hi netreality,
I have sent private message.
1 Like
Hi.
Could you please help me with configuring email settings?
We get error:
Error
Error on sending mail: unable to verify the first certificate
This is on port 587 with STARTTLS.
Kind regards
Ciao,
ho un problema nella creazione dell' OVA
mi viene fuori l' errore in allegato
come posso risolvere?
- cnmaestro2-1-0.JPG (77.1 KB)
You have to use OVF vmware tool to convert from SHA256 to SHA1. Or use vmware greater than 6.5
Kind regards
Having issues booting the OVA provided online. Runing xen 6.5 it fails to emergency boot console.
Tried it on a VMware 6.5u1 box I run personally and it boots fine.
Anyone else running Xen figure out how to get this OVA to boot?
The current 2.1.0 release is using sha256 hashing if you extract the ova file and see the .mf file (the previous version 1.6.1-r10 was using SHA1)
Vmware changed the default hashing from SHA1 to SHA256 from OVFTOOL 4.2 onwards
If you are using vShpere C# client to import the latest OVA then you might run into an issue which says
"Invalid OVF manifest entry"
You need to convert the OVA from sha256 to sha1 using ovftool
Here is the KB article from Vmware on how to do it.
https://kb.vmware.com/s/article/2151537
Please see below post about the issue described above
Regards,
Rupam
Trying to upgrade from Version 1.6.3-r19 to Version 1.6.3-r39 so I can download the proper backup, but I get the following error.
Ran into two snags, the first which I was able to workaround, and the second of which I cannot...
1. The file export in 1.6.3 does not use https,so it broke the srcnat rule I had been using for the VM. It took a while to understand why it wasn't letting me actually download, but I found I could use the raw IP address of the server to get around it and download the file.
2. The SHA256 hash is not compatible with ESXi 5.5, and I can't seem to install the OVF tool (both 32-bit and 64-bit just fail during install) to try to fix this on my system. Any chance Cambium can release a version of this new OVA using an SHA1 hash in the mf file so we don't have to jump through hoops of fire to install it?
(according to at least one site, this can be done by running a "--shaAlgorithm=sha1" command in the CLI before generating the OVA file)
1 Like
@fabrizio88 wrote:Ciao,
ho un problema nella creazione dell' OVA
mi viene fuori l' errore in allegato
come posso risolvere?
Nonostante siano tanti gli italiani a comprare prodotti Cambium dubito che ti risponderanno se scriverai nella nostra lingua :D scrivi in inglese ;)
I am also running XEN 6.5. Same issue with Ubuntu booting into Emergency Mode. I have been running cnMaestro on this same platform for a long time now. Upgrade to 1.6.3-r39 went smoothly. But spinning up the 2.1.0-r21 OVA is being troublesome.
Some clues by running "journalctl -xb"
systemd: dev-sdb1.device:Job dev-sdb1.device/start timed out.
systemd: Dependency failed for /mnt/data.
systemd: Dependency failed for Local File Systems.
Unit dev-sdb1.device has failed.
So I ran it through Gparted filesystem repair on all 3 partitions. No dice.
Hi dshea
Another customer was facing the same issue and he is using Esxi 4.0 with vSphere C# client to upload the ovf file and it was throwing the manifest checksum error, the workaround is to download the below ovftool version 4.2
Download ovftool 4.2 from here: https://my.vmware.com/web/vmware/details?productId=614&downloadGroup=OVFTOOL420
And you can import the 2.1 OVA from the command line by passing --shaAlgorithm=sha1
ovftool.exe --shaAlgorithm=sha1 --datastore=datastore1 --network="<name of the network>" C:\Users\xxxx\Downloads\cnmaestro-on-premises_2.1.0-r21_amd64.ova vi://root@x.x.x.x
Regards,
Rupam
1 Like
Hi Ryan
I sent you private message, would like remote session to debug why the package update is failing when you apply 1.6.3-r39 on top of 1.6.3-r19.
Rupam
YES, PLEASE FIX THE OVA FILE!!!
1 Like
FYI your link doesn't go to the right page on vmware's site.
please for the love of god, can you just fix the file for us and repost??
1 Like
From a security standpoint, this is a positive change by VMWare as SHA1 is no longer considered a secure hashing algorithm and a stronger version should be used. It also turns out that the vSphere C# Client can only support SHA1.
You can download the ovftool 4.2
https://my.vmware.com/group/vmware/details?downloadGroup=OVFTOOL420&productId=491
Rupam
1 Like
vmware’s OVF tool for mac has an expired cert :-/
i’m not installing something that’s insecure.
PLEASE JUST FIX THE DANG OVA FILE!!! PLEASE!!!!!!!
1 Like
Tried the upgrade to r39 with a different computer and it worked succesfully. I'm not sure what was going on, maybe a cache issue?
I'm also running ESXi 5.5 on this box and I ran the ovftool and the new vm imported fine. I don't think cambium should change the file from SHA256. We need to keep our boxes more updated.
1 Like
Hi Sean -- we are hesitant to replace the current OVA with one leveraging SHA-1 digests, because SHA-1 is no longer considered secure (it was dropped by VMware for good reason). Instead, I am including a script written for Linux, but also tested on Mac command line, which converts the SHA-256 OVA digests to SHA-1. Just run the code as an executable (chmod +x <filename>), and point it to your downloaded OVA file (cnmaestro_sha_convert <OVA file>). If this really doesn't work for you, then ping Rupam or I by private message, and we can look at providing access to the file generated by the script below.
#!/bin/bash -e
# Script to convert a cnMaestro OVA to SHA-1 digests
SOURCE=${1}
TMPDIR=cnmaestro_tmp
if [[ -z ${SOURCE} ]]; then
echo "Usage: ${0} <OVA file>"
exit 1
elif [[ ! -f ${SOURCE} ]]; then
echo "OVA file does not exist: ${SOURCE}"
exit 1
fi
OVF_FILE=$(tar tf ${SOURCE} | grep "\.ovf")
PREFIX=${OVF_FILE%.ovf}
rm -rf ./${TMPDIR}
mkdir -p ./${TMPDIR}
echo "Unpacking OVA file"
tar xvf ${SOURCE} -C ./${TMPDIR} > /dev/null
cd ${TMPDIR}
echo "Generating SHA-1 digests"
openssl dgst -sha1 ${PREFIX}.ovf > ${PREFIX}.mf
openssl dgst -sha1 ${PREFIX}-disk1.vmdk >> ${PREFIX}.mf
openssl dgst -sha1 ${PREFIX}-disk2.vmdk >> ${PREFIX}.mf
SHA1_FILE=${PREFIX}-sha1.ova
echo "Rebuilding OVA file: ${SHA1_FILE}"
tar cvf ${SHA1_FILE} ${PREFIX}.ovf ${PREFIX}.mf ${PREFIX}-disk*.vmdk* > /dev/null
echo "SHA-1 OVA: $(pwd)/${SHA1_FILE}"
5 Likes
Re: Xen issues, I was able to get it to boot. In the emergency console at root (sudo -s) shell type:
vi /etc/fstab
Change the mount point for the 2nd disk from /sdb1 to /xvdb1
Type :wq
Reboot
Tim
3 Likes