Hi Didi,
Thanks for the reply.
Finally solved it by exporting LANG=C in the shell before running the
command.
Seems that the "pki-enroll-request.sh" does this check:
LOCK="${PKIDIR}/${CA_FILE}".pem
df -l "${LOCK}" 2> /dev/null | grep -q "File" || die "${LOCK} is not
on a local filesystem"
However, if LANG is a different language than C, the output will vary
and the grep command will return empty.
It's working now. Thanks.
El 2023-11-14 09:12, Yedidyah Bar David escribió:
On Tue, Nov 14, 2023 at 10:49 AM <nico...@devels.es> wrote:
Hi,
We're running oVirt 4.5.4, recently we got this alert:
Engine's certification is about to expire at 2023-11-19. Please
renew
the engine's certification.
So I'm trying to run:
engine-setup --offline
However, it fails with the following error:
[ INFO ] Upgrading CA
[ INFO ] Renewing engine certificate
[ ERROR ] Failed to execute stage 'Misc configuration': Command
'/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh' failed to execute
Digging into the logs I can see this:
2023-11-14 08:36:22,848+0000 DEBUG
otopi.plugins.ovirt_engine_setup.ovirt_engine.pki.ca [1]
plugin.execute:926
execute-output: ('/usr/share/ovirt-engine/bin/pki-enroll-
pkcs12.sh',
'--name=engine', '--password=**FILTERED**',
'--subject=/C=US/O=stic.ull.es/CN=fqdn.es [2]', '--san=DNS:fqdn.es
[3]',
'--keep-key') stderr:
Ignoring -days; not generating a certificate
/etc/pki/ovirt-engine/ca.pem is not on a local filesystem
Cannot sign request
2023-11-14 08:36:22,849+0000 DEBUG otopi.context
context._executeMethod:145 method exception
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/otopi/context.py", line
132,
in _executeMethod
method['method']()
File
"/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py",
line 753, in _miscUpgrade
self._enrollCertificates(True, uninstall_files)
File
"/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py",
line 360, in _enrollCertificates
shortLife=entry['shortLife'],
File
"/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py",
line 250, in _enrollCertificate
+ (('--days=398',) if shortLife else ())
File "/usr/lib/python3.6/site-packages/otopi/plugin.py", line
931,
in execute
command=args[0],
RuntimeError: Command
'/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh' failed to execute
2023-11-14 08:36:22,852+0000 ERROR otopi.context
context._executeMethod:154 Failed to execute stage 'Misc
configuration':
Command '/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh' failed to
execute
However, the file exists and is on a local filesystem:
# ll /etc/pki/ovirt-engine/ca.pem
-rw-r--r--. 1 root root 4516 jun 24 2015
/etc/pki/ovirt-engine/ca.pem
This does not prove that it's on a local filesystem - can be on nfs,
and nfs
locking is sometimes problematic, so we prevented that. See
pki-enroll-request.sh.
Can someone shed some light about why is this failing and how to
solve
it, please?
What output do you get for:
df -l /etc/pki/ovirt-engine/ca.pem
?
Best regards,--
Didi
Links:
------
[1] http://otopi.plugins.ovirt_engine_setup.ovirt_engine.pki.ca
[2] http://stic.ull.es/CN=fqdn.es
[3] http://fqdn.es
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YXTXJIEQRN2ZH77ZSBGW2UARPMYSPEG3/
