Tools : Could not get OS type failed due to the SSL error - OMI ok - KO GUI

Hello, 

I have some issue since we migrated our opsbridge on external k8s (version 24.1).

We try to launch several tools using the ovdeploy command like : 

ovdeploy -cmd "date" -host MYNODE.MYDOMAIN -ovrg server from OBM GUI (monitored nodes -> right click -> tools -> my_tool with the upper command).

Everytime the output is :

Output:
ERROR: (depl-228) Could not get OS type.
(sec.core-113) SSL certificate verification error (The presented peer
certificate is not trusted. The certificate verification chain could
not be built.).

On my node in System.txt i have severals errors like that :

0: WRN: Mon Sep 16 13:22:46 2024: ovbbccb (229274/140365692237568): (bbc-90) The incoming HTTPS client connection from host 127.0.0.1 failed due to the SSL error:
1: WRN: Mon Sep 16 13:22:46 2024: ovbbccb (229274/140365692237568): (sec.core-116) An SSL connection IO error has occurred. This may be due to a network problem or an SSL handshake error. Possible causes for SSL handshake errors are that no certificate is installed, an invalid certificate is installed, or the peer does not trust the initiator's certificate.

My certificat is ok : 

ovcert -check

OvCoreId set : OK
Private key installed : OK
Certificate installed : OK
Certificate valid : OK
Trusted certificates installed : OK
Trusted certificates valid : OK

Check succeeded.

and other "simple tool" like ovpolicy -list working fine.

Moreover from OMI I have a answer : 

omiuser@omi-0:/> ovdeploy -cmd "date" -host MYNODE_MYDOMAIN -ovrg server
Mon Sep 16 15:13:07 CEST 2024

Has anyone encountered this problem? 

Thanks 


  • 0  

    I dont think the issue is with "your" certificate, but with the target server's certificate.

    can you try to run bbcutil -ping <host> ?

  • 0 in reply to   

    Yes, the communication is also good : 

    [root@XXXX ~]# bbcutil -ping MYOPSBRIDGE

    MYOPSBRIDGE:
    status=eServiceOK coreID=6bcb524e-87ec-75df-0692-a264d37d7349
    bbcV=12.25.006 appN=ovbbccb appV=12.25.006 conn=37 time=42 ms
    tlsVersion=TLSv1.3

    FROM HOST <-> OMI 


    I can spam several time no issue 

  • 0 in reply to 

    Can you try to run out of the box tools? it might be setting of your tool configuration.

  • Verified Answer

    +1  

    Hello Raphael,

    What did you set as target?

    Since you're using ovdeploy (to execute remotely), you will want to set target to Run on: Management server

    Also, to make this configurable, so that the ovdeploy goes to selected node to execute the command, you could use variable, e.g.:

    ovdeploy -cmd "date" -host ${opr.monitor.host} -ovrg server

    Finally, if you want to execute "date" on a particular managed node, then the easiest would be to create a tool to execute it directly without ovdeploy, e.g.:

    Command: date

    Target: Run on: Monitored host

    Best regards,

    Tobias

  • 0 in reply to   

    Hello, 

    There was a misunderstanding of tool execution on my part. 

    This tool was a test one just for this post. 

    I was using -host, pointing directly to the server, without going through the management server.

    Since i use the variable ${opr.monitor.host} it's working better.

    I'm waiting for feedback from my level 1 support 
    because I may have other cases without ovdeploy, but as it is, it has already debugged a few tools,

    Thanks for the quick answers !