Hi,

Some of my hosts came into a non responsive state since there certicate had expired:

VDSM palomo command Get Host Capabilities failed: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed

openssl x509 -noout -enddate -in /etc/pki/vdsm/certs/vdsmcert.pem
palomo
notAfter=Apr  6 11:09:05 2022 GMT

The recommanded path to update certificates is to put hosts into maintenance and enroll certificates.
But I can't anymore live migrate vms since the certificate is expired:

2022-04-13 10:34:12,022+0200 ERROR (migsrc/bf0f7628) [virt.vm] (vmId='bf0f7628-d70b-47a4-8569-5430e178f429') [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897) (migration:331)

So is there a way to disable tls to migrate these vms so as to put the host into maintenance?

No possibility of migration would imply to stop production vms, this is what we absolutely don't want!

Any help much appreciated.

-- 
Nathanaël Blanchet

Supervision réseau
SIRE
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5 	
Tél. 33 (0)4 67 54 84 55
Fax  33 (0)4 67 54 84 14
blanchet@abes.fr