solved
reloaded libvirtd on servers involved in certificate renewal
thanks

чт, 8 сент. 2022 г. в 17:57, Milan Zamazal <mzamazal@redhat.com>:
parallax <dd432690@gmail.com> writes:

> ovirt 4.4.4.7
>
> not able to migrate VMs between hosts with following vdsm error:
>
> operation failed: Failed to connect to remote libvirt URI
> qemu+tls://kvm4.imp.loc/system: authentication failed: Failed to verify
> peer's certificate

You should be able to see a more exact reason for the certificate
verification failure in libvirtd logs on the source host (perhaps after
adjusting logging settings in /etc/libvirt/libvirtd.conf + restarting
libvirtd).

Anyway, you should check the certificates in /etc/pki/vdsm/certs on both
the source and destination hosts:

- cacert.pem should be the Engine CA certificate.

- vdsmcert.pem should be a certificate signed by the CA certificate,
  with the right host name and not expired.

If you are using encrypted migrations then you should additionally check
the certificates in /etc/pki/vdsm/libvirt-migrate.  cacert.pem should be
the CA certificate, server-cert.pem a valid certificate signed by the CA
certificate and there should be links client-cert.pem and client-key.pem
to server-cert.pem and server-key.pem respectively.

> hosts certificates was renewed recently but hosts hasn't been reloaded
> how to fix this issue

Regards,
Milan