Hi,
On Tue, Nov 14, 2023 at 11:31 AM <nico...@devels.es> wrote:
> Hi Didi,
>
> Thanks for the reply.
>
> Finally solved it by exporting LANG=C in the shell before running the
> command.
>
> Seems that the "pki-enroll-request.sh" does this check:
>
> LOCK="${PKIDIR}/${CA_FILE}".pem
> df -l "${LOCK}" 2> /dev/null | grep -q "File" || die "${LOCK} is not
> on a local filesystem"
>
> However, if LANG is a different language than C, the output will vary
> and the grep command will return empty.
>
> It's working now. Thanks.
>
Thanks for the update! You might want to push a patch to enforce the
locale for the `df` command (e.g. 'LC_ALL=C df -l...').
There are a few such places scattered around the code, but nothing
systematic -
and I think we do want, in general, to have localized error messages, so
can't
do this "too-high" in the execution hierarchy.
Best regards,
>
> El 2023-11-14 09:12, Yedidyah Bar David escribió:
> > On Tue, Nov 14, 2023 at 10:49 AM <nico...@devels.es> wrote:
> >
> >> Hi,
> >>
> >> We're running oVirt 4.5.4, recently we got this alert:
> >>
> >> Engine's certification is about to expire at 2023-11-19. Please
> >> renew
> >> the engine's certification.
> >>
> >> So I'm trying to run:
> >>
> >> engine-setup --offline
> >>
> >> However, it fails with the following error:
> >>
> >> [ INFO ] Upgrading CA
> >> [ INFO ] Renewing engine certificate
> >> [ ERROR ] Failed to execute stage 'Misc configuration': Command
> >> '/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh' failed to execute
> >>
> >> Digging into the logs I can see this:
> >>
> >> 2023-11-14 08:36:22,848+0000 DEBUG
> >> otopi.plugins.ovirt_engine_setup.ovirt_engine.pki.ca [1]
> >> plugin.execute:926
> >> execute-output: ('/usr/share/ovirt-engine/bin/pki-enroll-
> >> pkcs12.sh',
> >> '--name=engine', '--password=**FILTERED**',
> >> '--subject=/C=US/O=stic.ull.es/CN=fqdn.es [2]', '--san=DNS:fqdn.es
> >> [3]',
> >> '--keep-key') stderr:
> >> Ignoring -days; not generating a certificate
> >> /etc/pki/ovirt-engine/ca.pem is not on a local filesystem
> >> Cannot sign request
> >>
> >> 2023-11-14 08:36:22,849+0000 DEBUG otopi.context
> >> context._executeMethod:145 method exception
> >> Traceback (most recent call last):
> >> File "/usr/lib/python3.6/site-packages/otopi/context.py", line
> >> 132,
> >> in _executeMethod
> >> method['method']()
> >> File
> >>
> >
> "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py",
> >>
> >> line 753, in _miscUpgrade
> >> self._enrollCertificates(True, uninstall_files)
> >> File
> >>
> >
> "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py",
> >>
> >> line 360, in _enrollCertificates
> >> shortLife=entry['shortLife'],
> >> File
> >>
> >
> "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py",
> >>
> >> line 250, in _enrollCertificate
> >> + (('--days=398',) if shortLife else ())
> >> File "/usr/lib/python3.6/site-packages/otopi/plugin.py", line
> >> 931,
> >> in execute
> >> command=args[0],
> >> RuntimeError: Command
> >> '/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh' failed to execute
> >> 2023-11-14 08:36:22,852+0000 ERROR otopi.context
> >> context._executeMethod:154 Failed to execute stage 'Misc
> >> configuration':
> >> Command '/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh' failed to
> >>
> >> execute
> >>
> >> However, the file exists and is on a local filesystem:
> >>
> >> # ll /etc/pki/ovirt-engine/ca.pem
> >> -rw-r--r--. 1 root root 4516 jun 24 2015
> >> /etc/pki/ovirt-engine/ca.pem
> >
> > This does not prove that it's on a local filesystem - can be on nfs,
> > and nfs
> > locking is sometimes problematic, so we prevented that. See
> > pki-enroll-request.sh.
> >
> >> Can someone shed some light about why is this failing and how to
> >> solve
> >> it, please?
> >
> > What output do you get for:
> > df -l /etc/pki/ovirt-engine/ca.pem
> > ?
> >
> > Best regards,--
> > Didi
> >
> >
> > Links:
> > ------
> > [1] http://otopi.plugins.ovirt_engine_setup.ovirt_engine.pki.ca
> > [2] http://stic.ull.es/CN=fqdn.es
> > [3] http://fqdn.es
> _______________________________________________
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/YXTXJIEQRN2ZH77ZSBGW2UARPMYSPEG3/
>
--
Didi
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/HM24AGSKFJIHQYLMXZZG7LXIGPPJIJOU/
