5:25 p.m.
restarting vdsmd did the trick, thank you!
On Tue, Apr 20, 2021 at 11:58 PM Yedidyah Bar David <didi(a)redhat.com> wrote:
On Tue, Apr 20, 2021 at 9:07 PM Bill James <bill.james(a)j2.com>
wrote:
>
> Thank you for reply.
> Notice Enroll cert was done 4/15, but still getting notices.
>
>
> engine.log:
>
> 2021-04-19 20:05:59,922-07 WARN
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(EE-ManagedThreadFactory-engineScheduled-Thread-58) [] EVENT_ID:
HOST_CERTIFICATION_IS_ABOUT_TO_EXPIRE(845), Host ovirt1.j2noc.com
certification is about to expire at 2021-05-12. Please renew the host's
certification.
>
> ..
>
>
>
> 2021-04-15 20:25:47,964-07 INFO
[org.ovirt.engine.core.bll.hostdeploy.HostEnrollCertificateCommand]
(default task-3) [6b9b252b-e78a-4f46-983c-58b4162c2818] Running command:
HostEnrollCertificateCommand internal: false. Entities affected : ID:
23d2c0ab-5dd1-43af-9db3-2a426a539faf Type: VDSAction group
EDIT_HOST_CONFIGURATION with role type ADMIN
>
> 2021-04-15 20:25:48,004-07 INFO
[org.ovirt.engine.core.bll.hostdeploy.HostEnrollCertificateInternalCommand]
(EE-ManagedThreadFactory-commandCoordinator-Thread-1)
[6b9b252b-e78a-4f46-983c-58b4162c2818] Running command:
HostEnrollCertificateInternalCommand internal: true. Entities affected :
ID: 23d2c0ab-5dd1-43af-9db3-2a426a539faf Type: VDS
>
> 2021-04-15 20:25:48,012-07 INFO
[org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand]
(EE-ManagedThreadFactory-commandCoordinator-Thread-1)
[6b9b252b-e78a-4f46-983c-58b4162c2818] START,
SetVdsStatusVDSCommand(HostName = ovirt1.j2noc.com,
SetVdsStatusVDSCommandParameters:{hostId='23d2c0ab-5dd1-43af-9db3-2a426a539faf',
status='Installing', nonOperationalReason='NONE',
stopSpmFailureLogged='false', maintenanceReason='null'}), log id:
2c9a2bff
>
> 2021-04-15 20:25:48,021-07 INFO
[org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand]
(EE-ManagedThreadFactory-commandCoordinator-Thread-1)
[6b9b252b-e78a-4f46-983c-58b4162c2818] FINISH, SetVdsStatusVDSCommand,
return: , log id: 2c9a2bff
>
> 2021-04-15 20:25:48,037-07 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-3) [6b9b252b-e78a-4f46-983c-58b4162c2818] EVENT_ID:
HOST_CERTIFICATION_ENROLLMENT_STARTED(880), Enrolling certificate for host
ovirt1.j2noc.com was started (User: Bill.James(a)j2global.com
@j2global.com-authz).
>
> 2021-04-15 20:25:48,058-07 INFO
[org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand]
(EE-ManagedThreadFactory-commandCoordinator-Thread-1)
[6b9b252b-e78a-4f46-983c-58b4162c2818] START,
SetVdsStatusVDSCommand(HostName = ovirt1.j2noc.com,
SetVdsStatusVDSCommandParameters:{hostId='23d2c0ab-5dd1-43af-9db3-2a426a539faf',
status='Maintenance', nonOperationalReason='NONE',
stopSpmFailureLogged='false', maintenanceReason='null'}), log id:
e46428c
>
> 2021-04-15 20:25:48,062-07 INFO
[org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand]
(EE-ManagedThreadFactory-commandCoordinator-Thread-1)
[6b9b252b-e78a-4f46-983c-58b4162c2818] FINISH,
>
> SetVdsStatusVDSCommand, return: , log id: e46428c
>
> 2021-04-15 20:25:48,069-07 INFO
[org.ovirt.engine.core.common.utils.ansible.AnsibleExecutor]
(EE-ManagedThreadFactory-commandCoordinator-Thread-1)
[6b9b252b-e78a-4f46-983c-58b4162c2818] Executing Ansible command:
/usr/bin/ansible-playbook --ssh-common-args=-F
/var/lib/ovirt-engine/.ssh/config -v
--private-key=/etc/pki/ovirt-engine/keys/engine_id_rsa
--inventory=/tmp/ansible-inventory8413305606879978005
--extra-vars=ovirt_organizationname="j2noc.com"
--extra-vars=ovirt_ca_cert="-----BEGIN CERTIFICATE-----
>
>
MIIDrjCCApagAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMCVVMxEjAQBgNVBAoT
>
>
CWoybm9jLmNvbTEeMBwGA1UEAxMVb3ZpcnQuajJub2MuY29tLjE4NjU1MB4XDTE2MDUxMjE0NDUz
>
>
MloXDTI2MDUxMTE0NDUzMlowQTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCWoybm9jLmNvbTEeMBwG
>
>
A1UEAxMVb3ZpcnQuajJub2MuY29tLjE4NjU1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
>
>
AQEAvGatrRaRs2lnC/uT2caEij9cAzrYeJvnskCUY/iJoVGZuERDmU0QanvEUIIKlcjAqJsAb3Z4
>
>
4h63RoXNshnvFUP7L0DR2YvfrKWnDV3AlA/rEQ8jwLedGGsvM/AxzTMaSlnlcJYSlJXeQKHEhc84
>
>
OTF8k+KalJditE9XWS/Z+OV9T3RcnE5QpBNJDKgg0W42WU4Y2K8r+Jwpso0Ea7YZuMck8GORnQOD
>
>
vlQbGvj/6pOBcMyAIeVa0puTFIsGuje0dM7VUYl/DP/2T8kwJJtDM7cgaV94KSUTJbjdBLshWSPI
>
>
Jj5LK1s7k3FGqGlPdjiXsbccZ8wUs439HwjMm7C6SQIDAQABo4GvMIGsMB0GA1UdDgQWBBRVi07z
>
>
FIlc0PPtHF2JNIljlPnhXzBqBgNVHSMEYzBhgBRVi07zFIlc0PPtHF2JNIljlPnhX6FFpEMwQTEL
>
>
MAkGA1UEBhMCVVMxEjAQBgNVBAoTCWoybm9jLmNvbTEeMBwGA1UEAxMVb3ZpcnQuajJub2MuY29t
>
>
LjE4NjU1ggIQADAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUF
>
>
AAOCAQEAna9CJ3lO1OMMGrINg9L+0DrILXFB7BYdf+x+dbyFkok+GkXWnG9SUuXIRqu5myJUJxPB
>
>
cUOdxUvtgqp1ZHQ4noCACk7qcBDUEvkCsPiVqH0ogGuVkHzq8fl+L8VIZDH4cHYt4orhXiziPz8Y
>
>
+LQFzP+vgB91pW2fejd2vXOrHEldQmu+IOpy28m4KeP5f1cay8+GcwESBcwnnOssotT14oPmIs2Z
>
>
IIqdUyTEF0ILgBlEBOZBs27QhkqEI7ugyQfYosglS2PNTteOPmplapJ85fay+jElgXAIFD3gXSqd
>
> PDGq+9R0ELaIbpx4VloTUgejgKgO4xcx24O6H5F+GDurQg==
>
> -----END CERTIFICATE-----
>
> " --extra-vars=ovirt_san="IP:10.144.110.99"
--extra-vars=ovirt_engine_usr="/usr/share/ovirt-engine"
--extra-vars=ovirt_vds_hostname="10.144.110.99"
--extra-vars=ovirt_pki_dir="/etc/pki/ovirt-engine"
--extra-vars=ovirt_signcerttimeoutinseconds="30"
--extra-vars=ovirt_ca_key="ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Zq2tFpGzaWcL+5PZxoSKP1wDOth4m+eyQJRj+ImhUZm4REOZTRBqe8RQggqVyMComwBvdnjiHrdGhc2yGe8VQ/svQNHZi9+spacNXcCUD+sRDyPAt50Yay8z8DHNMxpKWeVwlhKUld5AocSFzzg5MXyT4pqUl2K0T1dZL9n45X1PdFycTlCkE0kMqCDRbjZZThjYryv4nCmyjQRrthm4xyTwY5GdA4O+VBsa+P/qk4FwzIAh5VrSm5MUiwa6N7R0ztVRiX8M//ZPyTAkm0MztyBpX3gpJRMluN0EuyFZI8gmPksrWzuTcUaoaU92OJextxxnzBSzjf0fCMybsLpJ"
--extra-vars=ovirt_vdscertificatevalidityinyears="5"
/usr/share/ovirt-engine/playbooks/ovirt-host-enroll-certificate.yml
[Logfile:
/var/log/ovirt-engine/host-deploy/ovirt-enroll-certs-ansible-20210415202548-10.144.110.99-6b9b252b-e78a-4f46-983c-58b4162c2818.log]
>
>
>
>
ovirt-enroll-certs-ansible-20210415202548-10.144.110.99-6b9b252b-e78a-4f46-983c-58b4162c2818.log
attached.
>
>
>
> On Mon, Apr 19, 2021 at 10:37 PM Yedidyah Bar David <didi(a)redhat.com>
wrote:
>>
>> On Mon, Apr 19, 2021 at 8:15 PM Bill James <bill.james(a)j2.com> wrote:
>> >
>> > I get this message from ovirt:
>> > Message:Host <hostname> certification is about to expire at
2021-05-12. Please renew the host's certification.
>> >
>> > I tried putting host in maintenance mode and running "enroll
certificate". Didn't help.
>>
>> Please check/share relevant logs (on the engine machine) -
>> /var/log/ovirt-engine/engine.log and
>> /var/log/ovirt-engine/host-deploy/* . Thanks.
>>
>> >
>> > How do I renew the certificate?
>>
>> 'Enroll Certificate' should have worked. In principle you can also try
>> 'Reinstall', which is not that much more drastic than 'Enroll
>> Certificate' on a working host, but does do a bit more.
I think "Enroll Certificate" does not restart vdsm, but vdsm probably
only reads the new cert on startup. So perhaps try to put the host to
maintenance and 'systemctl restart vdsmd' (or just reboot).
Best regards,
--
Didi
--
This email, its contents and attachments contain information from J2
Global, Inc. and/or its affiliates which may be privileged, confidential or
otherwise protected from disclosure. The information is intended to be for
the addressee(s) only. If you are not an addressee, any disclosure, copy,
distribution or use of the contents of this message is prohibited. If you
have received this email in error, please notify the sender by reply email
and delete the original message and any copies.