On Tue, Apr 20, 2021 at 9:07 PM Bill James <bill.james@j2.com> wrote:
>
> Thank you for reply.
> Notice Enroll cert was done 4/15, but still getting notices.
>
>
> engine.log:
>
> 2021-04-19 20:05:59,922-07 WARN  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engineScheduled-Thread-58) [] EVENT_ID: HOST_CERTIFICATION_IS_ABOUT_TO_EXPIRE(845), Host ovirt1.j2noc.com certification is about to expire at 2021-05-12. Please renew the host's certification.
>
> ..
>
>
>
> 2021-04-15 20:25:47,964-07 INFO  [org.ovirt.engine.core.bll.hostdeploy.HostEnrollCertificateCommand] (default task-3) [6b9b252b-e78a-4f46-983c-58b4162c2818] Running command: HostEnrollCertificateCommand internal: false. Entities affected :  ID: 23d2c0ab-5dd1-43af-9db3-2a426a539faf Type: VDSAction group EDIT_HOST_CONFIGURATION with role type ADMIN
>
> 2021-04-15 20:25:48,004-07 INFO  [org.ovirt.engine.core.bll.hostdeploy.HostEnrollCertificateInternalCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] Running command: HostEnrollCertificateInternalCommand internal: true. Entities affected :  ID: 23d2c0ab-5dd1-43af-9db3-2a426a539faf Type: VDS
>
> 2021-04-15 20:25:48,012-07 INFO  [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] START, SetVdsStatusVDSCommand(HostName = ovirt1.j2noc.com, SetVdsStatusVDSCommandParameters:{hostId='23d2c0ab-5dd1-43af-9db3-2a426a539faf', status='Installing', nonOperationalReason='NONE', stopSpmFailureLogged='false', maintenanceReason='null'}), log id: 2c9a2bff
>
> 2021-04-15 20:25:48,021-07 INFO  [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] FINISH, SetVdsStatusVDSCommand, return: , log id: 2c9a2bff
>
> 2021-04-15 20:25:48,037-07 INFO  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-3) [6b9b252b-e78a-4f46-983c-58b4162c2818] EVENT_ID: HOST_CERTIFICATION_ENROLLMENT_STARTED(880), Enrolling certificate for host ovirt1.j2noc.com was started (User: Bill.James@j2global.com@j2global.com-authz).
>
> 2021-04-15 20:25:48,058-07 INFO  [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] START, SetVdsStatusVDSCommand(HostName = ovirt1.j2noc.com, SetVdsStatusVDSCommandParameters:{hostId='23d2c0ab-5dd1-43af-9db3-2a426a539faf', status='Maintenance', nonOperationalReason='NONE', stopSpmFailureLogged='false', maintenanceReason='null'}), log id: e46428c
>
> 2021-04-15 20:25:48,062-07 INFO  [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] FINISH,
>
>  SetVdsStatusVDSCommand, return: , log id: e46428c
>
> 2021-04-15 20:25:48,069-07 INFO  [org.ovirt.engine.core.common.utils.ansible.AnsibleExecutor] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] Executing Ansible command:  /usr/bin/ansible-playbook --ssh-common-args=-F /var/lib/ovirt-engine/.ssh/config -v --private-key=/etc/pki/ovirt-engine/keys/engine_id_rsa --inventory=/tmp/ansible-inventory8413305606879978005 --extra-vars=ovirt_organizationname="j2noc.com" --extra-vars=ovirt_ca_cert="-----BEGIN CERTIFICATE-----
>
> MIIDrjCCApagAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMCVVMxEjAQBgNVBAoT
>
> CWoybm9jLmNvbTEeMBwGA1UEAxMVb3ZpcnQuajJub2MuY29tLjE4NjU1MB4XDTE2MDUxMjE0NDUz
>
> MloXDTI2MDUxMTE0NDUzMlowQTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCWoybm9jLmNvbTEeMBwG
>
> A1UEAxMVb3ZpcnQuajJub2MuY29tLjE4NjU1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
>
> AQEAvGatrRaRs2lnC/uT2caEij9cAzrYeJvnskCUY/iJoVGZuERDmU0QanvEUIIKlcjAqJsAb3Z4
>
> 4h63RoXNshnvFUP7L0DR2YvfrKWnDV3AlA/rEQ8jwLedGGsvM/AxzTMaSlnlcJYSlJXeQKHEhc84
>
> OTF8k+KalJditE9XWS/Z+OV9T3RcnE5QpBNJDKgg0W42WU4Y2K8r+Jwpso0Ea7YZuMck8GORnQOD
>
> vlQbGvj/6pOBcMyAIeVa0puTFIsGuje0dM7VUYl/DP/2T8kwJJtDM7cgaV94KSUTJbjdBLshWSPI
>
> Jj5LK1s7k3FGqGlPdjiXsbccZ8wUs439HwjMm7C6SQIDAQABo4GvMIGsMB0GA1UdDgQWBBRVi07z
>
> FIlc0PPtHF2JNIljlPnhXzBqBgNVHSMEYzBhgBRVi07zFIlc0PPtHF2JNIljlPnhX6FFpEMwQTEL
>
> MAkGA1UEBhMCVVMxEjAQBgNVBAoTCWoybm9jLmNvbTEeMBwGA1UEAxMVb3ZpcnQuajJub2MuY29t
>
> LjE4NjU1ggIQADAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUF
>
> AAOCAQEAna9CJ3lO1OMMGrINg9L+0DrILXFB7BYdf+x+dbyFkok+GkXWnG9SUuXIRqu5myJUJxPB
>
> cUOdxUvtgqp1ZHQ4noCACk7qcBDUEvkCsPiVqH0ogGuVkHzq8fl+L8VIZDH4cHYt4orhXiziPz8Y
>
> +LQFzP+vgB91pW2fejd2vXOrHEldQmu+IOpy28m4KeP5f1cay8+GcwESBcwnnOssotT14oPmIs2Z
>
> IIqdUyTEF0ILgBlEBOZBs27QhkqEI7ugyQfYosglS2PNTteOPmplapJ85fay+jElgXAIFD3gXSqd
>
> PDGq+9R0ELaIbpx4VloTUgejgKgO4xcx24O6H5F+GDurQg==
>
> -----END CERTIFICATE-----
>
> " --extra-vars=ovirt_san="IP:10.144.110.99" --extra-vars=ovirt_engine_usr="/usr/share/ovirt-engine" --extra-vars=ovirt_vds_hostname="10.144.110.99" --extra-vars=ovirt_pki_dir="/etc/pki/ovirt-engine" --extra-vars=ovirt_signcerttimeoutinseconds="30" --extra-vars=ovirt_ca_key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Zq2tFpGzaWcL+5PZxoSKP1wDOth4m+eyQJRj+ImhUZm4REOZTRBqe8RQggqVyMComwBvdnjiHrdGhc2yGe8VQ/svQNHZi9+spacNXcCUD+sRDyPAt50Yay8z8DHNMxpKWeVwlhKUld5AocSFzzg5MXyT4pqUl2K0T1dZL9n45X1PdFycTlCkE0kMqCDRbjZZThjYryv4nCmyjQRrthm4xyTwY5GdA4O+VBsa+P/qk4FwzIAh5VrSm5MUiwa6N7R0ztVRiX8M//ZPyTAkm0MztyBpX3gpJRMluN0EuyFZI8gmPksrWzuTcUaoaU92OJextxxnzBSzjf0fCMybsLpJ" --extra-vars=ovirt_vdscertificatevalidityinyears="5" /usr/share/ovirt-engine/playbooks/ovirt-host-enroll-certificate.yml [Logfile: /var/log/ovirt-engine/host-deploy/ovirt-enroll-certs-ansible-20210415202548-10.144.110.99-6b9b252b-e78a-4f46-983c-58b4162c2818.log]
>
>
>
> ovirt-enroll-certs-ansible-20210415202548-10.144.110.99-6b9b252b-e78a-4f46-983c-58b4162c2818.log attached.
>
>
>
> On Mon, Apr 19, 2021 at 10:37 PM Yedidyah Bar David <didi@redhat.com> wrote:
>>
>> On Mon, Apr 19, 2021 at 8:15 PM Bill James <bill.james@j2.com> wrote:
>> >
>> > I get this message from ovirt:
>> > Message:Host <hostname> certification is about to expire at 2021-05-12. Please renew the host's certification.
>> >
>> > I tried putting host in maintenance mode and running "enroll certificate". Didn't help.
>>
>> Please check/share relevant logs (on the engine machine) -
>> /var/log/ovirt-engine/engine.log and
>> /var/log/ovirt-engine/host-deploy/* . Thanks.
>>
>> >
>> > How do I renew the certificate?
>>
>> 'Enroll Certificate' should have worked. In principle you can also try
>> 'Reinstall', which is not that much more drastic than 'Enroll
>> Certificate' on a working host, but does do a bit more.

I think "Enroll Certificate" does not restart vdsm, but vdsm probably
only reads the new cert on startup. So perhaps try to put the host to
maintenance and 'systemctl restart vdsmd' (or just reboot).

Best regards,
--
Didi