On Tue, Dec 27, 2022 at 8:39 AM Yedidyah Bar David <didi@redhat.com> wrote:
On Sun, Dec 25, 2022 at 5:15 PM Gilboa Davara <gilboad@gmail.com> wrote:
On Sun, Dec 25, 2022 at 12:37 PM Gilboa Davara <gilboad@gmail.com> wrote:
On Sun, Dec 25, 2022 at 12:36 PM Gilboa Davara <gilboad@gmail.com> wrote:
Hello all,
Even though I do my best to keep track of the certificate issue date across my different clusters, I somehow missed the vdsm certificate expiration in one of my clusters. Now I have an active cluster with multiple nodes (self-hosted / gluster storage), vdsm service is down on all nodes (due to certificate expiration) - hence, I cannot get the cluster into global maintenance mode (vdsms are down), and I cannot access my engine (to renew the engine certificates / re-enroll hosts). How can manual renew the host certificate?
Thanks, Gilboa
P.S. CentOS 8 Streams engine and host, ovirt v4.5.3 (I think).
- Gilboa
Managed to find an old email in this group (that I saved...) https://lists.ovirt.org/archives/list/users@ovirt.org/message/56QU2AD7YUX2VZ...
This got the nodes working... but the engine (GRRR) still cannot connect to the nodes (I assume it has expired certs as well), hence, it cannot detect the cluster is in global maintenance mode, and cannot run engine-setup.
Sorry, I do not follow. Is your immediate obstacle being that engine-setup refuses to continue, saying "Hosted Engine HA is in Global Maintenance mode."?
You can cause it to ignore this test by passing 'OVESETUP_CONFIG/continueSetupOnHEVM=bool:True' (in the answer file or --otopi-environment).
We recently added an option 'engine-setup --show-environment-documentation', exactly for this env key, see also:
(BTW, I now see that I warned there against trying to parse the output, as it might change in the future - and that I indeed actually already "broke" it, https://github.com/oVirt/otopi/pull/22 . If anyone volunteers to enhance this - either add some override to otopi calling textwrap.wrap or perhaps some '--json' option or whatever, great!). -- Didi