On Fri, May 6, 2022 at 10:44 AM Gianluca Cecchi <gianluca.cecchi@gmail.com> wrote:
On Mon, May 2, 2022 at 6:02 PM <csabany@freemail.hu> wrote:
Hi,
LAst month a renewed our hosts certificates by the "Enroll certificates" method. The "/etc/pki/vdsm/libvirt-vnc/server-cert.pem" certificate wasn't renewed on my nodes (other certificates were).
How can i renew this certificate too?
thanks csabany
Actually I think this could be a bug in enrolling certificate job on hosts from web admin gui. I'm having the same problem updating from downstream RHV 4.4.10-6 to 4.4.10-7 with RHV-H hosts and the enrolling of certificates takes in consideration these directories
/etc/pki/libvirt /etc/pki/vdsm/certs /etc/pki/vdsm/libvirt-migrate /etc/pki/vdsm/libvirt-spice
But not: /etc/pki/vdsm/libvirt-vnc
I think it could impact oVirt too.
In case Red Hat guys want to see logs of my RHV environment, I've opened the case 03212406 for this problem.
Gianluca
I forgot to say that the impact in my case is that due to this problem I can't live migrate VMs between the updated hosts, because the libvirt-vnc certificate of destination host is now expired... and in logs of source host I get: libvirt.libvirtError: internal error: process exited while connecting to monitor: 2022-05-05T07:31:25.922766Z qemu-kvm: The server certificate /etc/pki/vdsm/libvirt-vnc/server-cert.pem has expired Perhaps is due to having graphics protocol: Spice+VNC in VM console configuration, so both certificates (spice and vnc) are checked before migration. Not sure Gianluca