Il 25/06/2019 08:27, Yedidyah Bar David ha scritto:
On Mon, Jun 24, 2019 at 7:56 PM Stefano Danzi <s.danzi@hawai.it> wrote:
I've found that this issue is related to:
https://bugzilla.redhat.com/show_bug.cgi?id=1648190 Are you sure?
That bug is about an old cert, generated by an old version, likely before we fixed bug 1210486 (even though it's not mentioned in above bug).
Yes! Malformed "Not Before" date/time in certs
But i've no idea how fix it....
Il 24/06/2019 18:19, Stefano Danzi ha scritto:
I've just upgraded my test environment from ovirt 4.2 to 4.3.4. Was it installed as 4.2, or upgraded? From which first version?
I don't remember the first installed version. Maybe 4.0... I always upgraded the original installation.
System has only one host (Centos 7.6.1810) and run a self hosted engine.
After upgrade I'm not able to run vdsmd (and so hosted engine....)
Above the error in log:
journalctl -xe
-- L'unità libvirtd.service ha iniziato la fase di avvio. giu 24 18:09:17 ovirt01.hawai.lan libvirtd[8176]: 2019-06-24 16:09:17.006+0000: 8176: info : libvirt version: 4.5.0, package: 10.el7_6.12 (CentOS BuildSystem <http://bugs.centos.org>, 2019-06-20-15:01:15, x86-01.bsys. giu 24 18:09:17 ovirt01.hawai.lan libvirtd[8176]: 2019-06-24 16:09:17.006+0000: 8176: info : hostname: ovirt01.hawai.lan giu 24 18:09:17 ovirt01.hawai.lan libvirtd[8176]: 2019-06-24 16:09:17.006+0000: 8176: error : virNetTLSContextLoadCertFromFile:513 : Unable to import server certificate /etc/pki/vdsm/certs/vdsmcert.pem Did you check this file? Does it exist?
ls -l /etc/pki/vdsm/certs/vdsmcert.pem
Can vdsm user read it?
su - vdsm -s /bin/bash -c 'cat /etc/pki/vdsm/certs/vdsmcert.pem > /dev/null'
Please check/share output of:
openssl x509 -in /etc/pki/vdsm/certs/vdsmcert.pem -text
Thanks and best regards,
vdsm can read vdsmcert. The problem is "Not Before" date: [root@ovirt01 ~]# su - vdsm -s /bin/bash -c 'openssl x509 -in /etc/pki/vdsm/certs/vdsmcert.pem -text' Certificate: Data: Version: 3 (0x2) Serial Number: 4102 (0x1006) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=hawai.lan, CN=ovirtbk-sheng.hawai.lan.63272 Validity Not Before: Feb 4 08:36:07 2015 Not After : Feb 4 08:36:07 2020 GMT [CUT] [root@ovirt01 ~]# su - vdsm -s /bin/bash -c 'openssl x509 -in /etc/pki/vdsm/certs/cacert.pem -text' Certificate: Data: Version: 3 (0x2) Serial Number: 4096 (0x1000) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=hawai.lan, CN=ovirtbk-sheng.hawai.lan.63272 Validity Not Before: Feb 4 00:06:25 2015 Not After : Feb 2 00:06:25 2025 GMT
giu 24 18:09:17 ovirt01.hawai.lan systemd[1]: libvirtd.service: main process exited, code=exited, status=6/NOTCONFIGURED giu 24 18:09:17 ovirt01.hawai.lan systemd[1]: Failed to start Virtualization daemon. -- Subject: L'unità libvirtd.service è fallita