Description of problem: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/administration_guide/index#Replacing_the_Manager_CA_Certificate has a missing step. In "Replacing the Red Hat Virtualization Manager Apache CA Certificate" step 8 we copy they certificate but don't check ownership nor permission. Version-Release number of selected component (if applicable): ovirt-engine-websocket-proxy-4.4.2.6-0.2.el8ev.noarch How reproducible: always Steps to Reproduce: 1. follow the docs Actual results: - see that novnc console does not work (something went wrong) - # journalctl -u ovirt-websocket-proxy.service|grep -i Errno Dec 09 15:58:02 rhvm1.example.com ovirt-websocket-proxy.py[2136316]: ovirt-websocket-proxy[2137092] INFO msg:887 handler exception: [Errno 13] Permission denied Dec 09 15:58:02 rhvm1.example.com ovirt-websocket-proxy.py[2136316]: ovirt-websocket-proxy[2137093] INFO msg:887 handler exception: [Errno 13] Permission denied Expected results: novnc console works and no errors in journalctl Additional info: possible solutions to include in step 8: 1. chown root:ovirt /etc/pki/ovirt-engine/certs/apache.cer OR 2. chmod 644 /etc/pki/ovirt-engine/certs/apache.cer
(In reply to Michael Vollmer from comment #0) > Additional info: possible solutions to include in step 8: > 1. chown root:ovirt /etc/pki/ovirt-engine/certs/apache.cer > OR > 2. chmod 644 /etc/pki/ovirt-engine/certs/apache.cer I agree. IMO we want _both_ (not "OR"). Should be after current step 8's command and before step 9 - can be inside step 8 or as a new step, I don't mind. These commands might or might not be required, depending on your umask, etc., but I can't see a reason to not always include them. Thanks!
I made some edits and merged the branch, but then I realized that this change requires QE verfication, so I created a new merge request with the changes: https://gitlab.cee.redhat.com/rhci-documentation/docs-Red_Hat_Enterprise_Virtualization/-/merge_requests/1944
Gui, Please verify that the procedure works as documented. See comment 2.
The changes requested have been merged into master and published. Comment 4 indicates that QE does not have resourced to verify the changes are in: https://gitlab.cee.redhat.com/rhci-documentation/docs-Red_Hat_Enterprise_Virtualization/-/merge_requests/1943