RHV 4.2 - Failed to import provider certificate into the external provider keystore

Solution Verified - Updated -

Issue

When running engine-setup after upgrading a RHV 4.1 installation to RHV 4.2, there is a keystore certificate error:

[ ERROR ] Failed to import provider certificate into the external provider keystore

...

          The following commands failed to execute.
          Please execute them manually as root:
             . /usr/share/ovirt-engine/bin/engine-prolog.sh
              export pass="${ENGINE_EXTERNAL_PROVIDERS_TRUST_STORE_PASSWORD}"
              keytool -import -alias ovirt-provider-ovn -keystore /var/lib/ovirt-engine/external_truststore -file /etc/pki/ovirt-engine/ca.pem -noprompt -storepass:env pass

Although the setup completes, the above commands need to be run manually to ensure the ovirt-provider-ovn certificate is imported into the keystore.

When running the above commands, an error may be seen:

# . /usr/share/ovirt-engine/bin/engine-prolog.sh
# export pass="${ENGINE_EXTERNAL_PROVIDERS_TRUST_STORE_PASSWORD}"
# keytool -import -alias ovirt-provider-ovn -keystore /var/lib/ovirt-engine/external_truststore -file /etc/pki/ovirt-engine/ca.pem -noprompt -storepass:env pass
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

This means that the trust store password is not correctly identified in the environment.

Environment

  • RHV 4.2
  • RHV 4.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In