Thank you for reply.
Notice Enroll cert was done 4/15, but still getting notices.


engine.log:

2021-04-19 20:05:59,922-07 WARN  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engineScheduled-Thread-58) [] EVENT_ID: HOST_CERTIFICATION_IS_ABOUT_TO_EXPIRE(845), Host ovirt1.j2noc.com certification is about to expire at 2021-05-12. Please renew the host's certification.

..



2021-04-15 20:25:47,964-07 INFO  [org.ovirt.engine.core.bll.hostdeploy.HostEnrollCertificateCommand] (default task-3) [6b9b252b-e78a-4f46-983c-58b4162c2818] Running command: HostEnrollCertificateCommand internal: false. Entities affected :  ID: 23d2c0ab-5dd1-43af-9db3-2a426a539faf Type: VDSAction group EDIT_HOST_CONFIGURATION with role type ADMIN

2021-04-15 20:25:48,004-07 INFO  [org.ovirt.engine.core.bll.hostdeploy.HostEnrollCertificateInternalCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] Running command: HostEnrollCertificateInternalCommand internal: true. Entities affected :  ID: 23d2c0ab-5dd1-43af-9db3-2a426a539faf Type: VDS

2021-04-15 20:25:48,012-07 INFO  [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] START, SetVdsStatusVDSCommand(HostName = ovirt1.j2noc.com, SetVdsStatusVDSCommandParameters:{hostId='23d2c0ab-5dd1-43af-9db3-2a426a539faf', status='Installing', nonOperationalReason='NONE', stopSpmFailureLogged='false', maintenanceReason='null'}), log id: 2c9a2bff

2021-04-15 20:25:48,021-07 INFO  [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] FINISH, SetVdsStatusVDSCommand, return: , log id: 2c9a2bff

2021-04-15 20:25:48,037-07 INFO  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-3) [6b9b252b-e78a-4f46-983c-58b4162c2818] EVENT_ID: HOST_CERTIFICATION_ENROLLMENT_STARTED(880), Enrolling certificate for host ovirt1.j2noc.com was started (User: Bill.James@j2global.com@j2global.com-authz).

2021-04-15 20:25:48,058-07 INFO  [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] START, SetVdsStatusVDSCommand(HostName = ovirt1.j2noc.com, SetVdsStatusVDSCommandParameters:{hostId='23d2c0ab-5dd1-43af-9db3-2a426a539faf', status='Maintenance', nonOperationalReason='NONE', stopSpmFailureLogged='false', maintenanceReason='null'}), log id: e46428c

2021-04-15 20:25:48,062-07 INFO  [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] FINISH,

 SetVdsStatusVDSCommand, return: , log id: e46428c

2021-04-15 20:25:48,069-07 INFO  [org.ovirt.engine.core.common.utils.ansible.AnsibleExecutor] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] Executing Ansible command:  /usr/bin/ansible-playbook --ssh-common-args=-F /var/lib/ovirt-engine/.ssh/config -v --private-key=/etc/pki/ovirt-engine/keys/engine_id_rsa --inventory=/tmp/ansible-inventory8413305606879978005 --extra-vars=ovirt_organizationname="j2noc.com" --extra-vars=ovirt_ca_cert="-----BEGIN CERTIFICATE-----

MIIDrjCCApagAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMCVVMxEjAQBgNVBAoT

CWoybm9jLmNvbTEeMBwGA1UEAxMVb3ZpcnQuajJub2MuY29tLjE4NjU1MB4XDTE2MDUxMjE0NDUz

MloXDTI2MDUxMTE0NDUzMlowQTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCWoybm9jLmNvbTEeMBwG

A1UEAxMVb3ZpcnQuajJub2MuY29tLjE4NjU1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC

AQEAvGatrRaRs2lnC/uT2caEij9cAzrYeJvnskCUY/iJoVGZuERDmU0QanvEUIIKlcjAqJsAb3Z4

4h63RoXNshnvFUP7L0DR2YvfrKWnDV3AlA/rEQ8jwLedGGsvM/AxzTMaSlnlcJYSlJXeQKHEhc84

OTF8k+KalJditE9XWS/Z+OV9T3RcnE5QpBNJDKgg0W42WU4Y2K8r+Jwpso0Ea7YZuMck8GORnQOD

vlQbGvj/6pOBcMyAIeVa0puTFIsGuje0dM7VUYl/DP/2T8kwJJtDM7cgaV94KSUTJbjdBLshWSPI

Jj5LK1s7k3FGqGlPdjiXsbccZ8wUs439HwjMm7C6SQIDAQABo4GvMIGsMB0GA1UdDgQWBBRVi07z

FIlc0PPtHF2JNIljlPnhXzBqBgNVHSMEYzBhgBRVi07zFIlc0PPtHF2JNIljlPnhX6FFpEMwQTEL

MAkGA1UEBhMCVVMxEjAQBgNVBAoTCWoybm9jLmNvbTEeMBwGA1UEAxMVb3ZpcnQuajJub2MuY29t

LjE4NjU1ggIQADAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUF

AAOCAQEAna9CJ3lO1OMMGrINg9L+0DrILXFB7BYdf+x+dbyFkok+GkXWnG9SUuXIRqu5myJUJxPB

cUOdxUvtgqp1ZHQ4noCACk7qcBDUEvkCsPiVqH0ogGuVkHzq8fl+L8VIZDH4cHYt4orhXiziPz8Y

+LQFzP+vgB91pW2fejd2vXOrHEldQmu+IOpy28m4KeP5f1cay8+GcwESBcwnnOssotT14oPmIs2Z

IIqdUyTEF0ILgBlEBOZBs27QhkqEI7ugyQfYosglS2PNTteOPmplapJ85fay+jElgXAIFD3gXSqd

PDGq+9R0ELaIbpx4VloTUgejgKgO4xcx24O6H5F+GDurQg==

-----END CERTIFICATE-----

" --extra-vars=ovirt_san="IP:10.144.110.99" --extra-vars=ovirt_engine_usr="/usr/share/ovirt-engine" --extra-vars=ovirt_vds_hostname="10.144.110.99" --extra-vars=ovirt_pki_dir="/etc/pki/ovirt-engine" --extra-vars=ovirt_signcerttimeoutinseconds="30" --extra-vars=ovirt_ca_key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Zq2tFpGzaWcL+5PZxoSKP1wDOth4m+eyQJRj+ImhUZm4REOZTRBqe8RQggqVyMComwBvdnjiHrdGhc2yGe8VQ/svQNHZi9+spacNXcCUD+sRDyPAt50Yay8z8DHNMxpKWeVwlhKUld5AocSFzzg5MXyT4pqUl2K0T1dZL9n45X1PdFycTlCkE0kMqCDRbjZZThjYryv4nCmyjQRrthm4xyTwY5GdA4O+VBsa+P/qk4FwzIAh5VrSm5MUiwa6N7R0ztVRiX8M//ZPyTAkm0MztyBpX3gpJRMluN0EuyFZI8gmPksrWzuTcUaoaU92OJextxxnzBSzjf0fCMybsLpJ" --extra-vars=ovirt_vdscertificatevalidityinyears="5" /usr/share/ovirt-engine/playbooks/ovirt-host-enroll-certificate.yml [Logfile: /var/log/ovirt-engine/host-deploy/ovirt-enroll-certs-ansible-20210415202548-10.144.110.99-6b9b252b-e78a-4f46-983c-58b4162c2818.log]



ovirt-enroll-certs-ansible-20210415202548-10.144.110.99-6b9b252b-e78a-4f46-983c-58b4162c2818.log attached.



On Mon, Apr 19, 2021 at 10:37 PM Yedidyah Bar David <didi@redhat.com> wrote:
On Mon, Apr 19, 2021 at 8:15 PM Bill James <bill.james@j2.com> wrote:
>
> I get this message from ovirt:
> Message:Host <hostname> certification is about to expire at 2021-05-12. Please renew the host's certification.
>
> I tried putting host in maintenance mode and running "enroll certificate". Didn't help.

Please check/share relevant logs (on the engine machine) -
/var/log/ovirt-engine/engine.log and
/var/log/ovirt-engine/host-deploy/* . Thanks.

>
> How do I renew the certificate?

'Enroll Certificate' should have worked. In principle you can also try
'Reinstall', which is not that much more drastic than 'Enroll
Certificate' on a working host, but does do a bit more.

>
> I'm running 4.3.9.4-1.el7

Please note that this is EOL. Also, the host-deploy code (including
all of above) was rewritten in ansible in 4.4 (not implying the old
code was/is broken, though).

Best regards,
--
Didi




This email, its contents and attachments contain information from J2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution or use of the contents of this message is prohibited. If you have received this email in error, please notify the sender by reply email and delete the original message and any copies.