On Tue, Nov 14, 2023 at 10:49 AM <nico...@devels.es> wrote:
> Hi,
>
> We're running oVirt 4.5.4, recently we got this alert:
>
> Engine's certification is about to expire at 2023-11-19. Please renew
> the engine's certification.
>
> So I'm trying to run:
>
> engine-setup --offline
>
> However, it fails with the following error:
>
> [ INFO ] Upgrading CA
> [ INFO ] Renewing engine certificate
> [ ERROR ] Failed to execute stage 'Misc configuration': Command
> '/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh' failed to execute
>
> Digging into the logs I can see this:
>
> 2023-11-14 08:36:22,848+0000 DEBUG
> otopi.plugins.ovirt_engine_setup.ovirt_engine.pki.ca plugin.execute:926
> execute-output: ('/usr/share/ovirt-engine/bin/pki-enroll- pkcs12.sh',
> '--name=engine', '--password=**FILTERED**',
> '--subject=/C=US/O=stic.ull.es/CN=fqdn.es', '--san=DNS:fqdn.es',
> '--keep-key') stderr:
> Ignoring -days; not generating a certificate
> /etc/pki/ovirt-engine/ca.pem is not on a local filesystem
> Cannot sign request
>
> 2023-11-14 08:36:22,849+0000 DEBUG otopi.context
> context._executeMethod:145 method exception
> Traceback (most recent call last):
> File "/usr/lib/python3.6/site-packages/otopi/context.py", line 132,
> in _executeMethod
> method['method']()
> File
> "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py",
>
> line 753, in _miscUpgrade
> self._enrollCertificates(True, uninstall_files)
> File
> "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py",
>
> line 360, in _enrollCertificates
> shortLife=entry['shortLife'],
> File
> "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py",
>
> line 250, in _enrollCertificate
> + (('--days=398',) if shortLife else ())
> File "/usr/lib/python3.6/site-packages/otopi/plugin.py", line 931,
> in execute
> command=args[0],
> RuntimeError: Command
> '/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh' failed to execute
> 2023-11-14 08:36:22,852+0000 ERROR otopi.context
> context._executeMethod:154 Failed to execute stage 'Misc configuration':
> Command '/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh' failed to
> execute
>
> However, the file exists and is on a local filesystem:
>
> # ll /etc/pki/ovirt-engine/ca.pem
> -rw-r--r--. 1 root root 4516 jun 24 2015 /etc/pki/ovirt-engine/ca.pem
>
This does not prove that it's on a local filesystem - can be on nfs, and nfs
locking is sometimes problematic, so we prevented that. See
pki-enroll-request.sh.
>
> Can someone shed some light about why is this failing and how to solve
> it, please?
>
What output do you get for:
df -l /etc/pki/ovirt-engine/ca.pem
?
Best regards,
--
Didi
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/NYQANBPVRZFUPMCHZIVTB2M4SVSKGASG/
