2021-04-19 20:05:59,922-07 WARN [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engineScheduled-Thread-58) [] EVENT_ID: HOST_CERTIFICATION_IS_ABOUT_TO_EXPIRE(845), Host ovirt1.j2noc.com certification is about to expire at 2021-05-12. Please renew the host's certification.
..
2021-04-15 20:25:47,964-07 INFO [org.ovirt.engine.core.bll.hostdeploy.HostEnrollCertificateCommand] (default task-3) [6b9b252b-e78a-4f46-983c-58b4162c2818] Running command: HostEnrollCertificateCommand internal: false. Entities affected : ID: 23d2c0ab-5dd1-43af-9db3-2a426a539faf Type: VDSAction group EDIT_HOST_CONFIGURATION with role type ADMIN
2021-04-15 20:25:48,004-07 INFO [org.ovirt.engine.core.bll.hostdeploy.HostEnrollCertificateInternalCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] Running command: HostEnrollCertificateInternalCommand internal: true. Entities affected : ID: 23d2c0ab-5dd1-43af-9db3-2a426a539faf Type: VDS
2021-04-15 20:25:48,012-07 INFO [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] START, SetVdsStatusVDSCommand(HostName = ovirt1.j2noc.com, SetVdsStatusVDSCommandParameters:{hostId='23d2c0ab-5dd1-43af-9db3-2a426a539faf', status='Installing', nonOperationalReason='NONE', stopSpmFailureLogged='false', maintenanceReason='null'}), log id: 2c9a2bff
2021-04-15 20:25:48,021-07 INFO [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] FINISH, SetVdsStatusVDSCommand, return: , log id: 2c9a2bff
2021-04-15 20:25:48,037-07 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-3) [6b9b252b-e78a-4f46-983c-58b4162c2818] EVENT_ID: HOST_CERTIFICATION_ENROLLMENT_STARTED(880), Enrolling certificate for host ovirt1.j2noc.com was started (User: Bill.James@j2global.com@j2global.com-authz).
2021-04-15 20:25:48,058-07 INFO [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] START, SetVdsStatusVDSCommand(HostName = ovirt1.j2noc.com, SetVdsStatusVDSCommandParameters:{hostId='23d2c0ab-5dd1-43af-9db3-2a426a539faf', status='Maintenance', nonOperationalReason='NONE', stopSpmFailureLogged='false', maintenanceReason='null'}), log id: e46428c
2021-04-15 20:25:48,062-07 INFO [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] FINISH,
SetVdsStatusVDSCommand, return: , log id: e46428c
2021-04-15 20:25:48,069-07 INFO [org.ovirt.engine.core.common.utils.ansible.AnsibleExecutor] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] Executing Ansible command: /usr/bin/ansible-playbook --ssh-common-args=-F /var/lib/ovirt-engine/.ssh/config -v --private-key=/etc/pki/ovirt-engine/keys/engine_id_rsa --inventory=/tmp/ansible-inventory8413305606879978005 --extra-vars=ovirt_organizationname="j2noc.com" --extra-vars=ovirt_ca_cert="-----BEGIN CERTIFICATE-----
MIIDrjCCApagAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMCVVMxEjAQBgNVBAoT
CWoybm9jLmNvbTEeMBwGA1UEAxMVb3ZpcnQuajJub2MuY29tLjE4NjU1MB4XDTE2MDUxMjE0NDUz
MloXDTI2MDUxMTE0NDUzMlowQTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCWoybm9jLmNvbTEeMBwG
A1UEAxMVb3ZpcnQuajJub2MuY29tLjE4NjU1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvGatrRaRs2lnC/uT2caEij9cAzrYeJvnskCUY/iJoVGZuERDmU0QanvEUIIKlcjAqJsAb3Z4
4h63RoXNshnvFUP7L0DR2YvfrKWnDV3AlA/rEQ8jwLedGGsvM/AxzTMaSlnlcJYSlJXeQKHEhc84
OTF8k+KalJditE9XWS/Z+OV9T3RcnE5QpBNJDKgg0W42WU4Y2K8r+Jwpso0Ea7YZuMck8GORnQOD
vlQbGvj/6pOBcMyAIeVa0puTFIsGuje0dM7VUYl/DP/2T8kwJJtDM7cgaV94KSUTJbjdBLshWSPI
Jj5LK1s7k3FGqGlPdjiXsbccZ8wUs439HwjMm7C6SQIDAQABo4GvMIGsMB0GA1UdDgQWBBRVi07z
FIlc0PPtHF2JNIljlPnhXzBqBgNVHSMEYzBhgBRVi07zFIlc0PPtHF2JNIljlPnhX6FFpEMwQTEL
MAkGA1UEBhMCVVMxEjAQBgNVBAoTCWoybm9jLmNvbTEeMBwGA1UEAxMVb3ZpcnQuajJub2MuY29t
LjE4NjU1ggIQADAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUF
AAOCAQEAna9CJ3lO1OMMGrINg9L+0DrILXFB7BYdf+x+dbyFkok+GkXWnG9SUuXIRqu5myJUJxPB
cUOdxUvtgqp1ZHQ4noCACk7qcBDUEvkCsPiVqH0ogGuVkHzq8fl+L8VIZDH4cHYt4orhXiziPz8Y
+LQFzP+vgB91pW2fejd2vXOrHEldQmu+IOpy28m4KeP5f1cay8+GcwESBcwnnOssotT14oPmIs2Z
IIqdUyTEF0ILgBlEBOZBs27QhkqEI7ugyQfYosglS2PNTteOPmplapJ85fay+jElgXAIFD3gXSqd
PDGq+9R0ELaIbpx4VloTUgejgKgO4xcx24O6H5F+GDurQg==
-----END CERTIFICATE-----
" --extra-vars=ovirt_san="IP:10.144.110.99" --extra-vars=ovirt_engine_usr="/usr/share/ovirt-engine" --extra-vars=ovirt_vds_hostname="10.144.110.99" --extra-vars=ovirt_pki_dir="/etc/pki/ovirt-engine" --extra-vars=ovirt_signcerttimeoutinseconds="30" --extra-vars=ovirt_ca_key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Zq2tFpGzaWcL+5PZxoSKP1wDOth4m+eyQJRj+ImhUZm4REOZTRBqe8RQggqVyMComwBvdnjiHrdGhc2yGe8VQ/svQNHZi9+spacNXcCUD+sRDyPAt50Yay8z8DHNMxpKWeVwlhKUld5AocSFzzg5MXyT4pqUl2K0T1dZL9n45X1PdFycTlCkE0kMqCDRbjZZThjYryv4nCmyjQRrthm4xyTwY5GdA4O+VBsa+P/qk4FwzIAh5VrSm5MUiwa6N7R0ztVRiX8M//ZPyTAkm0MztyBpX3gpJRMluN0EuyFZI8gmPksrWzuTcUaoaU92OJextxxnzBSzjf0fCMybsLpJ" --extra-vars=ovirt_vdscertificatevalidityinyears="5" /usr/share/ovirt-engine/playbooks/ovirt-host-enroll-certificate.yml [Logfile: /var/log/ovirt-engine/host-deploy/ovirt-enroll-certs-ansible-20210415202548-10.144.110.99-6b9b252b-e78a-4f46-983c-58b4162c2818.log]
ovirt-enroll-certs-ansible-20210415202548-10.144.110.99-6b9b252b-e78a-4f46-983c-58b4162c2818.log attached.
On Mon, Apr 19, 2021 at 8:15 PM Bill James <bill.james@j2.com> wrote:
>
> I get this message from ovirt:
> Message:Host <hostname> certification is about to expire at 2021-05-12. Please renew the host's certification.
>
> I tried putting host in maintenance mode and running "enroll certificate". Didn't help.
Please check/share relevant logs (on the engine machine) -
/var/log/ovirt-engine/engine.log and
/var/log/ovirt-engine/host-deploy/* . Thanks.
>
> How do I renew the certificate?
'Enroll Certificate' should have worked. In principle you can also try
'Reinstall', which is not that much more drastic than 'Enroll
Certificate' on a working host, but does do a bit more.
>
> I'm running 4.3.9.4-1.el7
Please note that this is EOL. Also, the host-deploy code (including
all of above) was rewritten in ansible in 4.4 (not implying the old
code was/is broken, though).
Best regards,
--
Didi