I think it's easier to get the Vmware's CA certificate and import it on all hosts + engine and trust it.

By default you should put it at /etc/pki/ca-trust/source/anchors/ and then use "update-ca-trust" to make all certs signed by the Vmware vCenter's CA trusted.

В 06:44 +0000 на 21.01.2021 (чт), Robert Tongue написа:

Greetings all, I am new to oVirt, and have a proof of concept setup with a 3-node oVirt cluster nested inside of VMware VCenter to learn it, so then I can efficiently migrate that back out to the physical nodes to replace VCenter. I have gotten all the way to a working cluster setup, with the exception of fencing. I used engine-config to pull in the vmware_soap fence agent, and enabled all the options, however there is one small thing I cannot figure out. The connection uses a self-signed certificate on the vcenter side, and I cannot figure out the proper combination of engine-config -s commands to get the script to be called with the "ssl-insecure" option, which does contain a value. It just needs the option passed. Is there anyone out there in the ether that can help me out? I can provide any information you request. Thanks in advance.

The fence agent script is called with the following syntax in my tests, and returned the proper status:

[root@cluster2-vm ~]# /usr/sbin/fence_vmware_soap -o status -a vcenter.address --username="administrator@vsphere.local" --password="0bfusc@t3d" --ssl-insecure -n cluster1-vm