Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 885164

Summary: CABaseDirectory should be configured by ovirt-engine
Product: [Retired] oVirt Reporter: Dannie Obbink <dannieobbink>
Component: ovirt-engine-installerAssignee: Juan Hernández <juan.hernandez>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: urgent    
Version: unspecifiedCC: acathrow, alonbl, bazulay, dougsland, dyasny, iheim, mgoldboi, ykaul, yzaslavs
Target Milestone: ---   
Target Release: 3.2   
Hardware: All   
OS: Linux   
Whiteboard: infra
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-15 06:47:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dannie Obbink 2012-12-07 16:20:21 UTC 
Description of problem:
During deployement of a host, the following error is returned in engine.log:

2012-12-07 17:06:01,319 INFO  [org.ovirt.engine.core.bll.InstallerMessages] (VdsDeploy) Installation ovirtnode1.acme.lan: Enrolling certificate

2012-12-07 17:06:01,346 ERROR [org.ovirt.engine.core.bll.VdsDeploy] (pool-3-thread-31) [5563c38b] Error during host ovirtnode1.acme.lan install, prefering first exception: java.io.FileNotFoundException: /etc/ovirt-engine/ca/requests/ovirtnode1.acme.lanreq.pem (No such file or directory)
	at java.io.FileOutputStream.open(Native Method) [rt.jar:1.7.0_09-icedtea]
	at java.io.FileOutputStream.<init>(FileOutputStream.java:212) [rt.jar:1.7.0_09-icedtea]
	at java.io.FileOutputStream.<init>(FileOutputStream.java:165) [rt.jar:1.7.0_09-icedtea]
	at org.ovirt.engine.core.utils.hostinstall.OpenSslCAWrapper.SignCertificateRequest(OpenSslCAWrapper.java:70) [engine-utils.jar:]
	at org.ovirt.engine.core.bll.VdsDeploy._threadMain(VdsDeploy.java:742) [engine-bll.jar:]
	at org.ovirt.engine.core.bll.VdsDeploy.access$1400(VdsDeploy.java:71) [engine-bll.jar:]
	at org.ovirt.engine.core.bll.VdsDeploy$32.run(VdsDeploy.java:780) [engine-bll.jar:]
	at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_09-icedtea]


Version-Release number of selected component (if applicable):
3.2.0-1.20121206.git533e9a5.fc17 (latest nightly)

oVirt searches for it's certificate in /etc/ovirt-engine/ca/requests/, while they are actually in /etc/pki/ovirt-engine.

Symlinking /etc/ovirt-engine/ca to /etc/pki/ovirt-engine seems to be a viable work-around.
Comment 1 Alon Bar-Lev 2012-12-07 16:47:42 UTC 
Known issue, I already asked to revert[1].
This change was added without proper test, please CC me of any PKI patches in the future.

Thank you for the report.

[1] http://gerrit.ovirt.org/#/c/9659/
Comment 2 Juan Hernández 2012-12-08 12:08:29 UTC 
The revert of the change is available here:

http://gerrit.ovirt.org/9786
Comment 3 Juan Hernández 2012-12-08 12:09:26 UTC 
The revert has been merged:

http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commit;h=cd830572906624ab068d988c631c031e9f635b02
Comment 4 Itamar Heim 2013-01-16 16:09:39 UTC 
3.2 beta built, moving to ON_QA status to allow testing