Bug 1119420
| Summary: | Ovirt compute resource doesn't work with wildcard certs | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Rich Jerrido <rjerrido> |
| Component: | Provisioning | Assignee: | Lukas Zapletal <lzap> |
| Status: | CLOSED NOTABUG | QA Contact: | Katello QA List <katello-qa-list> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.0.3 | CC: | batkisso, bkearney, jmontleo, ohadlevy, omaciel, rjerrido, vvasilev |
| Target Milestone: | Unspecified | Keywords: | Triaged |
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| URL: | http://projects.theforeman.org/issues/7516 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-09-26 12:37:30 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Rich Jerrido
2014-07-14 18:13:20 UTC
Since this issue was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release. As a temporary workaround, the following works to disable SSL verification:
from Lukas Zapletal <lzap>:
"locate rvovirt.rb file and change the VERIFY_PEER to VERIFY_NONE
[root@hp-sl2x170zg6-01 ~]# locate rbovirt.rb
/opt/rh/ruby193/root/usr/share/gems/gems/rbovirt-0.0.28/lib/rbovirt.rb
[root@hp-sl2x170zg6-01 ~]# grep VERIFY_PEER /opt/rh/ruby193/root/usr/share/gems/gems/rbovirt-0.0.28/lib/rbovirt.rb
verify_options = {:verify_ssl => OpenSSL::SSL::VERIFY_PEER}
Then restart Satellite 6:
service httpd restart"
Rich, can you share with me how you deployed the certificate? Is this documented in RHEV materials? I would like to reproduce. We followed the instructions documented in the RHEV 3.2/3.3 documentation (https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.3/html-single/Administration_Guide/index.html#Replacing_the_SSL_certificate_used_by_Red_Hat_Enterprise_Virtualization_Manager_to_identify_itself_to_users_connecting_over_https) to replace the default self-signed certificate with the wildcard certificate. I'm getting this same error with Satellite 6.0.4 using RHEV 3.4 with a custom certificate, which was issued by IPA/IdM. This is not a wildcard cert, but it's not the RHEV-generated cert either. The Compute Resource never actually gets to the point of trying the username/password. Created redmine issue http://projects.theforeman.org/issues/7516 from this bug Ok I am closing this issue because I am unable to reproduce. I was able to setup my oVirt/RHEV with wildcard certs easily. There is other issue/bug which is very relevant to this problem: https://bugzilla.redhat.com/show_bug.cgi?id=1143941 http://projects.theforeman.org/issues/7522 Until it was not resolved, I was not able to setup *any* other CA than the self-signed cert from RHEV. Therefore I believe the bug solved your error. In any case, feel free to reopen if you still think this is an issue. The 1143941 is scheduled for 6.1 release. |