[ovirt-users] Re: vnc certificate renew
On Fri, May 6, 2022 at 10:44 AM Gianluca Cecchi <gianluca.cecchi(a)gmail.com>
wrote:
On Mon, May 2, 2022 at 6:02 PM <csabany(a)freemail.hu> wrote:
> Hi,
>
> LAst month a renewed our hosts certificates by the "Enroll certificates"
> method.
> The "/etc/pki/vdsm/libvirt-vnc/server-cert.pem" certificate wasn't
> renewed on my nodes (other certificates were).
>
> How can i renew this certificate too?
>
> thanks
> csabany
>
>
Actually I think this could be a bug in enrolling certificate job on hosts
from web admin gui.
I'm having the same problem updating from downstream RHV 4.4.10-6 to
4.4.10-7 with RHV-H hosts and the enrolling of certificates takes in
consideration these directories
/etc/pki/libvirt
/etc/pki/vdsm/certs
/etc/pki/vdsm/libvirt-migrate
/etc/pki/vdsm/libvirt-spice
But not:
/etc/pki/vdsm/libvirt-vnc
I think it could impact oVirt too.
In case Red Hat guys want to see logs of my RHV environment, I've opened
the case 03212406 for this problem.
Gianluca
I forgot to say that the impact in my case is that due to this problem I
can't live migrate VMs between the updated hosts, because the libvirt-vnc
certificate of destination host is now expired...
and in logs of source host I get:
libvirt.libvirtError: internal error: process exited while connecting to
monitor: 2022-05-05T07:31:25.922766Z qemu-kvm: The server certificate
/etc/pki/vdsm/libvirt-vnc/server-cert.pem has expired
Perhaps is due to having graphics protocol: Spice+VNC in VM console
configuration, so both certificates (spice and vnc) are checked before
migration. Not sure
Gianluca
Attachments:
- attachment.html (text/html — 2.5 KB)