On a clean system install, trying to use virsh connection for accessing the shell for installing the OS inside the Self Hosted Engine VM leads to
# virsh -c qemu+tls:///Test/system console HostedEngine
error: Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file or directory
error: failed to connect to the hypervisor
the '/etc/pki/CA/cacert.pem' is created later when the host is added to the manager by ovirt-host-deploy.
We need to provide /etc/pki/CA/cacert.pem before OS installation for allowing virsh to connect to the hypervisor.
*** Bug 1034679 has been marked as a duplicate of this bug. ***
also server and client certificates are missing, causing libvirt not listening on qemu+tls port.
*** Bug 1035395 has been marked as a duplicate of this bug. ***
Also /etc/pki/libvirt-spice cretificates are generated by ovirt-host-deploy at later stage, so when creating cacert.pem hosted-engine --deploy need to take care of these too.
*** Bug 1056649 has been marked as a duplicate of this bug. ***
As workaround, perform an all-in-one setup, then execute cleanup and deploy hosted-engine or use VNC connection.
*** Bug 1058936 has been marked as a duplicate of this bug. ***
*** Bug 1063576 has been marked as a duplicate of this bug. ***
*** Bug 1067683 has been marked as a duplicate of this bug. ***
Moving back to assigned as /etc/pki/libvirt might not exist.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.