Bug 885164 - CABaseDirectory should be configured by ovirt-engine
Summary: CABaseDirectory should be configured by ovirt-engine
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: oVirt
Classification: Retired
Component: ovirt-engine-installer
Version: unspecified
Hardware: All
OS: Linux
urgent
medium
Target Milestone: ---
: 3.2
Assignee: Juan Hernández
QA Contact:
URL:
Whiteboard: infra
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-12-07 16:20 UTC by Dannie Obbink
Modified: 2013-02-15 06:47 UTC (History)
9 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2013-02-15 06:47:32 UTC
oVirt Team: ---
Embargoed:


Attachments (Terms of Use)

Description Dannie Obbink 2012-12-07 16:20:21 UTC
Description of problem:
During deployement of a host, the following error is returned in engine.log:

2012-12-07 17:06:01,319 INFO  [org.ovirt.engine.core.bll.InstallerMessages] (VdsDeploy) Installation ovirtnode1.acme.lan: Enrolling certificate

2012-12-07 17:06:01,346 ERROR [org.ovirt.engine.core.bll.VdsDeploy] (pool-3-thread-31) [5563c38b] Error during host ovirtnode1.acme.lan install, prefering first exception: java.io.FileNotFoundException: /etc/ovirt-engine/ca/requests/ovirtnode1.acme.lanreq.pem (No such file or directory)
	at java.io.FileOutputStream.open(Native Method) [rt.jar:1.7.0_09-icedtea]
	at java.io.FileOutputStream.<init>(FileOutputStream.java:212) [rt.jar:1.7.0_09-icedtea]
	at java.io.FileOutputStream.<init>(FileOutputStream.java:165) [rt.jar:1.7.0_09-icedtea]
	at org.ovirt.engine.core.utils.hostinstall.OpenSslCAWrapper.SignCertificateRequest(OpenSslCAWrapper.java:70) [engine-utils.jar:]
	at org.ovirt.engine.core.bll.VdsDeploy._threadMain(VdsDeploy.java:742) [engine-bll.jar:]
	at org.ovirt.engine.core.bll.VdsDeploy.access$1400(VdsDeploy.java:71) [engine-bll.jar:]
	at org.ovirt.engine.core.bll.VdsDeploy$32.run(VdsDeploy.java:780) [engine-bll.jar:]
	at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_09-icedtea]


Version-Release number of selected component (if applicable):
3.2.0-1.20121206.git533e9a5.fc17 (latest nightly)

oVirt searches for it's certificate in /etc/ovirt-engine/ca/requests/, while they are actually in /etc/pki/ovirt-engine.

Symlinking /etc/ovirt-engine/ca to /etc/pki/ovirt-engine seems to be a viable work-around.

Comment 1 Alon Bar-Lev 2012-12-07 16:47:42 UTC
Known issue, I already asked to revert[1].
This change was added without proper test, please CC me of any PKI patches in the future.

Thank you for the report.

[1] http://gerrit.ovirt.org/#/c/9659/

Comment 2 Juan Hernández 2012-12-08 12:08:29 UTC
The revert of the change is available here:

http://gerrit.ovirt.org/9786

Comment 4 Itamar Heim 2013-01-16 16:09:39 UTC
3.2 beta built, moving to ON_QA status to allow testing


Note You need to log in before you can comment on or make changes to this bug.