setup: Make sure OVN key files are available before accessing them #491
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
didib
reviewed
Jun 28, 2022
packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/network/ovirtproviderovn.py
Outdated
Show resolved
Hide resolved
|
Patch looks correct to me. Thanks. Please verify various different flows, including new setup, upgrade without pki renew, pki renew, etc., and probably also, to be on the safe side, backup/restore, including hosted-engine. Some already done by OST so should be ok, others can (should?) be done by QE. |
When Engine CA certificate file is removed and then engine-setup with certificate renewal is run, engine-setup may fail with the following error: [ ERROR ] Failed to execute stage 'Misc configuration': [Errno 2] No such file or directory: '/etc/pki/ovirt-engine/keys/ovn-sdb.key.nopass' The problem is that otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn.Plugin._upgrade, which requires the presence of the OVN keys, may be run before otopi.plugins.ovirt_engine_setup.ovirt_engine.pki.ca.Plugin._miscUpgrade, which generates them if previously asked for that by otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn.Plugin._misc_pki. Let’s ensure correct ordering of these three actions and also set up OVN renewal if self._provider_installed is true, since this condition is used to check whether otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn.Plugin._upgrade should be run.
|
/ost |
1 similar comment
|
/ost |
|
/ost he-basic-suite-master el8stream |
|
OST basic-suite-master and he-basic-suite-master have passed here. |
|
Anything still missing? |
michalskrivanek
approved these changes
Jul 8, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When Engine CA certificate file is removed and then engine-setup with
certificate renewal is run, engine-setup may fail with the following
error:
[ ERROR ] Failed to execute stage 'Misc configuration': [Errno 2] No such file or directory: '/etc/pki/ovirt-engine/keys/ovn-sdb.key.nopass'
The problem is that
otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn.Plugin._upgrade,
which requires the presence of the OVN keys,
may be run before
otopi.plugins.ovirt_engine_setup.ovirt_engine.pki.ca.Plugin._miscUpgrade,
which generates them if previously asked for that by
otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn.Plugin._misc_pki.
Let’s ensure correct ordering of these three actions and also set up
OVN renewal if self._provider_installed is true, since this condition
is used to check whether
otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn.Plugin._upgrade
should be run.