[ovirt-users] Re: Engine and host certificates expired

On Wed, Sep 7, 2022 at 12:37 AM <simon(a)justconnect.ie&gt; wrote: > > I tried your 'Try restore old certificates and simply run again engine-setup' but the validation fails with: > --------------------------------------------------------------------------------------------------------------------------------------------------------- > [ ERROR ] It seems that you are running your engine inside of the hosted-engine VM and are not in "Global Maint enance" mode. > In that case you should put the system into the "Global Maintenance" mode before running engine-setup, or the hosted-engine HA agent might kill the machine, which might corrupt your data. > > [ ERROR ] Failed to execute stage 'Setup validation': Hosted Engine setup detected, but Global Maintenance is n ot set. > --------------------------------------------------------------------------------------------------------------------------------------------------------- > even though I have placed it into Global Maintenance mode. > > The problem is that all 3 hosts are currently 'Non Responsive' > > FYI - In another environment where the vdsm certificates had expired on one of 2 clusters, copying the certs from a host in the other cluster allowed the hosts to become responsive so I could 'Enroll certificates'. I guess that the engine failed to notice the move to global maintenance, due to the expired certs. If you are certain that indeed all hosts see that they are in global maintenance - check with 'hosted-engine --vm-status' - you can update the engine DB directly, e.g. with something like: https://lists.ovirt.org/archives/list/users@ovirt.org/thread/7KAHVACMATMW... /usr/share/ovirt-engine/dbscripts/engine-psql.sh -c 'update vds_statistics set ha_global_maintenance=f' If all you want is to enforce engine-setup to skip this check, you can try instead: engine-setup --otopi-environment=OVESETUP_CONFIG/continueSetupOnHEVM=bool:True Good luck and best regards, -- Didi