Re: Extend apache.cer and websocket-proxy.cer
by LS CHENG
Hi
Yes it is generated with engine-setup.
How do you extend the certificate validation value in engine-setup? (I am
aware that browser can have problems with long duration certificates as
explained in
https://techbeacon.com/security/google-apple-mozilla-enforce-1-year-max-s...
)
Thanks
On Sat, Nov 4, 2023 at 6:39 PM Matej Dujava <ovirt(a)kocurkovo.cz> wrote:
> Hi,
>
> By self signed cert, you mean managed cert generated by ovirt itself
> (engine-setup)?
>
> I found an issue https://bugzilla.redhat.com/show_bug.cgi?id=1824103 where
> it's mentioned that safari (maybe other browsers too) have problem with
> long self signed CA. Of it's not affecting your clients you can change
> values and regenerate cert by engine-setup.
>
> You can always generate SSL cert by hand (openssl or cfssl ...) and
> replace it with following
> https://www.ovirt.org/documentation/administration_guide/#Replacing_the_M...
> .
>
>
> On 4 November 2023 14:18:26 CET, LS CHENG <lsc.oraes(a)gmail.com> wrote:
>
>> Hi again
>>
>> Forgot to mention that I am using self signed certificates
>>
>> Thank you
>>
>>
>>
>> On Sat, Nov 4, 2023 at 2:07 PM LS CHENG <lsc.oraes(a)gmail.com> wrote:
>>
>>> Hi all
>>>
>>> I am running Oracle Linux Virtualization Manager 4.4.
>>>
>>> The default expiration length for apache.cer and websocket-proxy.cer is
>>> 1 year, is there a way to extend them to 10 years?
>>>
>>> Thank you
>>>
>>>
>>>
1 year, 2 months
Extend apache.cer and websocket-proxy.cer
by LS CHENG
Hi all
I am running Oracle Linux Virtualization Manager 4.4.
The default expiration length for apache.cer and websocket-proxy.cer is 1
year, is there a way to extend them to 10 years?
Thank you
1 year, 2 months
Direct LUN I/O errors with SCSI Pass-through enabled
by mgs@ordix.de
Hi,
in our environment (Version 4.4.10.7) we use fibre channel LUNs, which we attach directly to the VMs (as Direct LUN) with VirtIO-SCSI and SCSI pass-through enabled. The virtual machines run an application that requires 4096 as physical_block_size and 512 as logical_block_size. For this reason, we had to enable SCSI pass-through. Only with SCSI pass-through the correct physical_block_size is passed through to the VM.
Now we have the following problem on just about every VM:
Error messages of the following form occur in the VMs (in /var/log/messages):
kernel: blk_update_request: I/O error, dev sdd, sector 352194592 op 0x1:(WRITE) flags 0xc800 phys_seg 16 prio class 0
This error message coincides with a crash of the application. The error message seems to belong to SCSI.
We are currently trying to find an alternative to SCSI pass-through. We want to use VirtIO and somehow pass the physical_block_size. Since the XML files of the VMs are transient, we cannot make any changes there.
Does anyone have an idea what the error could be or how to pass the correct physical_block_size? Could VDSM hooks help with this?
Thank you and regards
Miguel
1 year, 2 months
Affinity Labels in 4.4
by Alan G
Can anyone explain how affinity labels work in 4.4?
I created a label containing a host and a VM. I had assumed that would require the VM to run on that host, but the VM continues to run on any host in the cluster.
I then checked the 4.4 documentation and it says that I need the filters module section of scheduling policy to contain Label, but there's doesn't appear to be a filter called Label.
Am I missing something?
1 year, 2 months
Failed to login: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
by p.olivera@telfy.com
Hi community,
We're encountering the following error when attempting to log in:
Warning alert: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
The certificate is valid until 2027:
[root@engine9 certs]# openssl x509 -subject -noout -dates -in engine.cer
subject=C = US, O = telfy.com, CN = engine9.telfy.com
notBefore=Sep 25 10:18:03 2022 GMT
notAfter=Sep 27 10:18:03 2027 GMT
It's worth noting that our time zone recently switched to GMT+1. Could this change be related to the issue?
Has anyone else experienced this problem, and if so, how was it resolved?
Thank you.
1 year, 2 months
