Bug 1845877
| Summary: | [RFE] Collect information about RHV PKI | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Juan Orti Alcaine <jortialc> | |
| Component: | ovirt-log-collector | Assignee: | Lev Veyde <lveyde> | |
| Status: | CLOSED ERRATA | QA Contact: | Pavol Brilla <pbrilla> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | low | |||
| Version: | 4.3.9 | CC: | emarcus, gdeolive, mkalinin, mmartinv, rhodain | |
| Target Milestone: | ovirt-4.4.6 | Keywords: | FutureFeature, Rebase, TestOnly, ZStream | |
| Target Release: | 4.4.6 | |||
| Hardware: | Unspecified | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | sos-4.0-11.el8 | Doc Type: | Enhancement | |
| Doc Text: |
This release adds the gathering of oVirt/RHV related certificates to allow easier debugging of issues for faster customer help and issue resolution.
Information from certificates is now included as part of the sosreport. Note that no corresponding private key information is gathered, due to security considerations.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 1848095 (view as bug list) | Environment: | ||
| Last Closed: | 2021-06-01 13:22:11 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | Integration | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 1848095 | |||
| Bug Blocks: | 902971 | |||
| Deadline: | 2020-07-31 | |||
Moving to NEW as we have a dep bug. Sent a PR to the sosreport github repo for review: https://github.com/sosreport/sos/pull/2364 Re-targeting to 4.4.6 since the sos build we depends on is targeted to RHEL 8.4. yum deplist ovirt-log-collector-4.4.4-1.el8ev.noarch | grep sos Last metadata expiration check: 0:20:20 ago on Wed 12 May 2021 11:48:08 AM IDT. dependency: sos >= 3.7 provider: sos-4.0-11.el8.noarch Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: RHV Manager security update (ovirt-engine) [ovirt-4.4.6]), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2179 |
In the sosreports generated by ovirt-log-collector I'm missing information about the PKI certificates. It'd be helpful to have this information: # Engine openssl x509 -in /etc/pki/ovirt-engine/ca.pem -text -noout openssl x509 -in /etc/pki/ovirt-engine/apache-ca.pem -text -noout openssl x509 -in /etc/pki/ovirt-engine/certs/engine.cer -text -noout openssl x509 -in /etc/pki/ovirt-engine/certs/apache.cer -text -noout openssl x509 -in /etc/pki/ovirt-engine/certs/websocket-proxy.cer -text -noout openssl x509 -in /etc/pki/ovirt-engine/certs/jboss.cer -text -noout openssl x509 -in /etc/pki/ovirt-engine/certs/imageio-proxy.cer -text -noout openssl x509 -in /etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer -text -noout TRUSTSTORE_PASS="mypass" keytool -list -storepass:env TRUSTSTORE_PASS -rfc -keystore /etc/pki/ovirt-engine/.truststore TRUSTSTORE_PASS="changeit" keytool -list -storepass:env TRUSTSTORE_PASS -rfc -keystore /var/lib/ovirt-engine/external_truststore # Hosts openssl x509 -in /etc/pki/vdsm/certs/vdsmcert.pem -text -noout openssl x509 -in /etc/pki/vdsm/certs/cacert.pem -text -noout openssl x509 -in /etc/pki/vdsm/libvirt-spice/server-cert.pem -text -noout openssl x509 -in /etc/pki/vdsm/libvirt-spice/ca-cert.pem -text -noout openssl x509 -in /etc/pki/vdsm/libvirt-vnc/server-cert.pem -text -noout openssl x509 -in /etc/pki/vdsm/libvirt-vnc/ca-cert.pem -text -noout