
On 1/29/19 3:13 PM, John Florian wrote:
On 1/29/19 2:47 PM, Chris Adams wrote:
On 1/29/19 1:30 PM, Chris Adams wrote:
Can that be run non-interactively to do whatever is needed? I'm using a Let's Encrypt cert, which needs to have a 100% automated deployment. Yes, I believe so. Look at the whole biz with the "answers" file and the --config-append=file option. You should already have a generated answers file laying around from when you ran engine-setup before. See /var/lib/ovirt-engine/setup/answers IIRC. Hmm, that won't work - it looks like you can't run engine-setup on a hosted engine unless you first set hosted-engine HA to global
Once upon a time, John Florian <jflorian@doubledog.org> said: maintenance.
Is running engine-setup necessary to install/update certificates, or maybe is there a simpler way?
I'm quite certain you can do it w/o engine-setup if you hit all the right file locations.
Just to follow up on this Chris, I have my puppet drop my CA cert in /etc/pki/ca-trust/source/anchors/, my self-signed cert in/etc/pki/ovirt-engine/certs/ and my key in /etc/pki/ovirt-engine/keys. I also manage /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf to have: ENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts" ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="" I believe this gives me everything you seek. -- John Florian