Hi, On Tue, Nov 14, 2023 at 11:31 AM <nico...@devels.es> wrote:
> Hi Didi, > > Thanks for the reply. > > Finally solved it by exporting LANG=C in the shell before running the > command. > > Seems that the "pki-enroll-request.sh" does this check: > > LOCK="${PKIDIR}/${CA_FILE}".pem > df -l "${LOCK}" 2> /dev/null | grep -q "File" || die "${LOCK} is not > on a local filesystem" > > However, if LANG is a different language than C, the output will vary > and the grep command will return empty. > > It's working now. Thanks. > Thanks for the update! You might want to push a patch to enforce the locale for the `df` command (e.g. 'LC_ALL=C df -l...'). There are a few such places scattered around the code, but nothing systematic - and I think we do want, in general, to have localized error messages, so can't do this "too-high" in the execution hierarchy. Best regards, > > El 2023-11-14 09:12, Yedidyah Bar David escribió: > > On Tue, Nov 14, 2023 at 10:49 AM <nico...@devels.es> wrote: > > > >> Hi, > >> > >> We're running oVirt 4.5.4, recently we got this alert: > >> > >> Engine's certification is about to expire at 2023-11-19. Please > >> renew > >> the engine's certification. > >> > >> So I'm trying to run: > >> > >> engine-setup --offline > >> > >> However, it fails with the following error: > >> > >> [ INFO ] Upgrading CA > >> [ INFO ] Renewing engine certificate > >> [ ERROR ] Failed to execute stage 'Misc configuration': Command > >> '/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh' failed to execute > >> > >> Digging into the logs I can see this: > >> > >> 2023-11-14 08:36:22,848+0000 DEBUG > >> otopi.plugins.ovirt_engine_setup.ovirt_engine.pki.ca [1] > >> plugin.execute:926 > >> execute-output: ('/usr/share/ovirt-engine/bin/pki-enroll- > >> pkcs12.sh', > >> '--name=engine', '--password=**FILTERED**', > >> '--subject=/C=US/O=stic.ull.es/CN=fqdn.es [2]', '--san=DNS:fqdn.es > >> [3]', > >> '--keep-key') stderr: > >> Ignoring -days; not generating a certificate > >> /etc/pki/ovirt-engine/ca.pem is not on a local filesystem > >> Cannot sign request > >> > >> 2023-11-14 08:36:22,849+0000 DEBUG otopi.context > >> context._executeMethod:145 method exception > >> Traceback (most recent call last): > >> File "/usr/lib/python3.6/site-packages/otopi/context.py", line > >> 132, > >> in _executeMethod > >> method['method']() > >> File > >> > > > "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py", > >> > >> line 753, in _miscUpgrade > >> self._enrollCertificates(True, uninstall_files) > >> File > >> > > > "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py", > >> > >> line 360, in _enrollCertificates > >> shortLife=entry['shortLife'], > >> File > >> > > > "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py", > >> > >> line 250, in _enrollCertificate > >> + (('--days=398',) if shortLife else ()) > >> File "/usr/lib/python3.6/site-packages/otopi/plugin.py", line > >> 931, > >> in execute > >> command=args[0], > >> RuntimeError: Command > >> '/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh' failed to execute > >> 2023-11-14 08:36:22,852+0000 ERROR otopi.context > >> context._executeMethod:154 Failed to execute stage 'Misc > >> configuration': > >> Command '/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh' failed to > >> > >> execute > >> > >> However, the file exists and is on a local filesystem: > >> > >> # ll /etc/pki/ovirt-engine/ca.pem > >> -rw-r--r--. 1 root root 4516 jun 24 2015 > >> /etc/pki/ovirt-engine/ca.pem > > > > This does not prove that it's on a local filesystem - can be on nfs, > > and nfs > > locking is sometimes problematic, so we prevented that. See > > pki-enroll-request.sh. > > > >> Can someone shed some light about why is this failing and how to > >> solve > >> it, please? > > > > What output do you get for: > > df -l /etc/pki/ovirt-engine/ca.pem > > ? > > > > Best regards,-- > > Didi > > > > > > Links: > > ------ > > [1] http://otopi.plugins.ovirt_engine_setup.ovirt_engine.pki.ca > > [2] http://stic.ull.es/CN=fqdn.es > > [3] http://fqdn.es > _______________________________________________ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/YXTXJIEQRN2ZH77ZSBGW2UARPMYSPEG3/ > -- Didi
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/HM24AGSKFJIHQYLMXZZG7LXIGPPJIJOU/