Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1370169 - Satellite 6.2 is unable to download CA certificate from RHEV 4.0
Summary: Satellite 6.2 is unable to download CA certificate from RHEV 4.0
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Compute Resources - RHEV
Version: 6.2.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: Unspecified
Assignee: Lukas Zapletal
QA Contact: Peter Ondrejka
URL:
Whiteboard:
: 1375602 1388749 (view as bug list)
Depends On:
Blocks: 1375606 1426391
TreeView+ depends on / blocked
 
Reported: 2016-08-25 12:37 UTC by Sebastian Hetze
Modified: 2020-06-11 12:57 UTC (History)
22 users (show)

Fixed In Version: foreman-1.11.0.75-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1426391 (view as bug list)
Environment:
Last Closed: 2017-05-01 13:53:56 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
vms-rhev3 (33.48 KB, image/png)
2017-03-30 08:46 UTC, Peter Ondrejka 		no flags Details
vms-rhev4 (23.61 KB, image/png)
2017-03-30 08:48 UTC, Peter Ondrejka 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 15163 0 Normal Closed Use new oVirt CA cert endpoint 2021-02-04 08:34:54 UTC
Red Hat Bugzilla 1393928 0 medium CLOSED Support for RHEV 4.0 in Satellite 6.2 is missing certificate download 2021-02-22 00:41:40 UTC
Red Hat Product Errata RHBA-2017:1191 0 normal SHIPPED_LIVE Satellite 6.2.9 Async Bug Release 2017-05-01 17:49:42 UTC

Internal Links: 1393928

Description Sebastian Hetze 2016-08-25 12:37:06 UTC 
Description of problem:

When adding a RHV4 compute resource, the requrired X509 Certification Authorities is not loaded automatically.

Version-Release number of selected component (if applicable):
foreman 1.11.0.49

How reproducible:
always

Steps to Reproduce:
1. add new compute resource type RHEV with RHV-4.0 backend


Actual results:
 X509 field contains error message
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /ca.crt was not found on this server.</p>
</body></html>

Expected results:
proper x509 cert

Additional info:
The URL to download the ca.crt must be changed into 
http://rhv4-fqdn//ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA
Comment 1 Ohad Levy 2016-08-25 12:41:16 UTC 
Connecting redmine issue http://projects.theforeman.org/issues/15163 from this bug
Comment 2 Bryan Kearney 2016-08-25 14:19:00 UTC 
Moving to POST since upstream bug http://projects.theforeman.org/issues/15163 has been closed
Comment 4 Lukas Zapletal 2016-09-23 07:53:07 UTC 
*** Bug 1375602 has been marked as a duplicate of this bug. ***
Comment 6 Steven Mercurio 2016-10-18 04:04:51 UTC 
I managed to get past the ca.crt was not found on this server error by manually pasting in the ca crt.  My next problem though is I get a "404 Resource Not Found" error on the URL line.  Has the https://satellite.example.com/api URL changed as well or is this still somehow related to the certificate error?
Comment 7 Wilson Harris 2016-10-26 16:28:22 UTC 
Hey Steven,

I was hitting the same issue. I was able to fix it by using the below in the url field.

https://rhevm.example.com/ovirt-engine/api

I am now hitting a new Error though "undefined method `+' for nil:NilClass". This happens when clicking the "load datacenters" button.
Comment 8 Greg Procunier 2016-10-27 21:07:33 UTC 
Confirmed as well.

As of satellite-6.2.3-1.0.el7sat adding a RHEV4 compute resources fails to use the correct method to get the server certificate.

If you manually paste the extracted ca.crt into the certificate box in the GUI it then fails with 

2016-10-27 16:46:02 [app] [W] Action failed
 | NoMethodError: undefined method `+' for nil:NilClass
 | /opt/theforeman/tfm/root/usr/share/gems/gems/rbovirt-0.0.37/lib/ovirt/base_object.rb:13:in `parse_version'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/rbovirt-0.0.37/lib/ovirt/datacenter.rb:21:in `block in parse_xml_attributes!'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/nokogiri-1.6.6.2/lib/nokogiri/xml/node_set.rb:187:in `block in each'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/nokogiri-1.6.6.2/lib/nokogiri/xml/node_set.rb:186:in `upto'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/nokogiri-1.6.6.2/lib/nokogiri/xml/node_set.rb:186:in `each'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/rbovirt-0.0.37/lib/ovirt/datacenter.rb:20:in `collect'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/rbovirt-0.0.37/lib/ovirt/datacenter.rb:20:in `parse_xml_attributes!'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/rbovirt-0.0.37/lib/ovirt/datacenter.rb:8:in `initialize'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/rbovirt-0.0.37/lib/client/datacenter_api.rb:16:in `new'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/rbovirt-0.0.37/lib/client/datacenter_api.rb:16:in `block in datacenters'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/nokogiri-1.6.6.2/lib/nokogiri/xml/node_set.rb:187:in `block in each'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/nokogiri-1.6.6.2/lib/nokogiri/xml/node_set.rb:186:in `upto'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/nokogiri-1.6.6.2/lib/nokogiri/xml/node_set.rb:186:in `each'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/rbovirt-0.0.37/lib/client/datacenter_api.rb:15:in `collect'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/rbovirt-0.0.37/lib/client/datacenter_api.rb:15:in `datacenters'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/fog-1.38.0/lib/fog/ovirt/requests/compute/datacenters.rb:6:in `datacenters'
 | /usr/share/foreman/app/models/compute_resources/foreman/model/ovirt.rb:328:in `client'
 | /usr/share/foreman/app/models/compute_resources/foreman/model/ovirt.rb:371:in `update_available_operating_systems'
 | /usr/share/foreman/app/models/compute_resources/foreman/model/ovirt.rb:328:in `client'
 | /usr/share/foreman/app/models/compute_resources/foreman/model/ovirt.rb:371:in `update_available_operating_systems'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/callbacks.rb:424:in `block in make_lambda'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/callbacks.rb:160:in `call'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/callbacks.rb:160:in `block in halting'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/callbacks.rb:166:in `call'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/callbacks.rb:166:in `block in halting'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/callbacks.rb:166:in `call'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/callbacks.rb:166:in `block in halting'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/callbacks.rb:86:in `call'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/callbacks.rb:86:in `run_callbacks'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activemodel-4.1.5/lib/active_model/validations/callbacks.rb:111:in `run_validations!'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activemodel-4.1.5/lib/active_model/validations.rb:318:in `valid?'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activerecord-4.1.5/lib/active_record/validations.rb:70:in `valid?'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activerecord-4.1.5/lib/active_record/validations.rb:77:in `perform_validations'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activerecord-4.1.5/lib/active_record/validations.rb:51:in `save'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activerecord-4.1.5/lib/active_record/attribute_methods/dirty.rb:21:in `save'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activerecord-4.1.5/lib/active_record/transactions.rb:268:in `block (2 levels) in save'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activerecord-4.1.5/lib/active_record/transactions.rb:329:in `block in with_transaction_returning_status'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activerecord-4.1.5/lib/active_record/connection_adapters/abstract/database_statements.rb:201:in `block in transaction'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activerecord-4.1.5/lib/active_record/connection_adapters/abstract/database_statements.rb:209:in `within_new_transaction'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activerecord-4.1.5/lib/active_record/connection_adapters/abstract/database_statements.rb:201:in `transaction'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activerecord-4.1.5/lib/active_record/transactions.rb:208:in `transaction'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activerecord-4.1.5/lib/active_record/transactions.rb:326:in `with_transaction_returning_status'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activerecord-4.1.5/lib/active_record/transactions.rb:268:in `block in save'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activerecord-4.1.5/lib/active_record/transactions.rb:283:in `rollback_active_record_state!'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activerecord-4.1.5/lib/active_record/transactions.rb:267:in `save'
 | /usr/share/foreman/app/controllers/compute_resources_controller.rb:27:in `create'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/actionpack-4.1.5/lib/action_controller/metal/implicit_render.rb:4:in `send_action'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/actionpack-4.1.5/lib/abstract_controller/base.rb:189:in `process_action'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/actionpack-4.1.5/lib/action_controller/metal/rendering.rb:10:in `process_action'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/actionpack-4.1.5/lib/abstract_controller/callbacks.rb:20:in `block in process_action'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/callbacks.rb:113:in `call'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/callbacks.rb:113:in `call'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/callbacks.rb:149:in `block in halting_and_conditional'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/callbacks.rb:149:in `call'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/callbacks.rb:149:in `block in halting_and_conditional'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/callbacks.rb:149:in `call'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/callbacks.rb:149:in `block in halting_and_conditional'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/callbacks.rb:149:in `call'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/callbacks.rb:149:in `block in halting_and_conditional'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/callbacks.rb:299:in `call'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/callbacks.rb:299:in `block (2 levels) in halting'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/rails-observers-0.1.2/lib/rails/observers/action_controller/caching/sweeping.rb:73:in `around'
 | /opt/rh/rh-ror41/root/usr/share/gems/gems/rack-1.5.2/lib/rack/urlmap.rb:50:in `call'
 | /usr/share/gems/gems/passenger-4.0.18/lib/phusion_passenger/rack/thread_handler_extension.rb:77:in `process_request'
 | /usr/share/gems/gems/passenger-4.0.18/lib/phusion_passenger/request_handler/thread_handler.rb:140:in `accept_and_process_next_request'
 | /usr/share/gems/gems/passenger-4.0.18/lib/phusion_passenger/request_handler/thread_handler.rb:108:in `main_loop'
 | /usr/share/gems/gems/passenger-4.0.18/lib/phusion_passenger/request_handler.rb:441:in `block (3 levels) in start_threads'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/logging-1.8.2/lib/logging/diagnostic_context.rb:323:in `call'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/logging-1.8.2/lib/logging/diagnostic_context.rb:323:in `block in create_with_logging_context'
2016-10-27 16:46:02 [app] [I]   Rendered common/500.html.erb within layouts/application (1.6ms)
2016-10-27 16:46:02 [app] [I]   Rendered layouts/_application_content.html.erb (0.3ms)
2016-10-27 16:46:02 [app] [I]   Rendered layouts/base.html.erb (1.1ms)
2016-10-27 16:46:02 [app] [I] Completed 500 Internal Server Error in 106ms (Views: 4.1ms | ActiveRecord: 2.5ms)
Comment 9 Ian Tewksbury 2016-11-21 20:54:56 UTC 
I am seeing this as well. 

Satellite 6.2.4
RHV 4.0.2.6-0.1.el7ev
Comment 11 Ian Tewksbury 2016-11-21 20:57:34 UTC 
Doing https://MY_RHV_SERVER/ovirt-engine/api/v3 rather then https://MY_RHV_SERVER/ovirt-engine/api fixed the "undefined method `+' for nil:NilClass" error for me.
Comment 12 Steven Mercurio 2016-11-21 22:19:59 UTC 
Using this:

https://rhevm.example.com/ovirt-engine/api/v3

in conjunction with pasting in the right cert DOES allow me to list datacenters BUT when I click "test Connection"  I get:

401 Unauthorized
Comment 13 Ian Tewksbury 2016-11-22 11:32:13 UTC 
@Steve,

I am no expert, but that sounds like something is wrong with your credentials. Have you verified your RHV credentials are correct?
Comment 14 Lukas Zapletal 2016-11-22 11:55:06 UTC 
Guys,

this is a regression in Satellite 6.2 with RHEV 4.0, the CA certificate of the RHEV 4.0+ cannot be automatically downloaded. This happens when the CA field in the Compute Resource detail is empty (Satellite automatically downloads it from RHEV). This has been changed in RHEV 4.0, therefore we need to backport a change into Satellite 6.2 to change the source URL (which is no longer valid in 4.0).

This bug is scheduled for the next z-stream release, until then, you need to get the CA certificate from RHEV 4 and paste it into Satellite 6 RHEV Compute Resource manually as a whole PEM block (BEGIN CERTIFICATE / END CERTIFICATE). If the server is not self-signed, paste all certificates concatenated one after each other.

I can't tell where you can find the certificate in RHEV 4.0, I assume somewhere in the Administer UI.
Comment 15 Ian Tewksbury 2016-11-22 12:04:36 UTC 
Lukas,

The foreman bug, http://projects.theforeman.org/issues/15163, gives the following sugestion for downloading the CA for RHV 4.0, and it worked for me.

/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA
Comment 16 Peter Ondrejka 2016-11-22 15:11:23 UTC 
Verified in Satellite 6.3 snap 6 together with rhev 4.0.3-0.1.el7ev. When using the .../ovirt-engine/api path, I'm able to load the datacenters, I get the X509 field populated, can succesfully test the connection and create the CR.
Comment 17 Steven Mercurio 2016-11-22 15:56:56 UTC 
(In reply to Ian Tewksbury from comment #13)
> @Steve,
> 
> I am no expert, but that sounds like something is wrong with your
> credentials. Have you verified your RHV credentials are correct?

Yes,

My credentials are right.  Even admin@internal gives me the same result.
Comment 18 Lukas Zapletal 2016-11-23 10:15:45 UTC 
Steven, make sure you have the correct server certificate in the form. Due this bug, you can't simply delete it because auto-negotiation won't work, you need to pastebin it manually from RHEV.
Comment 19 Shlomi Zadok 2016-12-21 11:27:24 UTC 
*** Bug 1388749 has been marked as a duplicate of this bug. ***
Comment 20 Satellite Program 2017-02-23 21:09:11 UTC 
Please add verifications steps for this bug to help QE verify
Comment 21 Lukas Zapletal 2017-02-24 12:59:41 UTC 
QA steps:

1) Define RHEV 4 compute resource
2) Submit
3) List VMs
Comment 22 Tom Gamull 2017-03-01 13:52:12 UTC 
Is this for Sat 6.2 or Sat 6.3? https://bugzilla.redhat.com/show_bug.cgi?id=1426391 seems to indicate the latter but the flag is 6.2.  I don't think it matters but if for both can the documentation be updated to reflect the workaround?
Comment 23 Lukas Zapletal 2017-03-01 15:33:59 UTC 
This is for 6.2.
Comment 26 Lukas Zapletal 2017-03-21 13:05:28 UTC 
********** UPDATED QA steps ********** 

1) Define RHEV 4 compute resource
2) Submit
3) List VMs

1) Define RHEV 3.3 (or older) compute resource
2) Submit
3) List VMs

Make sure to test twice, on 4.0 and 3.3 or older RHEV to verify regressions please.
Comment 27 Peter Ondrejka 2017-03-30 08:46:53 UTC 
Created attachment 1267445 [details]
vms-rhev3
Comment 28 Peter Ondrejka 2017-03-30 08:48:30 UTC 
Created attachment 1267446 [details]
vms-rhev4
Comment 29 Peter Ondrejka 2017-03-30 08:50:05 UTC 
Verified in 6.2.9-2 using rhev3 and rhev4, compute resources.
Comment 30 Ian Tewksbury 2017-03-30 10:43:39 UTC 
Thank you everyone who has worked on this. Your dedication is very much appreciated.
Comment 32 errata-xmlrpc 2017-05-01 13:53:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1191
Note You need to log in before you can comment on or make changes to this bug.