On Mon, May 11, 2020 at 4:38 PM Joop <jvdwege@xs4all.nl> wrote:

On 8-5-2020 13:23, Sandro Bonazzola wrote:
> Hi,
> oVirt team is planning to release oVirt 4.4.0 Ga in the next couple of
> weeks.
>
I followed the same procedure as for the beta releases and have come
across a new problem.
Following the HCI setup using cockit in step 3 of deplying the VM
ansible reports an error about missing /etc/pki/CA/cacert.pem which
indeed does not exist.
Can't find where this is supposed to come from and before creating my
own and trying the install again I would like to know if I'm doing
something wrong.
In essence I installed Centos-8.1 from the link provided in the email.

Regards,

Joop

I have had a similar behaviour in one of my tests, but I have not identified the reason.

I re-executed the deployment, after cleaning disks, apparently with same parameters and all went good in the second attempt and the /etc/pki/CA/ structure had been created.

Unfortunately I scratched the first install to deploy over, but if you have yet your files you can compare contents of messages and / or send to developers, to compare what ewxpected by ansible and what happened actually.

The stage where it is created is around the end of prepare VM stage when libvirtd is started on host.

For a successful configuration you would have this line in messages of host

May 8 16:44:50 novirt2 platform-python[27382]: ansible-command Invoked with _raw_params=virsh -r net-dhcp-leases default | grep -i 00:16:3e:79:dc:d0 | awk '{ print $5 }' | cut -f1 -d'/' _uses_shell=True warn=True stdin_add_newline=True strip_empty_ends=True argv=None chdir=None executable=None creates=None removes=None stdin=None

with the temporary ip assigned to the local vm few lines under it

and around 10 minutes later you will have:

May 8 16:55:11 novirt2 ansible-async_wrapper.py[28148]: 28149 still running (86225)
May 8 16:55:11 novirt2 python3[53024]: ansible-file Invoked with dest=/etc/pki/libvirt/private state=directory owner=vdsm group=kv
m path=/etc/pki/libvirt/private recurse=False force=False follow=True modification_time_format=%Y%m%d%H%M.%S access_time_format=%Y%
m%d%H%M.%S _original_basename=None _diff_peek=None src=None modification_time=None access_time=None mode=None seuser=None serole=No
ne selevel=None setype=None attributes=None content=NOT_LOGGING_PARAMETER backup=None remote_src=None regexp=None delimiter=None di
rectory_mode=None unsafe_writes=None
May 8 16:55:15 novirt2 python3[53956]: ansible-file Invoked with dest=/etc/pki/libvirt/../CA state=directory owner=vdsm group=kvm path=/etc/pki/libvirt/../CA recurse=False force=False follow=True modification_time_format=%Y%m%d%H%M.%S access_time_format=%Y%m%d%H%M.%S _original_basename=None _diff_peek=None src=None modification_time=None access_time=None mode=None seuser=None serole=None selevel=None setype=None attributes=None content=NOT_LOGGING_PARAMETER backup=None remote_src=None regexp=None delimiter=None directory_mode=None unsafe_writes=None
May 8 16:55:16 novirt2 ansible-async_wrapper.py[28148]: 28149 still running (86220)
May 8 16:55:17 novirt2 platform-python[54420]: ansible-ovirt_host_info Invoked with pattern=name=novirt2.example.net auth={'token': 'Q56I1YcOPmPxQAPlXbNaB5hmXl8LcCWtSnGsrG3lTRIzo__crr_2RSKNo0e6C4TvmanadThlCCxSv5IhxOr5Ow', 'url': 'https://novengine2.example.net/ovirt-engine/api', 'ca_file': None, 'insecure': True, 'timeout': 0, 'compress': True, 'kerberos': False, 'headers': None} fetch_nested=False nested_attributes=[] all_content=False cluster_version=None

In my failed run these latest lines were missing, but I didn't dig into why... and then libvirtd was unable to start again because of the missing CA

Gianluca