[VDSM] Started getting virNetTLSContextCheckCertTimes:154 : The server certificate /etc/pki/vdsm/certs/vdsmcert.pem has expired
6:16 p.m.
Hi,
I have a VM which acts as an oVirt host with VDSM installed. I use it for
testing without connecting it to Engine.
Recently VDSM fails to come up and I see this error:
Sep 26 17:58:18 localhost libvirtd: 2018-09-26 14:58:18.978+0000: 12176:
error : virNetTLSContextCheckCertTimes:154 : The server certificate
/etc/pki/vdsm/certs/vdsmcert.pem has expired
Any hint on how to generate or fetch a new certificate without the help of
Engine?
Thanks,
Edy.
6:34 p.m.
I should have known better.
Deleting /etc/pki/vdsm and re-installing VDSM solved it.
There is probably a smarter/simpler way to do this (delete the folder and
run 'vdsm-tool configure --force'?).
Thanks,
Edy.
On Wed, Sep 26, 2018 at 6:16 PM Edward Haas <ehaas(a)redhat.com> wrote:
Hi,
I have a VM which acts as an oVirt host with VDSM installed. I use it for
testing without connecting it to Engine.
Recently VDSM fails to come up and I see this error:
Sep 26 17:58:18 localhost libvirtd: 2018-09-26 14:58:18.978+0000: 12176:
error : virNetTLSContextCheckCertTimes:154 : The server certificate
/etc/pki/vdsm/certs/vdsmcert.pem has expired
Any hint on how to generate or fetch a new certificate without the help of
Engine?
Thanks,
Edy.
7:42 p.m.
New subject: [VDSM] Started getting virNetTLSContextCheckCertTimes:154 : The server certificate /etc/pki/vdsm/certs/vdsmcert.pem has expired
On Wed, Sep 26, 2018 at 6:35 PM Edward Haas <ehaas(a)redhat.com> wrote:
I should have known better.
Deleting /etc/pki/vdsm and re-installing VDSM solved it.
There is probably a smarter/simpler way to do this (delete the folder and
run 'vdsm-tool configure --force'?).
yes, more specifically: `vdsm-tool configure --module certificates`
Thanks,
Edy.
On Wed, Sep 26, 2018 at 6:16 PM Edward Haas <ehaas(a)redhat.com> wrote:
> Hi,
>
> I have a VM which acts as an oVirt host with VDSM installed. I use it for
> testing without connecting it to Engine.
>
> Recently VDSM fails to come up and I see this error:
> Sep 26 17:58:18 localhost libvirtd: 2018-09-26 14:58:18.978+0000: 12176:
> error : virNetTLSContextCheckCertTimes:154 : The server certificate
> /etc/pki/vdsm/certs/vdsmcert.pem has expired
>
Congratulations, you've been using the same deployment for a year!
> Any hint on how to generate or fetch a new certificate without
the help
> of Engine?
>
> Thanks,
> Edy.
>
_______________________________________________
Devel mailing list -- devel(a)ovirt.org
To unsubscribe send an email to devel-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/devel@ovirt.org/message/MLAYDC74DYM...
12:31 a.m.
New subject: [VDSM] Started getting virNetTLSContextCheckCertTimes:154 : The server certificate /etc/pki/vdsm/certs/vdsmcert.pem has expired
On 26 Sep 2018, at 19:42, Dan Kenigsberg <danken(a)redhat.com>
wrote:
> On Wed, Sep 26, 2018 at 6:35 PM Edward Haas <ehaas(a)redhat.com> wrote:
> I should have known better.
> Deleting /etc/pki/vdsm and re-installing VDSM solved it.
>
> There is probably a smarter/simpler way to do this (delete the folder and run
'vdsm-tool configure --force'?).
yes, more specifically: `vdsm-tool configure --module certificates`
I would expect running it or the other general version to replace the existing expired
certificate.
At the minimum it should check and tell me what should I do.
>
> Thanks,
> Edy.
>
>> On Wed, Sep 26, 2018 at 6:16 PM Edward Haas <ehaas(a)redhat.com> wrote:
>> Hi,
>>
>> I have a VM which acts as an oVirt host with VDSM installed. I use it for testing
without connecting it to Engine.
>>
>> Recently VDSM fails to come up and I see this error:
>> Sep 26 17:58:18 localhost libvirtd: 2018-09-26 14:58:18.978+0000: 12176: error :
virNetTLSContextCheckCertTimes:154 : The server certificate
/etc/pki/vdsm/certs/vdsmcert.pem has expired
Congratulations, you've been using the same deployment for a year!
I’m pretty sure I never had to delete that folder until now. Vdsm is built, installed and
removed in an endless loop on a regular basis (including the configured part).
>>
>> Any hint on how to generate or fetch a new certificate without the help of
Engine?
>>
>> Thanks,
>> Edy.
> _______________________________________________
> Devel mailing list -- devel(a)ovirt.org
> To unsubscribe send an email to devel-leave(a)ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
https://lists.ovirt.org/archives/list/devel@ovirt.org/message/MLAYDC74DYM...
12:51 a.m.
New subject: [VDSM] Started getting virNetTLSContextCheckCertTimes:154 : The server certificate /etc/pki/vdsm/certs/vdsmcert.pem has expired
On Thu, Sep 27, 2018 at 12:31 AM Edward Haas <ehaas(a)redhat.com> wrote:
On 26 Sep 2018, at 19:42, Dan Kenigsberg <danken(a)redhat.com> wrote:
On Wed, Sep 26, 2018 at 6:35 PM Edward Haas <ehaas(a)redhat.com> wrote:
>
> I should have known better.
> Deleting /etc/pki/vdsm and re-installing VDSM solved it.
>
> There is probably a smarter/simpler way to do this (delete the folder and run
'vdsm-tool configure --force'?).
yes, more specifically: `vdsm-tool configure --module certificates`
I would expect running it or the other general version to replace the existing expired
certificate.
It would be wrong to replace an expired production certificate with a
stupid self-signed one (which is what `configure`) does, and only for
devel/testing/bootstrapping purposes.
At the minimum it should check and tell me what should I do.
lib/vdsm/tool/configurators/certificates.py
https://xenoterracide.com/post/dont-say-patches-welcome/
>
>
>>
>> Thanks,
>> Edy.
>>
>> On Wed, Sep 26, 2018 at 6:16 PM Edward Haas <ehaas(a)redhat.com> wrote:
>>>
>>> Hi,
>>>
>>> I have a VM which acts as an oVirt host with VDSM installed. I use it for
testing without connecting it to Engine.
>>>
>>> Recently VDSM fails to come up and I see this error:
>>> Sep 26 17:58:18 localhost libvirtd: 2018-09-26 14:58:18.978+0000: 12176:
error : virNetTLSContextCheckCertTimes:154 : The server certificate
/etc/pki/vdsm/certs/vdsmcert.pem has expired
>
>
> Congratulations, you've been using the same deployment for a year!
>
>
> I’m pretty sure I never had to delete that folder until now. Vdsm is built, installed
and removed in an endless loop on a regular basis (including the configured part).
>
>
>>>
>>> Any hint on how to generate or fetch a new certificate without the help of
Engine?
>>>
>>> Thanks,
>>> Edy.
>>
>> _______________________________________________
>> Devel mailing list -- devel(a)ovirt.org
>> To unsubscribe send an email to devel-leave(a)ovirt.org
>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
>> oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
https://lists.ovirt.org/archives/list/devel@ovirt.org/message/MLAYDC74DYM...
6:57 p.m.
New subject: [VDSM] Started getting virNetTLSContextCheckCertTimes:154 : The server certificate /etc/pki/vdsm/certs/vdsmcert.pem has expired
For anyone in the future looking for this solution, look at my post in this other thread:
https://lists.ovirt.org/archives/list/users@ovirt.org/thread/JEW5WIRD67WM...
Full credit to the poster before me there that was the final step to finding what I needed
to make it work for us!
318
days inactive
2251
days old
5 comments
3 participants
participants (3)
-
Dan Kenigsberg -
Edward Haas -
mikedoug@certida.com