Bug 1223826 - rhevm-setup - update - pki: Enroll certs on upgrade if not exist
Summary: rhevm-setup - update - pki: Enroll certs on upgrade if not exist
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ovirt-3.6.0-rc
: 3.6.0
Assignee: Yedidyah Bar David
QA Contact: Gonza
URL:
Whiteboard:
Depends On: 1080542
Blocks: 1224656
TreeView+ depends on / blocked
 
Reported: 2015-05-21 13:44 UTC by Pavel Stehlik
Modified: 2016-03-11 07:29 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1224656 (view as bug list)
Environment:
Last Closed: 2016-03-11 07:29:01 UTC
oVirt Team: Integration
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 41264 0 master MERGED packaging: setup: pki: Enroll certs on upgrade if not exist Never

Description Pavel Stehlik 2015-05-21 13:44:01 UTC 
Description of problem:
 When updating 3.5.1 to 3.5.3 rhevm (and it's upgraded from 3.4 or older) will fail with:
...
2015-05-21 10:55:08 DEBUG otopi.context context.dumpEnvironment:500 ENV OVESETUP_CORE_MODIFIED_LINES_GROUP/ca_pki=dict:'{}'
2015-05-21 10:55:08 DEBUG otopi.context context.dumpEnvironment:500 ENV OVESETUP_DB/connection=NoneType:'None'
?ERROR
    x509 = self._extractPKCS12Certificate(pkcs12)
  File "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py", line 107, in _extractPKCS12Certificate
    self._extractPKCS12CertificateString(pkcs12)
  File "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py", line 99, in _extractPKCS12CertificateString
    '-nokeys',
  File "/usr/lib/python2.6/site-packages/otopi/plugin.py", line 871, in execute
    self.logger.debug(
RuntimeError: Command '/usr/bin/openssl' failed to execute
2015-05-21 10:53:42 ERROR otopi.context context._executeMethod:161 Failed to execute stage 'Misc configuration': Command '/usr/bin/openssl' failed to execute
2015-05-21 10:53:42 DEBUG otopi.transaction transaction.abort:131 aborting 'Yum Transaction'
...

Version-Release number of selected component (if applicable):
rhevm-setup-3.5.3-0.2.el6ev.noarch

How reproducible:
100%

Steps to Reproduce:
1. have 3.5 which was updated from 3.4 already
2. have 3.5
3. yum update rhevm-setup rhevm-dwh-setup rhevm-reports-setup
4. rhevm-setup

Actual results:


Expected results:


Additional info:
There is already patch available https://gerrit.ovirt.org/#/c/41264/
Comment 3 Alon Bar-Lev 2015-05-21 18:03:53 UTC 
it would be great if we stop opening downstream bugs for a component that is not downstream specific nor packaging specific.
Comment 8 Alon Bar-Lev 2015-06-01 07:48:56 UTC 
wrong component: should not be ovirt-engine-config, please move and handle acks.
Comment 10 Max Kovgan 2015-06-28 14:13:08 UTC 
ovirt-3.6.0-3 release
Comment 11 Gonza 2015-07-07 10:16:07 UTC 
Verified with the following:

ovirt-engine-3.4.4-1.el6.noarch
ovirt-engine-dwh-3.4.4-0.1.el6.noarch
ovirt-engine-reports-3.4.4-0.1.el6.noarch

# ls -l /etc/pki/ovirt-engine/*/*reports*
ls: cannot access /etc/pki/ovirt-engine/*/*reports*: No such file or directory

*** Upgraded to 3.5 ***

ovirt-engine-3.5.3.1-1.el6.noarch
ovirt-engine-dwh-3.5.3-1.el6.noarch
ovirt-engine-reports-3.5.3-1.el6.noarch

# ls -l /etc/pki/ovirt-engine/*/*reports*
ls: cannot access /etc/pki/ovirt-engine/*/*reports*: No such file or directory

*** Upgraded to 3.6 ***

ovirt-engine-3.6.0-0.0.master.20150627185750.git6f063c1.el6.noarch
ovirt-engine-dwh-3.6.0-0.0.master.20150617151108.20150617150804.gitfccbb7a.el6.noarch
ovirt-engine-reports-3.6.0-0.0.master.20150624094644.20150624094424.git019fd83.el6.noarch

# ls -l /etc/pki/ovirt-engine/*/*reports*
-rw-r--r--. 1 root root 1793 Jul  3 17:48 /etc/pki/ovirt-engine/certs/reports.cer
-rw-r--r--. 1 root root 5114 Jul  3 17:48 /etc/pki/ovirt-engine/certs/reports.cer.20150703174827
-rw-------. 1 root root 1828 Jul  3 17:48 /etc/pki/ovirt-engine/keys/reports.key.nopass
-rw-------. 1 root root 2733 Jul  3 17:48 /etc/pki/ovirt-engine/keys/reports.p12
-rw-r--r--. 1 root root  863 Jul  3 17:48 /etc/pki/ovirt-engine/requests/reports.req
Note You need to log in before you can comment on or make changes to this bug.