Bug 1783337 - Rename tools does not renew certificates and engine config for websocket
Summary: Rename tools does not renew certificates and engine config for websocket
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: Tools.Rename
Version: 4.4.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ovirt-4.4.1
: 4.4.1.7
Assignee: Yedidyah Bar David
QA Contact: Ivana Saranova
URL:
Whiteboard:
Depends On:
Blocks: 1853196
TreeView+ depends on / blocked
 
Reported: 2019-12-13 15:27 UTC by Ivana Saranova
Modified: 2021-07-13 13:26 UTC (History)
3 users (show)

Fixed In Version: ovirt-engine-4.4.1.7
Doc Type: Bug Fix
Doc Text:
Previously, the rename tool did not renew the `websocketproxy` certificates and did not update the value of `WebSocketProxy` in the engine configuration. This caused issues such as the VNC browser console not being able to connect to the server. The current release fixes this issue. Now, `ovirt-engine-rename` handles the websocket proxy correctly. It regenerates the certificate, restarts the service, and updates the value of `WebSocketProxy`.
Clone Of:
Environment:
Last Closed: 2020-08-05 06:25:30 UTC
oVirt Team: Integration
Embargoed:
pm-rhel: ovirt-4.4+
sbonazzo: planning_ack?
sbonazzo: devel_ack+
lleistne: testing_ack+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 110001 0 master MERGED packaging: rename: Handle websocket-proxy 2020-11-19 21:39:14 UTC

Description Ivana Saranova 2019-12-13 15:27:45 UTC 
Description of problem:
After using the rename tool, the websocketproxy certificates are not renewed and WebSocketProxy value in engine config is not updated. This causes for example VNC browser console not connecting to the server.

Version-Release number of selected component (if applicable):
ovirt-engine-4.4.0-0.0.master.20191204120550.git04d5d05.el7.noarch
ovirt-engine-websocket-proxy-4.4.0-0.0.master.20191204120550.git04d5d05.el7.noarch

How reproducible:
Always

Steps to Reproduce:
1. Run rename tool
2. Check websocketproxy certificates, for example subject name
3. Check engine config WebSocketProxy value

Actual results:
Websocketproxy certificates and WebSocketProxy in engine-config contain the old hostname or IP.

Expected results:
Websocketproxy certificates and WebSocketProxy in engine-config contain the new hostname or IP.

Additional info:
Workaround was to change the value in engine-config
``` engine-config -s WebSocketProxy=10-37-137-181.rhev.lab.eng.brq.redhat.com:6100 ```
and renew the certificates like this: https://access.redhat.com/solutions/1289423
Comment 1 Sandro Bonazzola 2019-12-18 08:11:46 UTC 
We need to conside also what happens if websocket proxy is not running on the same host running the engine.
Comment 2 Ivana Saranova 2020-07-13 20:31:06 UTC 
Steps:
1. Run rename tool (also run engine-setup and reboot if needed)
2. Check websocketproxy certificates, for example subject name
`vi /etc/pki/ovirt-engine/certs/websocket-proxy.cer`
3. Check engine config WebSocketProxy value
`engine-config -g WebSocketProxy`


Results:
The Engine config value is correct and the subject CN value in websocket-proxy and apache cers is also correct.
 
However, some records where subject was not correct were found in cers for engine, jboss and vmconsole-proxy-helper. A separate issue for this should be created.

Verified in:
ovirt-engine-4.4.1.8-0.7.el8ev.noarch
ovirt-engine-websocket-proxy-4.4.1.8-0.7.el8ev.noarch
Comment 3 Sandro Bonazzola 2020-08-05 06:25:30 UTC 
This bugzilla is included in oVirt 4.4.1 release, published on July 8th 2020.

Since the problem described in this bug report should be resolved in oVirt 4.4.1 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.
Comment 4 Rolfe Dlugy-Hegwer 2020-08-15 15:45:47 UTC 
Please review the updated Doc Text. Thank you.
Comment 5 Yedidyah Bar David 2020-08-18 06:54:23 UTC 
Looks good to me.
Note You need to log in before you can comment on or make changes to this bug.