[ovirt-users] Re: host certification is about to expire

Thank you for reply. Notice Enroll cert was done 4/15, but still getting notices. engine.log: 2021-04-19 20:05:59,922-07 WARN [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engineScheduled-Thread-58) [] EVENT_ID: HOST_CERTIFICATION_IS_ABOUT_TO_EXPIRE(845), Host ovirt1.j2noc.com certification is about to expire at 2021-05-12. Please renew the host's certification. .. 2021-04-15 20:25:47,964-07 INFO [org.ovirt.engine.core.bll.hostdeploy.HostEnrollCertificateCommand] (default task-3) [6b9b252b-e78a-4f46-983c-58b4162c2818] Running command: HostEnrollCertificateCommand internal: false. Entities affected : ID: 23d2c0ab-5dd1-43af-9db3-2a426a539faf Type: VDSAction group EDIT_HOST_CONFIGURATION with role type ADMIN 2021-04-15 20:25:48,004-07 INFO [org.ovirt.engine.core.bll.hostdeploy.HostEnrollCertificateInternalCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] Running command: HostEnrollCertificateInternalCommand internal: true. Entities affected : ID: 23d2c0ab-5dd1-43af-9db3-2a426a539faf Type: VDS 2021-04-15 20:25:48,012-07 INFO [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] START, SetVdsStatusVDSCommand(HostName = ovirt1.j2noc.com, SetVdsStatusVDSCommandParameters:{hostId='23d2c0ab-5dd1-43af-9db3-2a426a539faf', status='Installing', nonOperationalReason='NONE', stopSpmFailureLogged='false', maintenanceReason='null'}), log id: 2c9a2bff 2021-04-15 20:25:48,021-07 INFO [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] FINISH, SetVdsStatusVDSCommand, return: , log id: 2c9a2bff 2021-04-15 20:25:48,037-07 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-3) [6b9b252b-e78a-4f46-983c-58b4162c2818] EVENT_ID: HOST_CERTIFICATION_ENROLLMENT_STARTED(880), Enrolling certificate for host ovirt1.j2noc.com was started (User: Bill.James@j2global.com(a)j2global.com-authz). 2021-04-15 20:25:48,058-07 INFO [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] START, SetVdsStatusVDSCommand(HostName = ovirt1.j2noc.com, SetVdsStatusVDSCommandParameters:{hostId='23d2c0ab-5dd1-43af-9db3-2a426a539faf', status='Maintenance', nonOperationalReason='NONE', stopSpmFailureLogged='false', maintenanceReason='null'}), log id: e46428c 2021-04-15 20:25:48,062-07 INFO [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] FINISH, SetVdsStatusVDSCommand, return: , log id: e46428c 2021-04-15 20:25:48,069-07 INFO [org.ovirt.engine.core.common.utils.ansible.AnsibleExecutor] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] Executing Ansible command: /usr/bin/ansible-playbook --ssh-common-args=-F /var/lib/ovirt-engine/.ssh/config -v --private-key=/etc/pki/ovirt-engine/keys/engine_id_rsa --inventory=/tmp/ansible-inventory8413305606879978005 --extra-vars=ovirt_organizationname="j2noc.com" --extra-vars=ovirt_ca_cert="-----BEGIN CERTIFICATE----- MIIDrjCCApagAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMCVVMxEjAQBgNVBAoT CWoybm9jLmNvbTEeMBwGA1UEAxMVb3ZpcnQuajJub2MuY29tLjE4NjU1MB4XDTE2MDUxMjE0NDUz MloXDTI2MDUxMTE0NDUzMlowQTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCWoybm9jLmNvbTEeMBwG A1UEAxMVb3ZpcnQuajJub2MuY29tLjE4NjU1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAvGatrRaRs2lnC/uT2caEij9cAzrYeJvnskCUY/iJoVGZuERDmU0QanvEUIIKlcjAqJsAb3Z4 4h63RoXNshnvFUP7L0DR2YvfrKWnDV3AlA/rEQ8jwLedGGsvM/AxzTMaSlnlcJYSlJXeQKHEhc84 OTF8k+KalJditE9XWS/Z+OV9T3RcnE5QpBNJDKgg0W42WU4Y2K8r+Jwpso0Ea7YZuMck8GORnQOD vlQbGvj/6pOBcMyAIeVa0puTFIsGuje0dM7VUYl/DP/2T8kwJJtDM7cgaV94KSUTJbjdBLshWSPI Jj5LK1s7k3FGqGlPdjiXsbccZ8wUs439HwjMm7C6SQIDAQABo4GvMIGsMB0GA1UdDgQWBBRVi07z FIlc0PPtHF2JNIljlPnhXzBqBgNVHSMEYzBhgBRVi07zFIlc0PPtHF2JNIljlPnhX6FFpEMwQTEL MAkGA1UEBhMCVVMxEjAQBgNVBAoTCWoybm9jLmNvbTEeMBwGA1UEAxMVb3ZpcnQuajJub2MuY29t LjE4NjU1ggIQADAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUF AAOCAQEAna9CJ3lO1OMMGrINg9L+0DrILXFB7BYdf+x+dbyFkok+GkXWnG9SUuXIRqu5myJUJxPB cUOdxUvtgqp1ZHQ4noCACk7qcBDUEvkCsPiVqH0ogGuVkHzq8fl+L8VIZDH4cHYt4orhXiziPz8Y +LQFzP+vgB91pW2fejd2vXOrHEldQmu+IOpy28m4KeP5f1cay8+GcwESBcwnnOssotT14oPmIs2Z IIqdUyTEF0ILgBlEBOZBs27QhkqEI7ugyQfYosglS2PNTteOPmplapJ85fay+jElgXAIFD3gXSqd PDGq+9R0ELaIbpx4VloTUgejgKgO4xcx24O6H5F+GDurQg== -----END CERTIFICATE----- " --extra-vars=ovirt_san="IP:10.144.110.99" --extra-vars=ovirt_engine_usr="/usr/share/ovirt-engine" --extra-vars=ovirt_vds_hostname="10.144.110.99" --extra-vars=ovirt_pki_dir="/etc/pki/ovirt-engine" --extra-vars=ovirt_signcerttimeoutinseconds="30" --extra-vars=ovirt_ca_key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Zq2tFpGzaWcL+5PZxoSKP1wDOth4m+eyQJRj+ImhUZm4REOZTRBqe8RQggqVyMComwBvdnjiHrdGhc2yGe8VQ/svQNHZi9+spacNXcCUD+sRDyPAt50Yay8z8DHNMxpKWeVwlhKUld5AocSFzzg5MXyT4pqUl2K0T1dZL9n45X1PdFycTlCkE0kMqCDRbjZZThjYryv4nCmyjQRrthm4xyTwY5GdA4O+VBsa+P/qk4FwzIAh5VrSm5MUiwa6N7R0ztVRiX8M//ZPyTAkm0MztyBpX3gpJRMluN0EuyFZI8gmPksrWzuTcUaoaU92OJextxxnzBSzjf0fCMybsLpJ" --extra-vars=ovirt_vdscertificatevalidityinyears="5" /usr/share/ovirt-engine/playbooks/ovirt-host-enroll-certificate.yml [Logfile: /var/log/ovirt-engine/host-deploy/ovirt-enroll-certs-ansible-20210415202548-10.144.110.99-6b9b252b-e78a-4f46-983c-58b4162c2818.log] ovirt-enroll-certs-ansible-20210415202548-10.144.110.99-6b9b252b-e78a-4f46-983c-58b4162c2818.log attached. On Mon, Apr 19, 2021 at 10:37 PM Yedidyah Bar David <didi(a)redhat.com&gt; wrote: > > On Mon, Apr 19, 2021 at 8:15 PM Bill James <bill.james(a)j2.com&gt; wrote: > > > > I get this message from ovirt: > > Message:Host <hostname> certification is about to expire at 2021-05-12. Please renew the host's certification. > > > > I tried putting host in maintenance mode and running "enroll certificate". Didn't help. > > Please check/share relevant logs (on the engine machine) - > /var/log/ovirt-engine/engine.log and > /var/log/ovirt-engine/host-deploy/* . Thanks. > > > > > How do I renew the certificate? > > 'Enroll Certificate' should have worked. In principle you can also try > 'Reinstall', which is not that much more drastic than 'Enroll > Certificate' on a working host, but does do a bit more.