-
Notifications
You must be signed in to change notification settings - Fork 261
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
setup: Make sure OVN key files are available before accessing them #491
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/network/ovirtproviderovn.py
Outdated
Show resolved
Hide resolved
Patch looks correct to me. Thanks. Please verify various different flows, including new setup, upgrade without pki renew, pki renew, etc., and probably also, to be on the safe side, backup/restore, including hosted-engine. Some already done by OST so should be ok, others can (should?) be done by QE. |
When Engine CA certificate file is removed and then engine-setup with certificate renewal is run, engine-setup may fail with the following error: [ ERROR ] Failed to execute stage 'Misc configuration': [Errno 2] No such file or directory: '/etc/pki/ovirt-engine/keys/ovn-sdb.key.nopass' The problem is that otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn.Plugin._upgrade, which requires the presence of the OVN keys, may be run before otopi.plugins.ovirt_engine_setup.ovirt_engine.pki.ca.Plugin._miscUpgrade, which generates them if previously asked for that by otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn.Plugin._misc_pki. Let’s ensure correct ordering of these three actions and also set up OVN renewal if self._provider_installed is true, since this condition is used to check whether otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn.Plugin._upgrade should be run.
/ost |
1 similar comment
/ost |
/ost he-basic-suite-master el8stream |
OST basic-suite-master and he-basic-suite-master have passed here. |
Anything still missing? |
When Engine CA certificate file is removed and then engine-setup with
certificate renewal is run, engine-setup may fail with the following
error:
[ ERROR ] Failed to execute stage 'Misc configuration': [Errno 2] No such file or directory: '/etc/pki/ovirt-engine/keys/ovn-sdb.key.nopass'
The problem is that
otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn.Plugin._upgrade,
which requires the presence of the OVN keys,
may be run before
otopi.plugins.ovirt_engine_setup.ovirt_engine.pki.ca.Plugin._miscUpgrade,
which generates them if previously asked for that by
otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn.Plugin._misc_pki.
Let’s ensure correct ordering of these three actions and also set up
OVN renewal if self._provider_installed is true, since this condition
is used to check whether
otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn.Plugin._upgrade
should be run.