Description of problem: By default log collector points to: /etc/pki/ovirt-engine/ca.pem what is wrong in my honest opinion because I think it should point out to apache-ca.pem (it uses REST API so should depend on apache's cert, not ca.pem) At the beginning (default installation) /etc/pki/ovirt-engine/apache-ca.pem is the same as /etc/pki/ovirt-engine/ca.pem If customer replaces RHV-M SSL certificate with his/her organization's commercially signed certificate, then he experiences an issue: ERROR: Failure fetching information about hypervisors from API. Error (Error): ('Error while sending HTTP request', error(60, "Peer's Certificate issuer is not recognized.")) ERROR: _get_hypervisors_from_api: ('Error while sending HTTP request', error(60, "Peer's Certificate issuer is not recognized.")) Version-Release number of selected component (if applicable): RHV 3.x, 4.x How reproducible: always Steps to Reproduce: 1. replace certificate according to: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.0/html/administration_guide/appe-red_hat_enterprise_virtualization_and_ssl#Replacing_the_Manager_SSL_Certificate 2. run ovirt-log-collector Actual results: ERROR: Failure fetching information about hypervisors from API. Error (Error): ('Error while sending HTTP request', error(60, "Peer's Certificate issuer is not recognized.")) ERROR: _get_hypervisors_from_api: ('Error while sending HTTP request', error(60, "Peer's Certificate issuer is not recognized.")) Expected results: ovirt-log-collectors uses: /etc/pki/ovirt-engine/apache-ca.pem Additional info: There is easy fix of this problem: vim /etc/ovirt-engine/logcollector.conf cert-file=/etc/pki/ovirt-engine/apache-ca.pem But it should be by default.
verified in ovirt-log-collector-4.2.0-0.0.master.20170903141131.gitbd2607f.el7.centos.noarch [root@ls-engine1 ~]# grep DEFAULT_CA_PEM /usr/lib/python2.7/site-packages/ovirt_log_collector/config.py DEFAULT_CA_PEM = "/etc/pki/ovirt-engine/apache-ca.pem"
ovirt-log-collector-4.2.4-5.el7ev.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1465
*** Bug 1146710 has been marked as a duplicate of this bug. ***
BZ<2>Jira Resync