Created attachment 636628 [details] engine log Description of problem: after upgrade I tried host re-install and it failed with CA error looking at the ca directory it seems that file ownerships are not saved after upgrade. Version-Release number of selected component (if applicable): upgrade from 3.0 to si21.1 How reproducible: 100% Steps to Reproduce: 1. install 3.0 and upgrade to 3.1 2. 3. Actual results: some of the ca ownerships were not kept after the upograde Expected results: ownerships should be kept Additional info: [root@daffi-linux ~]# cd /etc/pki/ovirt-engine/certs/ [root@daffi-linux certs]# ls -l total 48 -rw-r--r--. 1 root root 3489 Oct 9 12:23 05.pem -rw-rw-r--. 1 root root 3460 Oct 10 10:08 06.pem -rw-rw-r--. 1 root root 3460 Oct 10 10:23 07.pem -rw-r--r--. 1 ovirt ovirt 3071 Oct 16 12:43 08.pem -rw-r--r--. 1 ovirt ovirt 3071 Oct 22 14:26 09.pem -rw-r--r--. 1 ovirt ovirt 3072 Oct 31 16:35 0A.pem -rw-r--r--. 1 ovirt ovirt 0 Oct 31 16:30 blond-vdsg.qa.lab.tlv.redhat.comcert.pem -rw-r--r--. 1 root root 714 Oct 9 12:23 ca.der -rwxr-xr-x. 1 root root 0 Aug 22 20:12 emptyfile.txt -rw-r--r--. 1 root root 3489 Oct 9 12:23 engine.cer -rw-r--r--. 1 root root 776 Oct 9 12:23 engine.der -rw-rw-r--. 1 root root 0 Oct 31 15:39 gold-vdsc.qa.lab.tlv.redhat.comcert.pem -rw-rw-r--. 1 root root 3460 Oct 10 10:23 gold-vdsd.qa.lab.tlv.redhat.comcert.pem -rw-r--r--. 1 ovirt ovirt 3072 Oct 31 16:35 nott-vds1.qa.lab.tlv.redhat.comcert.pem -rw-r--r--. 1 root root 1848 Oct 9 12:23 rhevm.pfx after this error I manually changed owndership of 0A and only then I was able to install a host. 2012-10-31 16:30:51,114 ERROR [org.ovirt.engine.core.utils.hostinstall.OpenSslCAWrapper] (pool-4-thread-49) [7011618f] Sign Certificate request script errors: null/etc/pki/ovirt-engine/SignReq.sh: line 31: grep: command not found Using configuration from openssl.conf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows organizationName :PRINTABLE:'RedHat' commonName :PRINTABLE:'blond-vdsg.qa.lab.tlv.redhat.com' Certificate is to be certified until Oct 30 14:30:50 2017 GMT (1825 days) Write out database with 1 new entries certs/0A.pem: Permission denied 140316543539016:error:0200100D:system library:fopen:Permission denied:bss_file.c:355:fopen('certs/0A.pem','w') 140316543539016:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:357:
verified on 3.0 -> 24.4 before: [root@daffi-linux certs]# ls -l total 36 -rw-r--r--. 1 root root 3504 Nov 24 21:58 01.pem -rw-r--r--. 1 root root 3650 Nov 24 21:58 02.pem -rw-rw-r--. 1 jboss jboss 3622 Nov 26 13:11 03.pem -rw-rw-r--. 1 jboss jboss 3622 Nov 26 14:49 04.pem -rw-r--r--. 1 root root 825 Nov 24 21:58 ca.der -rwxr-xr-x. 1 jboss jboss 0 Aug 22 20:12 emptyfile.txt -rw-rw-r--. 1 jboss jboss 3622 Nov 26 13:11 gold-vdsc.qa.lab.tlv.redhat.comcert.pem -rw-rw-r--. 1 jboss jboss 3622 Nov 26 14:49 gold-vdsd.qa.lab.tlv.redhat.comcert.pem -rw-r--r--. 1 root root 3650 Nov 24 21:58 rhevm.cer -rw-r--r--. 1 root root 844 Nov 24 21:58 rhevm.der [root@daffi-linux certs]# after: [root@daffi-linux certs]# ls -l total 36 -rw-r--r--. 1 root root 3504 Nov 24 21:58 01.pem -rw-r--r--. 1 root root 3650 Nov 24 21:58 02.pem -rw-rw-r--. 1 ovirt ovirt 3622 Nov 26 13:11 03.pem -rw-rw-r--. 1 ovirt ovirt 3622 Nov 26 14:49 04.pem -rw-r--r--. 1 root root 825 Nov 24 21:58 ca.der -rwxr-xr-x. 1 ovirt ovirt 0 Aug 22 20:12 emptyfile.txt -rw-r--r--. 1 root root 3650 Nov 24 21:58 engine.cer -rw-r--r--. 1 root root 844 Nov 24 21:58 engine.der -rw-rw-r--. 1 ovirt ovirt 3622 Nov 26 13:11 gold-vdsc.qa.lab.tlv.redhat.comcert.pem -rw-rw-r--. 1 ovirt ovirt 3622 Nov 26 14:49 gold-vdsd.qa.lab.tlv.redhat.comcert.pem