30 Jan
2019
30 Jan
'19
9:26 p.m.
Digging a little deeper... if I add the Let's Encrypt CA to /etc/pki/ovirt-engine/.truststore, imageio-proxy works (I can successfully upload an ISO), so I guess the issue is that imageio-proxy uses the same cert for web and engine communication and the engine wasn't happy with the public-CA-signed cert. So, rather than point part of the engine at a separate trust store (as the docs recommend), maybe just add the public CA to the engine's existing trust store? However, while digging, I also noticed that now the engine is not communicating with ovirt-provider-ovn, possibly due to a similar issue? It is having the reverse problem; it rejects the engine's cert. This is all on 4.2.8 BTW. -- Chris Adams <cma@cmadams.net>