute
2024-05-17 20:54:31,724+0530 ERROR otopi.context context._executeMethod:154 Failed to execute stage 'Misc configuration': Command '/usr/bin/ovirt-aaa-jdbc-tool' failed to execute
2024-05-17 20:54:31,724+0530 DEBUG otopi.transaction transaction.abort:124 aborting 'DNF Transaction'

All the properties files are missing

2024-05-17 20:54:31,280+0530 DEBUG otopi.transaction transaction._prepare:61 preparing 'File transaction for '/etc/ovirt-engine/aaa/internal.properties''
2024-05-17 20:54:31,280+0530 DEBUG otopi.filetransaction filetransaction.prepare:184 file '/etc/ovirt-engine/aaa/internal.properties' missing
2024-05-17 20:54:31,282+0530 DEBUG otopi.transaction transaction._prepare:61 preparing 'File transaction for '/etc/ovirt-engine/extensions.d/internal-authn.properties''
2024-05-17 20:54:31,282+0530 DEBUG otopi.filetransaction filetransaction.prepare:184 file '/etc/ovirt-engine/extensions.d/internal-authn.properties' missing
2024-05-17 20:54:31,290+0530 DEBUG otopi.transaction transaction._prepare:61 preparing 'File transaction for '/etc/ovirt-engine/extensions.d/internal-authz.properties''
2024-05-17 20:54:31,290+0530 DEBUG otopi.filetransaction filetransaction.prepare:184 file '/etc/ovirt-engine/extensions.d/internal-authz.properties' missing

[kandadeepak]

are you able to proceed without keyclock configuration?

Configure Keycloak on this host (Yes, No) [Yes]: No Use Engine admin password as initial keycloak admin password (Yes, No) [Yes]: No

[nf-brentsaner]

@kandadeepak I am experiencing the same exact error and no, the same error occurs even without keycloak:

[ INFO  ] Updating OVN SSL configuration
[ INFO  ] Updating OVN timeout configuration
[ INFO  ] Creating/refreshing Engine 'internal' domain database schema
[ ERROR ] Failed to execute stage 'Misc configuration': Command '/usr/bin/ovirt-aaa-jdbc-tool' failed to execute
[ INFO  ] DNF Performing DNF transaction rollback
[ INFO  ] Rolling back database schema
[ INFO  ] Clearing Engine database ovirt
[ INFO  ] Stage: Clean up
          Log file is located at /var/log/ovirt-engine/setup/ovirt-engine-setup-20240703180534-qyzmxh.log
[ INFO  ] Generating answer file '/var/lib/ovirt-engine/setup/answers/20240703183119-setup.conf'
[ INFO  ] Stage: Pre-termination
[ INFO  ] Stage: Termination
[ ERROR ] Execution of setup failed