Description of problem: In order for the Image Upload functionality to have secure communication to the proxy during the upload process, some PKI setup during engine-setup is required. Specifically, a key/cert pair needs to be created and the proper proxy hostname needs to be written to the database so that the certificate verification will succeed. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Install the ovirt-engine, ovirt-image-proxy, and ovirt-image-proxy-setup packages. 2. Run engine-setup. 3. Add a host and storage. 4. Attempt an Image Upload. Actual results: The upload is soon "Paused by System" due to connection errors. Expected results: The upload should succeed (or at least not have any connection and/or configuration errors). Additional info:
FYI, you probably want to have your browser or OS trust the engine CA cert, which may require manual steps if your engine cert is self-signed. To do this, after running engine-setup, follow the instructions here: http://unix.stackexchange.com/questions/90450/adding-a-self-signed-certificate-to-the-trusted-list The certificate can be retrieved with the following command (all one line): wget -O engine-ca.pem http://<YOUR ENGINE ADDRESS>/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA
Bug tickets must have version flags set prior to targeting them to a release. Please ask maintainer to set the correct version flags and only then set the target milestone.
Amit, is there anything to document here?
No, The resolution for this bug is transparent for the user.
(In reply to Amit Aviram from comment #5) > No, The resolution for this bug is transparent for the user. So, is there a way to test this except for just uploading a file?
(In reply to Natalie Gavrielov from comment #7) > (In reply to Amit Aviram from comment #5) > > No, The resolution for this bug is transparent for the user. > > So, is there a way to test this except for just uploading a file? Just make sure you use https, and not http. if you can upload a file, this bug can be verified. Thanks
Verified using: rhevm-4.0.2-0.1.rc.el7ev.noarch ovirt-imageio-proxy-0.3.0-0.el7ev.noarch ovirt-imageio-common-0.3.0-0.el7ev.noarch ovirt-imageio-daemon-0.3.0-0.el7ev.noarch vdsm-4.18.8-1.el7ev.x86_64