Bug 1839895 (OCPRHV-82-4.5)

Summary: OCPRHV-82: RFE: Installer should detect if CA cert from Engine is already imported locally
Product: OpenShift Container Platform Reporter: Douglas Schilling Landgraf <dougsland>
Component: InstallerAssignee: Douglas Schilling Landgraf <dougsland>
Installer sub component: OpenShift on RHV QA Contact: Guilherme Santos <gdeolive>
Status: CLOSED ERRATA Docs Contact:
Severity: low    
Priority: medium CC: hpopal
Version: 4.5   
Target Milestone: ---   
Target Release: 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
URL: https://issues.redhat.com/browse/OCPRHV-82
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-27 16:01:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1846366, 1850723    
Bug Blocks:    

Description Douglas Schilling Landgraf 2020-05-25 21:16:13 UTC 
Description of problem:

Today the installer ask to users if the CA Cert is already imported locally.

Example:
------------
? SSH Public Key /home/douglas/.ssh/id_rsa.pub
? Platform ovirt
? oVirt API endpoint URL https://engine.medogz.home
? Is the oVirt CA trusted locally? [? for help] (Y/n) 

                       ^--------- here


How this can affect the installation?
-------------------------------------------
Not all users will know if it is already imported or how to import it. Even with documentation it can be challenge.
     

What's expected?
----------------------
The installer detect if the CA cert from Engine is already imported in the system or not.
Comment 5 Guilherme Santos 2020-07-22 13:07:33 UTC 
Verified on:
4.6.0-0.nightly-2020-07-22-074636

Steps:
1. have the CA certificate imported in the machine beforehand:
# curl -k 'https://<engine-fqdn>/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA' -o /tmp/ca.pem
# cp /tmp/ca.pem /etc/pki/ca-trust/source/anchors/ca.pem && update-ca-trust
2. # openshift-install create cluster --log-level=debug --dir=resources

Results:
Installation succeeded and no message asking if "Is the oVirt CA trusted locally"
Comment 7 errata-xmlrpc 2020-10-27 16:01:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196