Installing Red Hat Virtualization as a FIPS standalone Manager fails during certification enrollment

Solution Verified - Updated -

Issue

Installing RHV in FIPS mode as a standalone Manager fails with following error during engine-setup

RuntimeError: Command '/usr/share/ovirt-engine/bin/pki-create-ca.sh' failed to execute

In the ovirt-engine-setup log is possible to see following error

DEBUG otopi.plugins.ovirt_engine_setup.ovirt_engine.pki.ca plugin.execute:921 execute-output: ('/usr/share/ovirt-engine/bin/pki-create-ca.sh', '--subject=/C=US/O=test.out.xxx.xxx/OU=qemu/CN=xxx.xxx.xxx.xxx.xxx.73406', '--keystore-password=**FILTERED**', '--ca-file=qemu-ca') stdout:
keytool error: java.lang.Exception: Keystore file exists, but is empty: /etc/pki/ovirt-engine/.truststore
Keystore import failed

2021-02-25 23:26:53,802+0100 DEBUG otopi.context context._executeMethod:145 method exception
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/otopi/context.py", line 132, in _executeMethod
    method['method']()
  File "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py", line 854, in _create_qemu_ca
    'qemu'
  File "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py", line 915, in _create_ca
    oengcommcons.ConfigEnv.JAVA_HOME
  File "/usr/lib/python3.6/site-packages/otopi/plugin.py", line 931, in execute
    command=args[0],
RuntimeError: Command '/usr/share/ovirt-engine/bin/pki-create-ca.sh' failed to execute

Environment

  • Red Hat Virtualization 4.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content