Good evening all,

I was able to work past this by restarting the dying machine briefly, backing up the keycloak database with pg_dump, and migrating it to the new system. setup-engine seems to work ok, but it is not generating the certs for the keycloak, now.

When I attempt to log in to the web console, I got this message:

Warning alert:PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

engine.log records:

2023-08-08 17:56:44,507-05 INFO [org.ovirt.engine.core.sso.service.NegotiateAuthService] (default task-2) [] User admin@ovirt@internalkeycloak-authz with profile [internalsso] successfully logged in with scopes : ovirt-app-admin ovirt-app-api ovirt-app-portal ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovirt-ext=token:password-access
2023-08-08 17:56:44,623-05 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-2) [] server_error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2023-08-08 17:56:50,216-05 INFO [org.ovirt.engine.core.bll.utils.ThreadPoolMonitoringService] (EE-ManagedScheduledExecutorService-engineThreadMonitoringThreadPool-Thread-1) [] Thread pool 'default' is using 0 threads out of 1, 5 threads waiting for tasks.

After adding engine.cer to the java keystore and restarting the engine all returned to normal.

Thank you!

David Johnson

On Tue, Aug 8, 2023 at 3:30 PM David Johnson <djohnson@maxistechnology.com> wrote:

Update:

I have confirmed the original ovirt version has an ovirt_engine_keycloak database, but the database was not backed up by the engine-backup command
David Johnson
Director of Development, Maxis Technology
844.696.2947 ext 702 (o) | 479.531.3590 (c)

Follow us: