On Mon, Apr 11, 2022 at 1:39 PM Colin Coe <colin.coe@gmail.com> wrote:
Hi all
I'm trying to run ovirt-dr generate but its failing: /usr/share/ansible/collections/ansible_collections/redhat/rhv/roles/disaster_recovery/files/ovirt-dr generate Log file: '/tmp/ovirt-dr-1649673243333.log' [Generate Mapping File] Connection to setup has failed. Please check your credentials: URL: https://server.fqdn/ovirt-engine/api user: admin@internal CA file: ./ca.pem
ca.pem is likely engine self signed certificate...
[Generate Mapping File] Failed to generate var file.
When I examine the log file: 2022-04-11 18:34:03,332 INFO Start generate variable mapping file for oVirt ansible disaster recovery 2022-04-11 18:34:03,333 INFO Site address: https://server.fqdn/ovirt-engine/api username: admin@internal password: ******* ca file location: ./ca.pem output file location: ./disaster_recovery_vars.yml ansible play location: ./dr_play.yml 2022-04-11 18:34:03,343 ERROR Connection to setup has failed. Please check your credentials: URL: https://server.fqdn/ovirt-engine/api user: admin@internal CA file: ./ca.pem 2022-04-11 18:34:03,343 ERROR Error: Error while sending HTTP request: (60, 'SSL certificate problem: unable to get local issuer certificate') 2022-04-11 18:34:03,343 ERROR Failed to generate var file.
My suspicion is that the script doesn't like third party certs.
Has anyone got this working with third party certs? If so, what did you need to do?
But you are using a 3rd party certificate, so you need to use the right certificate. Depending on the code, an empty ca_file can work, or you need to point it to the actual ca file installed in the system. I think Didi can help with this. Nir