Bug 1119420
Summary: | Ovirt compute resource doesn't work with wildcard certs | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Rich Jerrido <rjerrido> |
Component: | Provisioning | Assignee: | Lukas Zapletal <lzap> |
Status: | CLOSED NOTABUG | QA Contact: | Katello QA List <katello-qa-list> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.0.3 | CC: | batkisso, bkearney, jmontleo, ohadlevy, omaciel, rjerrido, vvasilev |
Target Milestone: | Unspecified | Keywords: | Triaged |
Target Release: | Unused | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
URL: | http://projects.theforeman.org/issues/7516 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-09-26 12:37:30 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Rich Jerrido
2014-07-14 18:13:20 UTC
Since this issue was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release. As a temporary workaround, the following works to disable SSL verification: from Lukas Zapletal <lzap>: "locate rvovirt.rb file and change the VERIFY_PEER to VERIFY_NONE [root@hp-sl2x170zg6-01 ~]# locate rbovirt.rb /opt/rh/ruby193/root/usr/share/gems/gems/rbovirt-0.0.28/lib/rbovirt.rb [root@hp-sl2x170zg6-01 ~]# grep VERIFY_PEER /opt/rh/ruby193/root/usr/share/gems/gems/rbovirt-0.0.28/lib/rbovirt.rb verify_options = {:verify_ssl => OpenSSL::SSL::VERIFY_PEER} Then restart Satellite 6: service httpd restart" Rich, can you share with me how you deployed the certificate? Is this documented in RHEV materials? I would like to reproduce. We followed the instructions documented in the RHEV 3.2/3.3 documentation (https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.3/html-single/Administration_Guide/index.html#Replacing_the_SSL_certificate_used_by_Red_Hat_Enterprise_Virtualization_Manager_to_identify_itself_to_users_connecting_over_https) to replace the default self-signed certificate with the wildcard certificate. I'm getting this same error with Satellite 6.0.4 using RHEV 3.4 with a custom certificate, which was issued by IPA/IdM. This is not a wildcard cert, but it's not the RHEV-generated cert either. The Compute Resource never actually gets to the point of trying the username/password. Created redmine issue http://projects.theforeman.org/issues/7516 from this bug Ok I am closing this issue because I am unable to reproduce. I was able to setup my oVirt/RHEV with wildcard certs easily. There is other issue/bug which is very relevant to this problem: https://bugzilla.redhat.com/show_bug.cgi?id=1143941 http://projects.theforeman.org/issues/7522 Until it was not resolved, I was not able to setup *any* other CA than the self-signed cert from RHEV. Therefore I believe the bug solved your error. In any case, feel free to reopen if you still think this is an issue. The 1143941 is scheduled for 6.1 release. |