1286607 – RHEV-M upgrade to 3.5.4 fails with error "Command '/usr/bin/openssl' failed to execute" for custom apache.p12

Bug 1286607 - RHEV-M upgrade to 3.5.4 fails with error "Command '/usr/bin/openssl' failed to execute" for custom apache.p12

Summary: RHEV-M upgrade to 3.5.4 fails with error "Command '/usr/bin/openssl' failed ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine
Sub Component:
Version:	3.5.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	ovirt-3.5.7
Target Release:	3.5.7
Assignee:	Yedidyah Bar David
QA Contact:	Gonza
Docs Contact:
URL:
Whiteboard:	integration
Depends On:	1260752
Blocks:
TreeView+	depends on / blocked

Reported:	2015-11-30 10:18 UTC by rhev-integ
Modified:	2021-08-30 13:48 UTC (History)
CC List:	14 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1260752
Environment:
Last Closed:	2016-01-12 20:40:42 UTC
oVirt Team:	Integration
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHV-43204	None	None	None	2021-08-30 12:07:32 UTC
Red Hat Knowledge Base (Solution)	1605173	None	None	None	Never
Red Hat Product Errata	RHBA-2016:0029	normal	SHIPPED_LIVE	Red Hat Enterprise Virtualization Manager 3.5.7 update	2016-01-13 01:39:40 UTC
oVirt gerrit	49172	master	MERGED	packaging: setup: pki: Do not fail if pkcs12 unreadable	Never
oVirt gerrit	49408	ovirt-engine-3.6	MERGED	packaging: setup: pki: Do not fail if pkcs12 unreadable	Never
oVirt gerrit	49409	ovirt-engine-3.5	MERGED	packaging: setup: pki: Do not fail if pkcs12 unreadable	Never

Comment 1 Yedidyah Bar David 2015-11-30 10:37:34 UTC

Note to QE (copied from cloned bug 1260752 comment 7):

Current patch makes engine-setup output the following in such a case:

 [WARNING] Failed to read or parse '/etc/pki/ovirt-engine/keys/apache.p12'
           Perhaps it was changed since last Setup.
           Error was:
           Mac verify error: invalid password?

It will do that twice per file - once during customization, right before asking whether to renew the CA, and again while actually renewing.

I personally verified that by just changing the passphrase of apache.p12 and websocket-proxy.p12 .

Please try also other combinations, e.g. also engine.p12 or jboss.p12 (might break stuff, doc (link above) mentions only apache.p12), and also by using a key/cert signed by a 3rd party CA, both using passphrase 'mypass' and something different.

Comment 2 Gonza 2015-12-21 15:26:46 UTC

Verified with:
ovirt-engine-3.4.4-1.el6.noarch -> ovirt-engine-3.5.7.1-0.0.master.20151220162429.git1e35eec.el6.noarch

Comment 5 errata-xmlrpc 2016-01-12 20:40:42 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0029.html

Note You need to log in before you can comment on or make changes to this bug.