I would use the uri module to download the Engine's CA to /etc/pki/ca-cert/sources (or whatever it was) on EL systems (in debian-based is a little bit different) locally and then run 'update-ca-certificates --extract' .
I did that, even to /usr/share/pki/ and run the command of course. Nothing worked.
Usually I run my ansible from the engine itself. Have you thought about it ?
Yes. Thing is, how can we manage the Manager VM itself if it's down? I tried to start it via virsh, but gave an error: virsh # start --domain Manager error: Failed to start domain 'Manager' error: Network not found: no network with matching name 'vdsm-ovirtmgmt' The interface ovirtmgmt exists tough. Anyway, this is so i can know what to do in case it fails. Because restart the whole server will bring it on of course. Or waiting some long time, till somehow it starts again :)