Bug 968906 - upgrade 3.2_pre-relase->3.2 pki artifacts are reset to relative paths
upgrade 3.2_pre-relase->3.2 pki artifacts are reset to relative paths
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine (Show other bugs)
Unspecified Unspecified
urgent Severity unspecified
: ---
: 3.3.0
Assigned To: Alon Bar-Lev
Leonid Natapov
: ZStream
Depends On:
Blocks: 969072
  Show dependency treegraph
Reported: 2013-05-30 05:12 EDT by Alon Bar-Lev
Modified: 2016-02-10 14:35 EST (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 969072 (view as bug list)
Last Closed: 2014-01-21 17:18:40 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 15184 None None None Never

  None (edit)
Description Alon Bar-Lev 2013-05-30 05:12:23 EDT

There is a bug in engine-config that existed since beginning of time, it does not take the CABaseDirectory into account.
However, both the setup and the upgrade set full path for all pki artifacts, this is why this bug has been never discovered.


The database upgrade script puts two values per default, these are relative:
select fn_db_update_config_value('keystoreUrl','keys/engine.p12','general');
select fn_db_update_config_value('TruststoreUrl','.truststore','general');

When system is upgraded from 3.1, after database upgrade the engine-upgrade script will convert keys to PKCS#12 format, and overwrite database settings.

However, if you upgrade from 3.2 to 3.2, then the engine-upgrade script does not overwrite the setting, leaving relative paths.


Modify keystoreUrl and truststoreUrl within database to absolute paths.
Comment 3 Itamar Heim 2013-05-30 08:27:59 EDT
moving to modified for 3.3, as issue shouldn't happen.
Comment 7 Leonid Natapov 2013-07-17 08:59:37 EDT
is5. verified.  pki settings moved into configuration
Comment 8 Itamar Heim 2014-01-21 17:18:40 EST
Closing - RHEV 3.3 Released
Comment 9 Itamar Heim 2014-01-21 17:25:00 EST
Closing - RHEV 3.3 Released

Note You need to log in before you can comment on or make changes to this bug.