RHV 4.2 - Failed to import provider certificate into the external provider keystore

Solution Verified - Updated -

Issue

When running engine-setup after upgrading a RHV 4.1 installation to RHV 4.2, there is a keystore certificate error:

[ ERROR ] Failed to import provider certificate into the external provider keystore

...

          The following commands failed to execute.
          Please execute them manually as root:
             . /usr/share/ovirt-engine/bin/engine-prolog.sh
              export pass="${ENGINE_EXTERNAL_PROVIDERS_TRUST_STORE_PASSWORD}"
              keytool -import -alias ovirt-provider-ovn -keystore /var/lib/ovirt-engine/external_truststore -file /etc/pki/ovirt-engine/ca.pem -noprompt -storepass:env pass

Although the setup completes, the above commands need to be run manually to ensure the ovirt-provider-ovn certificate is imported into the keystore.

When running the above commands, an error may be seen:

# . /usr/share/ovirt-engine/bin/engine-prolog.sh
# export pass="${ENGINE_EXTERNAL_PROVIDERS_TRUST_STORE_PASSWORD}"
# keytool -import -alias ovirt-provider-ovn -keystore /var/lib/ovirt-engine/external_truststore -file /etc/pki/ovirt-engine/ca.pem -noprompt -storepass:env pass
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

This means that the trust store password is not correctly identified in the environment.

Environment

  • RHV 4.2
  • RHV 4.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content