Description of problem: Today the installer ask to users if the CA Cert is already imported locally. Example: ------------ ? SSH Public Key /home/douglas/.ssh/id_rsa.pub ? Platform ovirt ? oVirt API endpoint URL https://engine.medogz.home ? Is the oVirt CA trusted locally? [? for help] (Y/n) ^--------- here How this can affect the installation? ------------------------------------------- Not all users will know if it is already imported or how to import it. Even with documentation it can be challenge. What's expected? ---------------------- The installer detect if the CA cert from Engine is already imported in the system or not.
Verified on: 4.6.0-0.nightly-2020-07-22-074636 Steps: 1. have the CA certificate imported in the machine beforehand: # curl -k 'https://<engine-fqdn>/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA' -o /tmp/ca.pem # cp /tmp/ca.pem /etc/pki/ca-trust/source/anchors/ca.pem && update-ca-trust 2. # openshift-install create cluster --log-level=debug --dir=resources Results: Installation succeeded and no message asking if "Is the oVirt CA trusted locally"
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196