Il giorno mar 16 nov 2021 alle ore 11:34 Roberto Nunin <robnunin(a)gmail.com>
ha scritto:
Hi all
We have an (old) installation with two DC in two different locations.
Hosts where hosted engine is running are regularly reported UP (DC 1)
Host into the other DC (connected by WAN lines) are reported as Unassigned
(DC 2)
Connection between DC is working.
In events we can find lot of errors like:
VDSM
itmilu0xx-mng.example.com command Get Host Capabilities failed: PKIX
path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
We are NOT using a thirdy party SSL certificate.
In engine.log these are recurring errors:
2021-11-16 10:28:49,370+01 ERROR
[org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) []
Unable to process messages PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
2021-11-16 10:28:49,372+01 ERROR
[org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring]
(EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-100)
[] Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException:
VDSNetworkException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
Thanks in advance for any suggestion
Update on the case .
It was solved. Between two DC an SSL inspection was activated, creating
problems in communication between manager and HOSTS and VDSMD.
Solution was to stop the SSL inspection.
Further analysis will be done to permit again the inspection, due to
security requirements.
Thanks for reading,
Roberto