I think it's easier to get the Vmware's CA certificate and import it on all hosts + engine and trust it.
By default you should put it at /etc/pki/ca-trust/source/anchors/ and then use "update-ca-trust" to make all certs signed by the Vmware vCenter's CA trusted.

Best Regards,
Strahil Nikolov


В 06:44 +0000 на 21.01.2021 (чт), Robert Tongue написа:
Greetings all, I am new to oVirt, and have a proof of concept setup with a 3-node oVirt cluster nested inside of VMware VCenter to learn it, so then I can efficiently migrate that back out to the physical nodes to replace VCenter.   I have gotten all the way to a working cluster setup, with the exception of fencing.  I used engine-config to pull in the vmware_soap fence agent, and enabled all the options, however there is one small thing I cannot figure out.  The connection uses a self-signed certificate on the vcenter side, and I cannot figure out the proper combination of engine-config -s commands to get the script to be called with the "ssl-insecure" option, which does contain a value.  It just needs the option passed.   Is there anyone out there in the ether that can help me out? I can provide any information you request.  Thanks in advance.

The fence agent script is called with the following syntax in my tests, and returned the proper status:

[root@cluster2-vm ~]# /usr/sbin/fence_vmware_soap -o status -a vcenter.address --username="administrator@vsphere.local" --password="0bfusc@t3d" --ssl-insecure -n cluster1-vm

Status: ON


-phunyguy
_______________________________________________
Users mailing list -- 
users@ovirt.org

To unsubscribe send an email to 
users-leave@ovirt.org

Privacy Statement: 
https://www.ovirt.org/privacy-policy.html

oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/

List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PTMUPHR3ZOSQL3SEMTJPAWOAFL5ZUY2/