<div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif">Hi,</div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">
After running through the new patch posted in BZ 1055153 I'm adding a second host to the hosted-engine cluster but it seems to fail right before the finish:</div><div class="gmail_default" style="font-family:tahoma,sans-serif">
<br></div><div class="gmail_default"><div class="gmail_default"><font face="tahoma, sans-serif">[ ERROR ] Failed to execute stage 'Closing up': [ERROR]::oVirt API connection failure, [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed</font></div>
<div style="font-family:tahoma,sans-serif"><br></div><div style="font-family:tahoma,sans-serif">Couple Extra Notes:</div><div style="font-family:tahoma,sans-serif">Engine has a custom SSL cert but the CA has been trusted by the new host. When I temporarily return the engine's SSL back to the default generated one the install will succeed.</div>
<div style="font-family:tahoma,sans-serif"><br></div><div style="font-family:tahoma,sans-serif">Setup logs: <a href="http://www.fpaste.org/72624/13909770/">http://www.fpaste.org/72624/13909770/</a><br></div><div style="font-family:tahoma,sans-serif">
<br></div><div style="font-family:tahoma,sans-serif">What confuses me is:</div><div style="font-family:tahoma,sans-serif"><br></div><div style="font-family:tahoma,sans-serif">curl <a href="https://engine.example.net">https://engine.example.net</a> with the custom SSL cert will succeed but with the original self-signed gives the expected "insecure" message. What criteria need to be met so the install will pass?</div>
<div style="font-family:tahoma,sans-serif"><br></div></div><div><font face="tahoma, sans-serif">Thanks,<br>Andrew</font><br></div>
</div>