RHV 4.2 - Failed to import provider certificate into the external provider keystore
Issue
When running engine-setup after upgrading a RHV 4.1 installation to RHV 4.2, there is a keystore certificate error:
[ ERROR ] Failed to import provider certificate into the external provider keystore
...
The following commands failed to execute.
Please execute them manually as root:
. /usr/share/ovirt-engine/bin/engine-prolog.sh
export pass="${ENGINE_EXTERNAL_PROVIDERS_TRUST_STORE_PASSWORD}"
keytool -import -alias ovirt-provider-ovn -keystore /var/lib/ovirt-engine/external_truststore -file /etc/pki/ovirt-engine/ca.pem -noprompt -storepass:env pass
Although the setup completes, the above commands need to be run manually to ensure the ovirt-provider-ovn certificate is imported into the keystore.
When running the above commands, an error may be seen:
# . /usr/share/ovirt-engine/bin/engine-prolog.sh
# export pass="${ENGINE_EXTERNAL_PROVIDERS_TRUST_STORE_PASSWORD}"
# keytool -import -alias ovirt-provider-ovn -keystore /var/lib/ovirt-engine/external_truststore -file /etc/pki/ovirt-engine/ca.pem -noprompt -storepass:env pass
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
This means that the trust store password is not correctly identified in the environment.
Environment
- RHV 4.2
- RHV 4.1
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.