I set up a new ovirt test instance on a clean Rocky Linux 8.5 server with a custom apache cert about two weeks ago. Uploading a test image via the browser didn't work until I changed the .truststore file.
I should also point out that I also had to set the cert in apache's config. Simply replacing the symlink in the cert directory didn't work as it wasn't pointing to it at all. (Instead it was pointing at some snakeoil cert generated by apache.) Granted, the apache issue is specific to Rocky, but the imageio service is definitely in ovirt's full control. If the imageio service is supposed to work out of the box with a custom certificate, there's something amiss. WARNING: Small rant follows: Yes, I could have changed a config file instead of changing .truststore, but it's just another way to achieve the same result. (And the one I discovered back in ovirt 3.x.) It doesn't make the process any eaiser, if anything it's just another option to check if something goes wrong. Instead of checking only .truststore, Now we have to check .truststore, and any number of extra config files for a redirect statement, and the load ordering of those config files, *and* whether or not those redirect statements point to a valid cert or not. Instead of having just one place to troubleshoot, now there's at least four. The config file change also doesn't make it any eaiser to perform those changes. You still need to manually make these changes via ssh on the engine host. Why would I want to advice changing a config file, and risk that much of an additional mess to deal with in support, when I can tell them one specific file to fix that has none of these extras to deal with? Personally, I would choose the option with less chance for human error. /rant -Patrick Hibbs On Sun, 2022-03-06 at 21:54 +0200, Nir Soffer wrote: > On Sun, Mar 6, 2022 at 9:42 PM <lou...@ameritech.net> wrote: > > > > I don't have the file "ovirt-imageio-proxy" on my system, is there > > another file that I should be looking at? Once I locate the > > correct file what content in the file needs to change? > > > > I'm using the latest release of "Firefox/91.6.0" as my browser, > > and i import the "Engine CA" after the fact. However, after the > > import I tried again and got the same results. > > In oVirt 4.4 the ovirt-imageio-proxy service was replaced with the > ovirt-imageio service. > > The built-in configuration should work with the default (self signed) > CA and with custom > CA without any configuration change. > > Is this all-in-one installation, when ovirt-engine is installed on > the > single hypervisor, > and the same host is added later as an hypervisor? > > To make sure you configured the browser correctly, please open the > "upload" dialog > and click the "Test connection" button. If the testing the connection > works the browser > can communicate with the ovirt-imageio service and your system is > ready for upload > from the browser. > > Nir > _______________________________________________ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/4JN43TC3CGMLUZW6OCUTEZHQDNJDMRNP/ _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/GJ6UALLOL6NBQA7O5W6AATKBTXC6SELP/
