Bug 2077907
| Summary: | vmconsole-proxy-helper.cer not refreshed by engine-setup | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Andreas Bleischwitz <ableisch> |
| Component: | ovirt-engine | Assignee: | Nobody <nobody> |
| Status: | CLOSED DUPLICATE | QA Contact: | meital avital <mavital> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.4.10 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-04-22 15:01:29 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 1988496 *** |
Description of problem: Serial console connection wasn't working after some time. Further analysis showed that the engine.log stated the following: ~~~ 2022-04-22 16:05:59,267+02 ERROR [org.ovirt.engine.core.services.VMConsoleProxyServlet] (default task-322) [] Error validating ticket: : sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) .... ~~~ Following the path of vmconsole-proxy, I found that /etc/pki/ovirt-engine/certs/vmconsole-proxy-helper.cer expired: ~~~ # openssl x509 -in /etc/pki/ovirt-engine/certs/vmconsole-proxy-helper.cer -noout -dates notBefore=Dec 3 14:35:40 2020 GMT notAfter=Jan 6 14:35:40 2022 GMT ~~~ Setting OVESETUP_VMCONSOLE_PROXY_CONFIG/vmconsoleProxyConfig=bool to False and re-running engine-setup with --reconfigure-optional-components didn't re-create that expired certificate. Version-Release number of selected component (if applicable): rhvm-4.4.10.7-0.4.el8ev.noarch How reproducible: Always (after 2 years) Steps to Reproduce: 1. Install rhv, enable vmconsole 2. step-tick clock 2+ years ahead 3. see ssh-vmconsole connection failing even after re-running engine-setup Actual results: engine-setup misses to update vmconsole-proxy-helper.cer Expected results: engine-setup checks validity of vmconsole-proxy-helper.cer and re-creates if required. Additional info: