[ovirt-users] Re: Certificates expired...

Did you restart vdsm after updating the certs? -derek On Fri, August 4, 2023 2:12 pm, Jason P. Thomas wrote: > I updated the VDSM certs on the hosts and the apache cert on the > engine.  I'm guessing something is wrong with however the engine > interacts with vdsm, I just don't know exactly what to do about it. > > Jason > > On 8/4/23 14:00, Derek Atkins wrote: >> Sounds like the Host Certs need to be updated.. Or possibly even the >> Engine CA Cert. >> >> -derek >> >> On Fri, August 4, 2023 1:45 pm, Jason P. Thomas wrote: >>> Konstantin, >>> Right after I sent the email I got the engine running.  The >>> libvirt-spice certs had incorrect ownership.  It still is not >>> connecting >>> to anything.  Error in Events on the Engine is now: "VDSM >>> <hostname.fqdn> command Get Host Capabilities failed: General SSLEngine >>> problem" >>> >>> So status right now is, all VMs are running.  Engine web ui is >>> accessible.  Engine shows all hosts as unassigned or Connecting or >>> NonResponsive with repeated entries of the above error in Events. >>> >>> Sincerely, >>> Jason >>> >>> On 8/4/23 13:08, konstantin.volenbovskyi--- via Users wrote: >>>>> Now the engine won't start at all and I'm afraid I'm one power outage >>>>> away from complete disaster.  I need to keep the old location up and >>>>> functioning for another 4-6 months, so any insights would be greatly >>>>> appreciated. >>>> Hi, >>>> >>>> 'engine won't start at all' can mean two things: >>>> >>>> 1) OS can't boot and thus you can't do SSH. Assuming that we are >>>> talking >>>> self-hosted engine, then you need to use command like below on host >>>> that >>>> runs ovengine VM (virsh -c >>>> qemu:///system?authfile=/etc/ovirt-hosted-engine/virsh_auth.conf list >>>> and hosted-engine --vm-status might be helpful, VM should at least >>>> start >>>> to boot in order for you to achieve connectivity via console): >>>> hosted-engine --add-console-password --password=somepassword >>>> and then connect via VNC to IP that you will see in output and >>>> password >>>> that you used >>>> >>>> 2) ovirt-engine service can't start >>>> In that case it is likely that you will find reason of that in >>>> journalctl -u ovirt-engine --no-pager >>>> (/var/log/ovirt-engine/engine.log) >>>> >>>> BR, >>>> Konstantin >>>> _______________________________________________ >>>> Users mailing list -- users(a)ovirt.org >>>> To unsubscribe send an email to users-leave(a)ovirt.org >>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html >>>> oVirt Code of Conduct: >>>> https://www.ovirt.org/community/about/community-guidelines/ >>>> List Archives: >>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/PL4Q64G6IFU... >>> _______________________________________________ >>> Users mailing list -- users(a)ovirt.org >>> To unsubscribe send an email to users-leave(a)ovirt.org >>> Privacy Statement: https://www.ovirt.org/privacy-policy.html >>> oVirt Code of Conduct: >>> https://www.ovirt.org/community/about/community-guidelines/ >>> List Archives: >>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/H3M4O4TN67N... >>> >