Bug 1855345 - Missing/invalid RHVM certificate
Summary: Missing/invalid RHVM certificate
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.6
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.6.0
Assignee: Douglas Schilling Landgraf
QA Contact: Guilherme Santos
Depends On:
TreeView+ depends on / blocked
Reported: 2020-07-09 15:25 UTC by Peter Larsen
Modified: 2020-10-27 16:13 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2020-10-27 16:13:27 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift installer pull 3940 0 None closed Bug 1855345: ovirt: show more info about PEM file loaded 2020-10-22 06:49:42 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 16:13:28 UTC

Description Peter Larsen 2020-07-09 15:25:58 UTC
Running the installer the first time against RHVM, you're prompted for the RHVM hostname, and when validated for a user-name and password.  The installer extracts a certificate and enters it into 

$HOME/.ovirt/ovirt-config.yaml as "ovirt_ca_bundle".
The retrieved certificate is invalid - and as the machineset operator attempts to create worker nodes, it fails authentication with RHVM and no worker nodes are found.  Replacing the ovirt_ca_bundle in the ovirt-credentials secret fixes the problem.

Another work-around is to manually edit the ovirt-config.yaml file and restart the installer. 

Version-Release number of the following components:
[ocp@bastion ovirt]$ bin/openshift-install version
bin/openshift-install unreleased-master-3266-g3828ad50cde20a7836556403684991468cecfeb3
built from commit 3828ad50cde20a7836556403684991468cecfeb3
release image registry.svc.ci.openshift.org/origin/release:4.5

Comment 3 Jan Zmeskal 2020-09-29 12:13:29 UTC
Verified with 4.6.0-0.nightly-2020-09-28-212756
Verification steps:
1. openshift-install create install-config
2. cat ~/.ovirt/ovirt-config.yaml && cat /etc/pki/ovirt-engine/ca.pem  # Verify the certificates are the same
3. openshift-install create cluster
4. Check that worker nodes have been created and started successfully

Comment 5 errata-xmlrpc 2020-10-27 16:13:27 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.