Installing Red Hat Virtualization as a FIPS standalone Manager fails during certification enrollment
Issue
Installing RHV in FIPS mode as a standalone Manager fails with following error during engine-setup
RuntimeError: Command '/usr/share/ovirt-engine/bin/pki-create-ca.sh' failed to execute
In the ovirt-engine-setup
log is possible to see following error
DEBUG otopi.plugins.ovirt_engine_setup.ovirt_engine.pki.ca plugin.execute:921 execute-output: ('/usr/share/ovirt-engine/bin/pki-create-ca.sh', '--subject=/C=US/O=test.out.xxx.xxx/OU=qemu/CN=xxx.xxx.xxx.xxx.xxx.73406', '--keystore-password=**FILTERED**', '--ca-file=qemu-ca') stdout:
keytool error: java.lang.Exception: Keystore file exists, but is empty: /etc/pki/ovirt-engine/.truststore
Keystore import failed
2021-02-25 23:26:53,802+0100 DEBUG otopi.context context._executeMethod:145 method exception
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/otopi/context.py", line 132, in _executeMethod
method['method']()
File "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py", line 854, in _create_qemu_ca
'qemu'
File "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py", line 915, in _create_ca
oengcommcons.ConfigEnv.JAVA_HOME
File "/usr/lib/python3.6/site-packages/otopi/plugin.py", line 931, in execute
command=args[0],
RuntimeError: Command '/usr/share/ovirt-engine/bin/pki-create-ca.sh' failed to execute
Environment
- Red Hat Virtualization 4.4
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.