1839895 – (OCPRHV-82-4.5) OCPRHV-82: RFE: Installer should detect if CA cert from Engine is already imported locally

Bug 1839895 (OCPRHV-82-4.5) - OCPRHV-82: RFE: Installer should detect if CA cert from Engine is already imported locally

Summary: OCPRHV-82: RFE: Installer should detect if CA cert from Engine is already imp...

Keywords:
Status:	CLOSED ERRATA
Alias:	OCPRHV-82-4.5
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	4.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	low
Target Milestone:	---
Target Release:	4.6.0
Assignee:	Douglas Schilling Landgraf
QA Contact:	Guilherme Santos
Docs Contact:
URL:	https://issues.redhat.com/browse/OCPR...
Whiteboard:
Depends On:	OCPRHV-176 1850723
Blocks:
TreeView+	depends on / blocked

Reported:	2020-05-25 21:16 UTC by Douglas Schilling Landgraf
Modified:	2020-10-27 16:01 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-10-27 16:01:02 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift installer pull 3637	0	None	closed	oVirt: general improvements	2021-01-14 10:03:17 UTC
Red Hat Product Errata	RHBA-2020:4196	0	None	None	None	2020-10-27 16:01:27 UTC

Description Douglas Schilling Landgraf 2020-05-25 21:16:13 UTC

Description of problem:

Today the installer ask to users if the CA Cert is already imported locally.

Example:
------------
? SSH Public Key /home/douglas/.ssh/id_rsa.pub
? Platform ovirt
? oVirt API endpoint URL https://engine.medogz.home
? Is the oVirt CA trusted locally? [? for help] (Y/n) 

                       ^--------- here


How this can affect the installation?
-------------------------------------------
Not all users will know if it is already imported or how to import it. Even with documentation it can be challenge.
     

What's expected?
----------------------
The installer detect if the CA cert from Engine is already imported in the system or not.

Comment 5 Guilherme Santos 2020-07-22 13:07:33 UTC

Verified on:
4.6.0-0.nightly-2020-07-22-074636

Steps:
1. have the CA certificate imported in the machine beforehand:
# curl -k 'https://<engine-fqdn>/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA' -o /tmp/ca.pem
# cp /tmp/ca.pem /etc/pki/ca-trust/source/anchors/ca.pem && update-ca-trust
2. # openshift-install create cluster --log-level=debug --dir=resources

Results:
Installation succeeded and no message asking if "Is the oVirt CA trusted locally"

Comment 7 errata-xmlrpc 2020-10-27 16:01:02 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196

Note You need to log in before you can comment on or make changes to this bug.