3:26 a.m.
Il 25/06/2019 08:27, Yedidyah Bar David ha scritto:
On Mon, Jun 24, 2019 at 7:56 PM Stefano Danzi
<s.danzi(a)hawai.it> wrote:
> I've found that this issue is related to:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1648190
Are you sure?
That bug is about an old cert, generated by an old version, likely
before we fixed bug 1210486 (even though it's not mentioned in above
bug).
Yes! Malformed "Not Before" date/time in certs
> But i've no idea how fix it....
>
> Il 24/06/2019 18:19, Stefano Danzi ha scritto:
>> I've just upgraded my test environment from ovirt 4.2 to 4.3.4.
Was it installed as 4.2, or upgraded? From which first version?
I don't remember the first installed version. Maybe 4.0... I always
upgraded the original installation.
>> System has only one host (Centos 7.6.1810) and run a self
hosted engine.
>>
>> After upgrade I'm not able to run vdsmd (and so hosted engine....)
>>
>> Above the error in log:
>>
>> journalctl -xe
>>
>> -- L'unità libvirtd.service ha iniziato la fase di avvio.
>> giu 24 18:09:17 ovirt01.hawai.lan libvirtd[8176]: 2019-06-24
>> 16:09:17.006+0000: 8176: info : libvirt version: 4.5.0, package:
>> 10.el7_6.12 (CentOS BuildSystem <http://bugs.centos.org>;,
>> 2019-06-20-15:01:15, x86-01.bsys.
>> giu 24 18:09:17 ovirt01.hawai.lan libvirtd[8176]: 2019-06-24
>> 16:09:17.006+0000: 8176: info : hostname: ovirt01.hawai.lan
>> giu 24 18:09:17 ovirt01.hawai.lan libvirtd[8176]: 2019-06-24
>> 16:09:17.006+0000: 8176: error : virNetTLSContextLoadCertFromFile:513
>> : Unable to import server certificate /etc/pki/vdsm/certs/vdsmcert.pem
Did you check this file? Does it exist?
ls -l /etc/pki/vdsm/certs/vdsmcert.pem
Can vdsm user read it?
su - vdsm -s /bin/bash -c 'cat /etc/pki/vdsm/certs/vdsmcert.pem > /dev/null'
Please check/share output of:
openssl x509 -in /etc/pki/vdsm/certs/vdsmcert.pem -text
Thanks and best regards,
vdsm can read vdsmcert. The problem is "Not Before" date:
[root@ovirt01 ~]# su - vdsm -s /bin/bash -c 'openssl x509 -in
/etc/pki/vdsm/certs/vdsmcert.pem -text'
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4102 (0x1006)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=hawai.lan, CN=ovirtbk-sheng.hawai.lan.63272
Validity
Not Before: Feb 4 08:36:07 2015
Not After : Feb 4 08:36:07 2020 GMT
[CUT]
[root@ovirt01 ~]# su - vdsm -s /bin/bash -c 'openssl x509 -in
/etc/pki/vdsm/certs/cacert.pem -text'
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4096 (0x1000)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=hawai.lan, CN=ovirtbk-sheng.hawai.lan.63272
Validity
Not Before: Feb 4 00:06:25 2015
Not After : Feb 2 00:06:25 2025 GMT
>> giu 24 18:09:17 ovirt01.hawai.lan systemd[1]:
libvirtd.service: main
>> process exited, code=exited, status=6/NOTCONFIGURED
>> giu 24 18:09:17 ovirt01.hawai.lan systemd[1]: Failed to start
>> Virtualization daemon.
>> -- Subject: L'unità libvirtd.service è fallita
>>