9:05 p.m.
Thank you for reply.
Notice Enroll cert was done 4/15, but still getting notices.
engine.log:
2021-04-19 20:05:59,922-07 WARN
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(EE-ManagedThreadFactory-engineScheduled-Thread-58) [] EVENT_ID:
HOST_CERTIFICATION_IS_ABOUT_TO_EXPIRE(845), Host ovirt1.j2noc.com
certification is about to expire at 2021-05-12. Please renew the host's
certification.
..
2021-04-15 20:25:47,964-07 INFO [org.ovirt.engine.core.bll.hostdeploy.Host
EnrollCertificateCommand] (default task-3)
[6b9b252b-e78a-4f46-983c-58b4162c2818] Running command:
HostEnrollCertificateCommand
internal: false. Entities affected : ID:
23d2c0ab-5dd1-43af-9db3-2a426a539faf Type: VDSAction group
EDIT_HOST_CONFIGURATION with role type ADMIN
2021-04-15 20:25:48,004-07 INFO [org.ovirt.engine.core.bll.hostdeploy.Host
EnrollCertificateInternalCommand]
(EE-ManagedThreadFactory-commandCoordinator-Thread-1)
[6b9b252b-e78a-4f46-983c-58b4162c2818] Running command:
HostEnrollCertificateInternalCommand
internal: true. Entities affected : ID:
23d2c0ab-5dd1-43af-9db3-2a426a539faf Type: VDS
2021-04-15 20:25:48,012-07 INFO
[org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand]
(EE-ManagedThreadFactory-commandCoordinator-Thread-1)
[6b9b252b-e78a-4f46-983c-58b4162c2818] START,
SetVdsStatusVDSCommand(HostName = ovirt1.j2noc.com,
SetVdsStatusVDSCommandParameters:{hostId='23d2c0ab-5dd1-43af-9db3-2a426a539faf',
status='Installing', nonOperationalReason='NONE',
stopSpmFailureLogged='false', maintenanceReason='null'}), log id:
2c9a2bff
2021-04-15 20:25:48,021-07 INFO
[org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand]
(EE-ManagedThreadFactory-commandCoordinator-Thread-1)
[6b9b252b-e78a-4f46-983c-58b4162c2818] FINISH, SetVdsStatusVDSCommand,
return: , log id: 2c9a2bff
2021-04-15 20:25:48,037-07 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-3) [6b9b252b-e78a-4f46-983c-58b4162c2818] EVENT_ID:
HOST_CERTIFICATION_ENROLLMENT_STARTED(880), Enrolling certificate for host
ovirt1.j2noc.com was started (User: Bill.James(a)j2global.com
@j2global.com-authz).
2021-04-15 20:25:48,058-07 INFO
[org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand]
(EE-ManagedThreadFactory-commandCoordinator-Thread-1)
[6b9b252b-e78a-4f46-983c-58b4162c2818] START,
SetVdsStatusVDSCommand(HostName = ovirt1.j2noc.com,
SetVdsStatusVDSCommandParameters:{hostId='23d2c0ab-5dd1-43af-9db3-2a426a539faf',
status='Maintenance', nonOperationalReason='NONE',
stopSpmFailureLogged='false', maintenanceReason='null'}), log id: e46428c
2021-04-15 20:25:48,062-07 INFO
[org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand]
(EE-ManagedThreadFactory-commandCoordinator-Thread-1)
[6b9b252b-e78a-4f46-983c-58b4162c2818] FINISH,
SetVdsStatusVDSCommand, return: , log id: e46428c
2021-04-15 20:25:48,069-07 INFO
[org.ovirt.engine.core.common.utils.ansible.AnsibleExecutor]
(EE-ManagedThreadFactory-commandCoordinator-Thread-1)
[6b9b252b-e78a-4f46-983c-58b4162c2818] Executing Ansible command:
/usr/bin/ansible-playbook
--ssh-common-args=-F /var/lib/ovirt-engine/.ssh/config -v
--private-key=/etc/pki/ovirt-engine/keys/engine_id_rsa
--inventory=/tmp/ansible-inventory8413305606879978005
--extra-vars=ovirt_organizationname="j2noc.com"
--extra-vars=ovirt_ca_cert="-----BEGIN CERTIFICATE-----
MIIDrjCCApagAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMCVVMxEjAQBgNVBAoT
CWoybm9jLmNvbTEeMBwGA1UEAxMVb3ZpcnQuajJub2MuY29tLjE4NjU1MB4XDTE2MDUxMjE0NDUz
MloXDTI2MDUxMTE0NDUzMlowQTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCWoybm9jLmNvbTEeMBwG
A1UEAxMVb3ZpcnQuajJub2MuY29tLjE4NjU1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvGatrRaRs2lnC/uT2caEij9cAzrYeJvnskCUY/iJoVGZuERDmU0QanvEUIIKlcjAqJsAb3Z4
4h63RoXNshnvFUP7L0DR2YvfrKWnDV3AlA/rEQ8jwLedGGsvM/AxzTMaSlnlcJYSlJXeQKHEhc84
OTF8k+KalJditE9XWS/Z+OV9T3RcnE5QpBNJDKgg0W42WU4Y2K8r+Jwpso0Ea7YZuMck8GORnQOD
vlQbGvj/6pOBcMyAIeVa0puTFIsGuje0dM7VUYl/DP/2T8kwJJtDM7cgaV94KSUTJbjdBLshWSPI
Jj5LK1s7k3FGqGlPdjiXsbccZ8wUs439HwjMm7C6SQIDAQABo4GvMIGsMB0GA1UdDgQWBBRVi07z
FIlc0PPtHF2JNIljlPnhXzBqBgNVHSMEYzBhgBRVi07zFIlc0PPtHF2JNIljlPnhX6FFpEMwQTEL
MAkGA1UEBhMCVVMxEjAQBgNVBAoTCWoybm9jLmNvbTEeMBwGA1UEAxMVb3ZpcnQuajJub2MuY29t
LjE4NjU1ggIQADAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUF
AAOCAQEAna9CJ3lO1OMMGrINg9L+0DrILXFB7BYdf+x+dbyFkok+GkXWnG9SUuXIRqu5myJUJxPB
cUOdxUvtgqp1ZHQ4noCACk7qcBDUEvkCsPiVqH0ogGuVkHzq8fl+L8VIZDH4cHYt4orhXiziPz8Y
+LQFzP+vgB91pW2fejd2vXOrHEldQmu+IOpy28m4KeP5f1cay8+GcwESBcwnnOssotT14oPmIs2Z
IIqdUyTEF0ILgBlEBOZBs27QhkqEI7ugyQfYosglS2PNTteOPmplapJ85fay+jElgXAIFD3gXSqd
PDGq+9R0ELaIbpx4VloTUgejgKgO4xcx24O6H5F+GDurQg==
-----END CERTIFICATE-----
" --extra-vars=ovirt_san="IP:10.144.110.99"
--extra-vars=ovirt_engine_usr="/usr/share/ovirt-engine"
--extra-vars=ovirt_vds_hostname="10.144.110.99"
--extra-vars=ovirt_pki_dir="/etc/pki/ovirt-engine"
--extra-vars=ovirt_signcerttimeoutinseconds="30"
--extra-vars=ovirt_ca_key="ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Zq2tFpGzaWcL+5PZxoSKP1wDOth4m+eyQJRj+ImhUZm4REOZTRBqe8RQggqVyMComwBvdnjiHrdGhc2yGe8VQ/svQNHZi9+spacNXcCUD+sRDyPAt50Yay8z8DHNMxpKWeVwlhKUld5AocSFzzg5MXyT4pqUl2K0T1dZL9n45X1PdFycTlCkE0kMqCDRbjZZThjYryv4nCmyjQRrthm4xyTwY5GdA4O+VBsa+P/qk4FwzIAh5VrSm5MUiwa6N7R0ztVRiX8M//ZPyTAkm0MztyBpX3gpJRMluN0EuyFZI8gmPksrWzuTcUaoaU92OJextxxnzBSzjf0fCMybsLpJ"
--extra-vars=ovirt_vdscertificatevalidityinyears="5"
/usr/share/ovirt-engine/playbooks/ovirt-host-enroll-certificate.yml
[Logfile:
/var/log/ovirt-engine/host-deploy/ovirt-enroll-certs-ansible-20210415202548-10.144.110.99-6b9b252b-e78a-4f46-983c-58b4162c2818.log]
ovirt-enroll-certs-ansible-20210415202548-10.144.110.99-6b9b252b-e78a-4f46-983c-58b4162c2818.log
attached.
On Mon, Apr 19, 2021 at 10:37 PM Yedidyah Bar David <didi(a)redhat.com> wrote:
On Mon, Apr 19, 2021 at 8:15 PM Bill James <bill.james(a)j2.com>
wrote:
>
> I get this message from ovirt:
> Message:Host <hostname> certification is about to expire at 2021-05-12.
Please renew the host's certification.
>
> I tried putting host in maintenance mode and running "enroll
certificate". Didn't help.
Please check/share relevant logs (on the engine machine) -
/var/log/ovirt-engine/engine.log and
/var/log/ovirt-engine/host-deploy/* . Thanks.
>
> How do I renew the certificate?
'Enroll Certificate' should have worked. In principle you can also try
'Reinstall', which is not that much more drastic than 'Enroll
Certificate' on a working host, but does do a bit more.
>
> I'm running 4.3.9.4-1.el7
Please note that this is EOL. Also, the host-deploy code (including
all of above) was rewritten in ansible in 4.4 (not implying the old
code was/is broken, though).
Best regards,
--
Didi
--
This email, its contents and attachments contain information from J2
Global, Inc. and/or its affiliates which may be privileged, confidential or
otherwise protected from disclosure. The information is intended to be for
the addressee(s) only. If you are not an addressee, any disclosure, copy,
distribution or use of the contents of this message is prohibited. If you
have received this email in error, please notify the sender by reply email
and delete the original message and any copies.