Hi,
We're running oVirt 4.5.4, recently we got this alert:
Engine's certification is about to expire at 2023-11-19. Please renew
the engine's certification.
So I'm trying to run:
engine-setup --offline
However, it fails with the following error:
[ INFO ] Upgrading CA
[ INFO ] Renewing engine certificate
[ ERROR ] Failed to execute stage 'Misc configuration': Command
'/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh' failed to execute
Digging into the logs I can see this:
2023-11-14 08:36:22,848+0000 DEBUG
otopi.plugins.ovirt_engine_setup.ovirt_engine.pki.ca plugin.execute:926
execute-output: ('/usr/share/ovirt-engine/bin/pki-enroll- pkcs12.sh',
'--name=engine', '--password=**FILTERED**',
'--subject=/C=US/O=stic.ull.es/CN=fqdn.es', '--san=DNS:fqdn.es',
'--keep-key') stderr:
Ignoring -days; not generating a certificate
/etc/pki/ovirt-engine/ca.pem is not on a local filesystem
Cannot sign request
2023-11-14 08:36:22,849+0000 DEBUG otopi.context
context._executeMethod:145 method exception
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/otopi/context.py", line 132,
in _executeMethod
method['method']()
File
"/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py",
line 753, in _miscUpgrade
self._enrollCertificates(True, uninstall_files)
File
"/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py",
line 360, in _enrollCertificates
shortLife=entry['shortLife'],
File
"/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py",
line 250, in _enrollCertificate
+ (('--days=398',) if shortLife else ())
File "/usr/lib/python3.6/site-packages/otopi/plugin.py", line 931,
in execute
command=args[0],
RuntimeError: Command
'/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh' failed to execute
2023-11-14 08:36:22,852+0000 ERROR otopi.context
context._executeMethod:154 Failed to execute stage 'Misc configuration':
Command '/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh' failed to
execute
However, the file exists and is on a local filesystem:
# ll /etc/pki/ovirt-engine/ca.pem
-rw-r--r--. 1 root root 4516 jun 24 2015 /etc/pki/ovirt-engine/ca.pem
Can someone shed some light about why is this failing and how to solve
it, please?
Thanks.
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VJUUVMZDKYFF7CF3SXTI2IZ62BHQJ64F/
