Neil, It seems that your engine certificate(s) is/are not ok. I would suggest to enable ssl debug in the engine by: - add '-Djavax.net.debug=all' to ovirt-engine.py file here [1]. - restart your engine - check your server.log and check what is the issue. Hopefully we will be able to understand what happened in your setup. Thanks, Piotr [1] https://github.com/oVirt/ovirt-engine/blob/master/packaging/services/ovirt-e... On Thu, Sep 21, 2017 at 4:42 PM, Neil <nwilson123@gmail.com> wrote:
Further to the logs sent, on the nodes I'm also seeing the following error under /var/log/messages...
Sep 20 03:43:12 node01 vdsm root ERROR invalid client certificate with subject "/C=US/O=UKDM/CN=engine01.mydomain.za"^C Sep 20 03:43:12 node01 vdsm vds ERROR xml-rpc handler exception#012Traceback (most recent call last):#012 File "/usr/share/vdsm/BindingXMLRPC.py", line 80, in threaded_start#012 self.server.handle_request()#012 File "/usr/lib64/python2.6/SocketServer.py", line 278, in handle_request#012 self._handle_request_noblock()#012 File "/usr/lib64/python2.6/SocketServer.py", line 288, in _handle_request_noblock#012 request, client_address = self.get_request()#012 File "/usr/lib64/python2.6/SocketServer.py", line 456, in get_request#012 return self.socket.accept()#012 File "/usr/lib64/python2.6/site-packages/vdsm/SecureXMLRPCServer.py", line 136, in accept#012 raise SSL.SSLError("%s, client %s" % (e, address[0]))#012SSLError: no certificate returned, client 10.251.193.5
Not sure if this is any further help in diagnosing the issue?
Thanks, any assistance is appreciated.
Regards.
Neil Wilson.
On Thu, Sep 21, 2017 at 4:31 PM, Neil <nwilson123@gmail.com> wrote:
Hi Piotr,
Thank you for the reply. After sending the email I did go and check the engine one too....
[root@engine01 /]# openssl x509 -in /etc/pki/ovirt-engine/ca.pem -enddate -noout notAfter=Oct 13 16:26:46 2022 GMT
I'm not sure if this one below is meant to verify or if this output is expected?
[root@engine01 /]# openssl x509 -in /etc/pki/ovirt-engine/private/ca.pem -enddate -noout unable to load certificate 140642165552968:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
My date is correct too Thu Sep 21 16:30:15 SAST 2017
Any ideas?
Googling surprisingly doesn't come up with much.
Thank you.
Regards.
Neil Wilson.
On Thu, Sep 21, 2017 at 4:16 PM, Piotr Kliczewski <piotr.kliczewski@gmail.com> wrote:
Neil,
You checked both nodes what about the engine? Can you check engine certs? You can find more info where they are located here [1].
Thanks, Piotr
[1] https://www.ovirt.org/develop/release-management/features/infra/pki/#ovirt-e...
On Thu, Sep 21, 2017 at 3:26 PM, Neil <nwilson123@gmail.com> wrote:
Hi guys,
Please could someone assist, my cluster is down and I can't access my vm's to switch some of them back on.
I'm seeing the following error in the engine.log however I've checked my certs on my hosts (as some of the goolge results said to check), but the certs haven't expired...
2017-09-21 15:09:45,077 ERROR [org.ovirt.engine.core.vdsbroker.vdsbroker.GetCapabilitiesVDSCommand] (DefaultQuartzScheduler_Worker-4) Command GetCapabilitiesVDSCommand(HostName = node02.mydomain.za, HostId = d2debdfe-76e7-40cf-a7fd-78a0f50f14d4, vds=Host[node02.mydomain.za]) execution failed. Exception: VDSNetworkException: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_expired 2017-09-21 15:09:45,086 ERROR [org.ovirt.engine.core.vdsbroker.vdsbroker.GetCapabilitiesVDSCommand] (DefaultQuartzScheduler_Worker-10) Command GetCapabilitiesVDSCommand(HostName = node01.mydomain.za, HostId = b108549c-1700-11e2-b936-9f5243b8ce13, vds=Host[node01.mydomain.za]) execution failed. Exception: VDSNetworkException: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_expired 2017-09-21 15:09:48,173 ERROR
My engine and host info is below...
[root@engine01 ovirt-engine]# rpm -qa | grep -i ovirt ovirt-engine-lib-3.4.0-1.el6.noarch ovirt-engine-restapi-3.4.0-1.el6.noarch ovirt-engine-setup-plugin-ovirt-engine-3.4.0-1.el6.noarch ovirt-engine-3.4.0-1.el6.noarch ovirt-engine-setup-plugin-websocket-proxy-3.4.0-1.el6.noarch ovirt-host-deploy-java-1.2.0-1.el6.noarch ovirt-engine-setup-3.4.0-1.el6.noarch ovirt-host-deploy-1.2.0-1.el6.noarch ovirt-engine-backend-3.4.0-1.el6.noarch ovirt-image-uploader-3.4.0-1.el6.noarch ovirt-engine-tools-3.4.0-1.el6.noarch ovirt-engine-sdk-python-3.4.0.7-1.el6.noarch ovirt-engine-webadmin-portal-3.4.0-1.el6.noarch ovirt-engine-cli-3.4.0.5-1.el6.noarch ovirt-engine-setup-base-3.4.0-1.el6.noarch ovirt-iso-uploader-3.4.0-1.el6.noarch ovirt-engine-userportal-3.4.0-1.el6.noarch ovirt-log-collector-3.4.1-1.el6.noarch ovirt-engine-websocket-proxy-3.4.0-1.el6.noarch ovirt-engine-setup-plugin-ovirt-engine-common-3.4.0-1.el6.noarch ovirt-engine-dbscripts-3.4.0-1.el6.noarch [root@engine01 ovirt-engine]# cat /etc/redhat-release CentOS release 6.5 (Final)
[root@node02 ~]# openssl x509 -in /etc/pki/vdsm/certs/vdsmcert.pem -enddate -noout ; date notAfter=May 27 08:36:17 2019 GMT Thu Sep 21 15:18:22 SAST 2017 CentOS release 6.5 (Final) [root@node02 ~]# rpm -qa | grep vdsm vdsm-4.14.6-0.el6.x86_64 vdsm-python-4.14.6-0.el6.x86_64 vdsm-cli-4.14.6-0.el6.noarch vdsm-xmlrpc-4.14.6-0.el6.noarch vdsm-python-zombiereaper-4.14.6-0.el6.noarch
[root@node01 ~]# openssl x509 -in /etc/pki/vdsm/certs/vdsmcert.pem -enddate -noout ; date notAfter=Jun 13 16:09:41 2018 GMT Thu Sep 21 15:18:52 SAST 2017 CentOS release 6.5 (Final) [root@node01 ~]# rpm -qa | grep -i vdsm vdsm-4.14.6-0.el6.x86_64 vdsm-xmlrpc-4.14.6-0.el6.noarch vdsm-cli-4.14.6-0.el6.noarch vdsm-python-zombiereaper-4.14.6-0.el6.noarch vdsm-python-4.14.6-0.el6.x86_64
Please could I have some assistance, I'm rater desperate.
Thank you.
Regards.
Neil Wilson
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users