Installing Red Hat Virtualization as a FIPS standalone Manager fails during certification enrollment

Solution Verified - Updated -

Issue

Installing RHV in FIPS mode as a standalone Manager fails with following error during engine-setup

RuntimeError: Command '/usr/share/ovirt-engine/bin/pki-create-ca.sh' failed to execute

In the ovirt-engine-setup log is possible to see following error

DEBUG otopi.plugins.ovirt_engine_setup.ovirt_engine.pki.ca plugin.execute:921 execute-output: ('/usr/share/ovirt-engine/bin/pki-create-ca.sh', '--subject=/C=US/O=test.out.xxx.xxx/OU=qemu/CN=xxx.xxx.xxx.xxx.xxx.73406', '--keystore-password=**FILTERED**', '--ca-file=qemu-ca') stdout:
keytool error: java.lang.Exception: Keystore file exists, but is empty: /etc/pki/ovirt-engine/.truststore
Keystore import failed

2021-02-25 23:26:53,802+0100 DEBUG otopi.context context._executeMethod:145 method exception
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/otopi/context.py", line 132, in _executeMethod
    method['method']()
  File "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py", line 854, in _create_qemu_ca
    'qemu'
  File "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/pki/ca.py", line 915, in _create_ca
    oengcommcons.ConfigEnv.JAVA_HOME
  File "/usr/lib/python3.6/site-packages/otopi/plugin.py", line 931, in execute
    command=args[0],
RuntimeError: Command '/usr/share/ovirt-engine/bin/pki-create-ca.sh' failed to execute

Environment

  • Red Hat Virtualization 4.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In