Bug 1286607

Summary: RHEV-M upgrade to 3.5.4 fails with error "Command '/usr/bin/openssl' failed to execute" for custom apache.p12
Product: Red Hat Enterprise Virtualization Manager Reporter: rhev-integ
Component: ovirt-engineAssignee: Yedidyah Bar David <didi>
Status: CLOSED ERRATA QA Contact: Gonza <grafuls>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.5.4CC: bazulay, dfediuck, ecohen, gklein, grafuls, iheim, lsurette, nashok, pstehlik, rbalakri, Rhev-m-bugs, sbonazzo, yeylon, ylavi
Target Milestone: ovirt-3.5.7Keywords: ZStream
Target Release: 3.5.7   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: integration
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1260752 Environment:
Last Closed: 2016-01-12 20:40:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Integration RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1260752    
Bug Blocks:    

Comment 1 Yedidyah Bar David 2015-11-30 10:37:34 UTC 
Note to QE (copied from cloned bug 1260752 comment 7):

Current patch makes engine-setup output the following in such a case:

 [WARNING] Failed to read or parse '/etc/pki/ovirt-engine/keys/apache.p12'
           Perhaps it was changed since last Setup.
           Error was:
           Mac verify error: invalid password?

It will do that twice per file - once during customization, right before asking whether to renew the CA, and again while actually renewing.

I personally verified that by just changing the passphrase of apache.p12 and websocket-proxy.p12 .

Please try also other combinations, e.g. also engine.p12 or jboss.p12 (might break stuff, doc (link above) mentions only apache.p12), and also by using a key/cert signed by a 3rd party CA, both using passphrase 'mypass' and something different.
Comment 2 Gonza 2015-12-21 15:26:46 UTC 
Verified with:
ovirt-engine-3.4.4-1.el6.noarch -> ovirt-engine-3.5.7.1-0.0.master.20151220162429.git1e35eec.el6.noarch
Comment 5 errata-xmlrpc 2016-01-12 20:40:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0029.html