On 1/29/19 3:13 PM, John Florian wrote: > On 1/29/19 2:47 PM, Chris Adams wrote: >> Once upon a time, John Florian <jflor...@doubledog.org> said: >>> On 1/29/19 1:30 PM, Chris Adams wrote: >>>> Can that be run non-interactively to do whatever is needed? >>>> I'm using a Let's Encrypt cert, which needs to have a 100% automated >>>> deployment. >>> Yes, I believe so. Look at the whole biz with the "answers" file >>> and the --config-append=file option. You should already have a >>> generated answers file laying around from when you ran engine-setup >>> before. See /var/lib/ovirt-engine/setup/answers IIRC. >> Hmm, that won't work - it looks like you can't run engine-setup on a >> hosted engine unless you first set hosted-engine HA to global >> maintenance. >> >> Is running engine-setup necessary to install/update certificates, or >> maybe is there a simpler way? > > I'm quite certain you can do it w/o engine-setup if you hit all the > right file locations.
Just to follow up on this Chris, I have my puppet drop my CA cert in /etc/pki/ca-trust/source/anchors/, my self-signed cert in/etc/pki/ovirt-engine/certs/ and my key in /etc/pki/ovirt-engine/keys. I also manage /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf to have: ENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts" ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="" I believe this gives me everything you seek. -- John Florian _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/QHWEL244HI4ZNZXDMSSG23UOL7RIBVGF/