12:28 p.m.
Hi Didi,
Thanks for the reply.
Finally solved it by exporting LANG=C in the shell before running the
command.
Seems that the "pki-enroll-request.sh" does this check:
LOCK="${PKIDIR}/${CA_FILE}".pem
df -l "${LOCK}" 2> /dev/null | grep -q "File" || die
"${LOCK} is not
on a local filesystem"
However, if LANG is a different language than C, the output will vary
and the grep command will return empty.
It's working now. Thanks.
El 2023-11-14 09:12, Yedidyah Bar David escribió:
> On Tue, Nov 14, 2023 at 10:49 AM <nicolas(a)devels.es> wrote:
>
>> Hi,
>>
>> We're running oVirt 4.5.4, recently we got this alert:
>>
>> Engine's certification is about to expire at 2023-11-19. Please
>> renew
>> the engine's certification.
>>
>> So I'm trying to run:
>>
>> engine-setup --offline
>>
>> However, it fails with the following error:
>>
>> [ INFO ] Upgrading CA
>> [ INFO ] Renewing engine certificate
>> [ ERROR ] Failed to execute stage 'Misc configuration': Command
>> '/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh' failed to execute
>>
>> Digging into the logs I can see this:
>>
>> 2023-11-14 08:36:22,848+0000 DEBUG
>> otopi.plugins.ovirt_engine_setup.ovirt_engine.pki.ca [1]
>> plugin.execute:926
>> execute-output: ('/usr/share/ovirt-engine/bin/pki-enroll-
>> pkcs12.sh',
>> '--name=engine', '--password=**FILTERED**',
>> '--subject=/C=US/O=stic.ull.es/CN=fqdn.es [2]', '--san=DNS:fqdn.es
>> [3]',
>> '--keep-key') stderr:
>> Ignoring -days; not generating a certificate
>> /etc/pki/ovirt-engine/ca.pem is not on a local filesystem
>> Cannot sign request
>>
>> 2023-11-14 08:36:22,849+0000 DEBUG otopi.context
>> context._executeMethod:145 method exception
>> Traceback (most recent call last):
>> File "/usr/lib/python3.6/site-packages/otopi/context.py", line
>> 132,
>> in _executeMethod
>> method['method']()
>> File
>>
>
"/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py",
>>
>> line 753, in _miscUpgrade
>> self._enrollCertificates(True, uninstall_files)
>> File
>>
>
"/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py",
>>
>> line 360, in _enrollCertificates
>> shortLife=entry['shortLife'],
>> File
>>
>
"/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py",
>>
>> line 250, in _enrollCertificate
>> + (('--days=398',) if shortLife else ())
>> File "/usr/lib/python3.6/site-packages/otopi/plugin.py", line
>> 931,
>> in execute
>> command=args[0],
>> RuntimeError: Command
>> '/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh' failed to execute
>> 2023-11-14 08:36:22,852+0000 ERROR otopi.context
>> context._executeMethod:154 Failed to execute stage 'Misc
>> configuration':
>> Command '/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh' failed to
>>
>> execute
>>
>> However, the file exists and is on a local filesystem:
>>
>> # ll /etc/pki/ovirt-engine/ca.pem
>> -rw-r--r--. 1 root root 4516 jun 24 2015
>> /etc/pki/ovirt-engine/ca.pem
>
> This does not prove that it's on a local filesystem - can be on nfs,
> and nfs
> locking is sometimes problematic, so we prevented that. See
> pki-enroll-request.sh.
>
>> Can someone shed some light about why is this failing and how to
>> solve
>> it, please?
>
> What output do you get for:
> df -l /etc/pki/ovirt-engine/ca.pem
> ?
>
> Best regards,--
> Didi
>
>
> Links:
> ------
> [1] http://otopi.plugins.ovirt_engine_setup.ovirt_engine.pki.ca
> [2] http://stic.ull.es/CN=fqdn.es
> [3] http://fqdn.es