Fix checking ovirt-provider-ovn certificate validity

There was added an ovirt-provider-ovn certificate validity check as a part of #576 but unfortunately the path to certificate file was wrong and as this certificate is optional (it doesn't exists on setup with OVN integration disable), the certificate validity checker didn't raise any error even for setups with OVN integration enabled and ovirt-provider-ovn certificate going to expire soon. Bug-Url: https://bugzilla.redhat.com/2097560 Signed-off-by: Martin Perina <mperina@redhat.com>
oVirt · Aug 19, 2022 · 7814cc9 · 7814cc9
1 parent 7054ce2
commit 7814cc9
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/...ger/modules/bll/src/main/java/org/ovirt/engine/core/bll/CertificationValidityChecker.java b/...ger/modules/bll/src/main/java/org/ovirt/engine/core/bll/CertificationValidityChecker.java
@@ -125,6 +125,7 @@ private boolean checkOptionalCertificate(File certFile,
             AuditLogType alertExpirationEventType,
             AuditLogType alertAboutToExpireEventType,
             AuditLogType warnAboutToExpireEventType) {
+        log.debug("Checking optional certificate '{}'.", certFile.getAbsolutePath());
         if (certFile == null || !certFile.exists()) {
             // certificate file doesn't exist, which may be OK, as the service using the certificate is optional
             return true;

diff --git a/...nd/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/EngineLocalConfig.java b/...nd/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/EngineLocalConfig.java
@@ -213,7 +213,7 @@ public File getPKIEngineCert() {
     }
 
     public File getPKIOvirtProviderOVNCert() {
-        return Paths.get(getProperty("ENGINE_PKI"), "ovirt-provider-ovn.cer").toFile();
+        return Paths.get(getProperty("ENGINE_PKI"), "certs", "ovirt-provider-ovn.cer").toFile();
     }
 
     public String getPKITrustStoreType() {