[ovirt-users] Issue with 4.2.1 RC and SSL

Yedidyah Bar David didi at redhat.com
Sun Feb 11 08:41:21 UTC 2018


On Sun, Feb 11, 2018 at 10:26 AM, Yaniv Kaul <ykaul at redhat.com> wrote:
>
>
> On Sun, Feb 11, 2018 at 2:43 AM, ~Stack~ <i.am.stack at gmail.com> wrote:
>>
>> On 02/08/2018 06:42 AM, Petr Kotas wrote:
>> > Hi Stack,
>>
>> Greetings Petr
>>
>> > have you tried it on other linux distributions? Scientific is not
>> > officially supported.
>>
>> No, but SL isn't really any different than CentOS. If anything, we've
>> found it adheres closer to RH than CentOS does.
>>
>> > My guess based on your log is there are somewhere missing certificates,
>> > maybe different path?.
>> > You can check the paths by the documentation:
>> >
>> > https://www.ovirt.org/develop/release-management/features/infra/pki/#vdsm
>> >
>> > Hope this helps.
>>
>>
>> Thanks for the suggestion. It took a while but we dug into it and I
>> *think* the problem was because I may have over-written the wrong cert
>> file in one of my steps. I'm only about 80% certain of that, but it
>> seems to match what we found when we were digging through the log files.
>>
>> We decided to just start from scratch and my coworker watched and
>> confirmed every step. It works! No problems at all this time. Further
>> evidence that I goofed _something_ up the first time.
>
>
> We should really have an Ansible role that performs the conversion to
> self-signed certificates.
> That would make the conversion easier and safer.

+1

Not sure "self-signed" is the correct term here. Also the internal
engine CA's cert is self-signed.

I guess you refer to this:

https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL/

I'd call it "configure-3rd-party-CA" or something like that.

> Y.
>
>>
>>
>> Thank you for the suggestion!
>> ~Stack~
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>



-- 
Didi


More information about the Users mailing list