| Summary: | [vdsm][bootstrap] CA for vdsmcert.pem isn't downloaded from rhevm, symlink to vdsmcert.pem is used instead | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Jakub Libosvar <jlibosva> | ||||
| Component: | vdsm | Assignee: | Federico Simoncelli <fsimonce> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Jakub Libosvar <jlibosva> | ||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 6.3 | CC: | abaron, bazulay, iheim, ykaul | ||||
| Target Milestone: | rc | Keywords: | Regression | ||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2012-04-03 10:50:38 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
For some time vdsm was creating a symlink (in vdsm-gencerts.sh) cacert.pem -> vdsmcert.pem. Since bc93adf (Use certtool to generate the certificates) it's not doing it anymore. Could you remove the link and try again with a newer vdsm version? Thanks. vdsm-bootstrap-4.9.6-4.5.noarch fixes the issue. Closing. |
Created attachment 574503 [details] Bootstrap log Description of problem: After host is added to rhevm setup and ssl is used, there is no CA for vdsmcert on host: [root@srh-03 certs]# ll /etc/pki/vdsm/certs/ total 4 lrwxrwxrwx. 1 root root 32 Apr 2 14:48 cacert.pem -> /etc/pki/vdsm/certs/vdsmcert.pem -r--r--r--. 1 vdsm kvm 3581 Apr 2 14:49 vdsmcert.pem As a consequence libvirt cannot create socket with TLS. I think cacert.pem is supposed to be a CA for vdsmcert.pem cause when ca.crt is downloaded from rhevm and cacert is replaced with that, libvirt starts. This is reproducible only on RHEL 6.3, on 6.2 cacert.pem is correct. Version-Release number of selected component (if applicable): ovirt-engine-3.1.0_0001-3.el6.x86_64 vdsm-4.9.6-4.5.x86_64 How reproducible: Always Steps to Reproduce: 1. Have rhel6.3 host 2. Add host to rhevm setup Actual results: Libvirt cannot create socket due to missing CA Expected results: CA is correctly downloaded from rhevm and libvirt starts Additional info: I don't know where the symlink comes from - I tried to catch links created by _linkOrPersist method but no symlink cacert.pem -> vdsmcert.pem was created there. Attaching bootstrap log.