Bug 1839895 (OCPRHV-82-4.5) - OCPRHV-82: RFE: Installer should detect if CA cert from Engine is already imported locally
Summary: OCPRHV-82: RFE: Installer should detect if CA cert from Engine is already imp...
Keywords:
Status: CLOSED ERRATA
Alias: OCPRHV-82-4.5
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.5
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: ---
: 4.6.0
Assignee: Douglas Schilling Landgraf
QA Contact: Guilherme Santos
URL: https://issues.redhat.com/browse/OCPR...
Whiteboard:
Depends On: OCPRHV-176 1850723
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-05-25 21:16 UTC by Douglas Schilling Landgraf
Modified: 2020-10-27 16:01 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-27 16:01:02 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 3637 0 None closed oVirt: general improvements 2021-01-14 10:03:17 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 16:01:27 UTC

Description Douglas Schilling Landgraf 2020-05-25 21:16:13 UTC
Description of problem:

Today the installer ask to users if the CA Cert is already imported locally.

Example:
------------
? SSH Public Key /home/douglas/.ssh/id_rsa.pub
? Platform ovirt
? oVirt API endpoint URL https://engine.medogz.home
? Is the oVirt CA trusted locally? [? for help] (Y/n) 

                       ^--------- here


How this can affect the installation?
-------------------------------------------
Not all users will know if it is already imported or how to import it. Even with documentation it can be challenge.
     

What's expected?
----------------------
The installer detect if the CA cert from Engine is already imported in the system or not.

Comment 5 Guilherme Santos 2020-07-22 13:07:33 UTC
Verified on:
4.6.0-0.nightly-2020-07-22-074636

Steps:
1. have the CA certificate imported in the machine beforehand:
# curl -k 'https://<engine-fqdn>/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA' -o /tmp/ca.pem
# cp /tmp/ca.pem /etc/pki/ca-trust/source/anchors/ca.pem && update-ca-trust
2. # openshift-install create cluster --log-level=debug --dir=resources

Results:
Installation succeeded and no message asking if "Is the oVirt CA trusted locally"

Comment 7 errata-xmlrpc 2020-10-27 16:01:02 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196


Note You need to log in before you can comment on or make changes to this bug.