10:13 p.m.
Hi !
Today my hosts (engine + all nodes) certificates expired and I re-run
engine-setup to renew certificates.
Then I did for each node host:
Edit host -> Advanced parameters -> Fetch SSH public key (PEM)
in order to update certificates on nodes, everything was finished just fine.
Unfortunately, one of the most crucial nodes (node14) still shows this
error:
VDSM node14 command Get Host Capabilities failed: PKIX path validation
failed: java.security.cert.CertPathValidatorException: validity check failed
Restarted vdsms and vdsm-network, still same, node is marked as
non-responsive, and all VM with "?" sign (unknown status).
However, node14 pings without any problem, its storage domain shown in
green (OK), and all VMs are running fine.
Service vdsm-network status is OK, vdsmd is NOT:
Aug 08 22:07:27 node14.***.lv vdsm[1264164]: ERROR ssl handshake: socket
error, address: ::ffff:192.168.0.4
This node is running our accounting and stock control system, its
storage domain holds VM disk of that software. If its nonoperational
after restart, its a BIG trouble, I will not be able to migrate VM disk
anywhere. Restoring accounting DB from daily backup is a lengthy process
for 2 - 3 hours.
Please advice what to do next.
Thanks in advance.
3:43 a.m.
New subject: 回复: Certificates Expiration Problem - Urgent Help Needed
Solution:
https://access.redhat.com/solutions/3532921
-----邮件原件-----
发件人: Andrei Verovski <andreil1(a)starlett.lv>
发送时间: 2022年8月9日 3:14
收件人: users(a)ovirt.org
主题: [ovirt-users] Certificates Expiration Problem - Urgent Help Needed
Hi !
Today my hosts (engine + all nodes) certificates expired and I re-run engine-setup to
renew certificates.
Then I did for each node host:
Edit host -> Advanced parameters -> Fetch SSH public key (PEM) in order to update
certificates on nodes, everything was finished just fine.
Unfortunately, one of the most crucial nodes (node14) still shows this
error:
VDSM node14 command Get Host Capabilities failed: PKIX path validation
failed: java.security.cert.CertPathValidatorException: validity check failed
Restarted vdsms and vdsm-network, still same, node is marked as non-responsive, and all VM
with "?" sign (unknown status).
However, node14 pings without any problem, its storage domain shown in green (OK), and all
VMs are running fine.
Service vdsm-network status is OK, vdsmd is NOT:
Aug 08 22:07:27 node14.***.lv vdsm[1264164]: ERROR ssl handshake: socket error, address:
::ffff:192.168.0.4
This node is running our accounting and stock control system, its storage domain holds VM
disk of that software. If its nonoperational after restart, its a BIG trouble, I will not
be able to migrate VM disk anywhere. Restoring accounting DB from daily backup is a
lengthy process for 2 - 3 hours.
Please advice what to do next.
Thanks in advance.
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org Privacy Statement:
https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7ERPAMDT2KO...
10:28 a.m.
New subject: 回复: Certificates Expiration Problem - Urgent Help Needed
Hi,
Looks like this is a suitable article.
https://microdevsys.com/wp/get-host-capabilities-failed-general-sslengine...
<https://microdevsys.com/wp/get-host-capabilities-failed-general-sslengine...
Please note I have problem with
VDSM node14 command Get Host Capabilities failed: PKIX path validation failed:
java.security.cert.CertPathValidatorException: validity check failed
only on 1 node, everything else works just fine.
Is this correct or outdated/obsolete ?
[root@mdskvm-p01 vdsm]# /usr/libexec/vdsm/vdsm-gencerts.sh /etc/pki/vdsm/certs/cacert.pem
/etc/pki/vdsm/keys/vdsmkey.pem /etc/pki/vdsm/certs/vdsmcert.pem
[root@mdskvm-p01 vdsm]#
[root@mdskvm-p01 vdsm]# ls -altri /usr/libexec/vdsm/vdsm-gencerts.sh
/etc/pki/vdsm/certs/cacert.pem /etc/pki/vdsm/keys/vdsmkey.pem
/etc/pki/vdsm/certs/vdsmcert.pem
67445862 -rwxr-xr-x. 1 root root 2362 Jul 9 05:36 /usr/libexec/vdsm/vdsm-gencerts.sh
45255 -rw——-. 1 vdsm kvm 5816 Sep 28 17:48 /etc/pki/vdsm/keys/vdsmkey.pem
203185926 -rw——-. 1 vdsm kvm 1127 Sep 28 17:48 /etc/pki/vdsm/certs/cacert.pem
203185790 -rw——-. 1 vdsm kvm 1241 Sep 28 17:48 /etc/pki/vdsm/certs/vdsmcert.pem
[root@mdskvm-p01 vdsm]#
On 9 Aug 2022, at 03:43, adam_xu(a)adagene.com.cn wrote:
Solution:
https://access.redhat.com/solutions/3532921
-----邮件原件-----
发件人: Andrei Verovski <andreil1(a)starlett.lv>
发送时间: 2022年8月9日 3:14
收件人: users(a)ovirt.org
主题: [ovirt-users] Certificates Expiration Problem - Urgent Help Needed
Hi !
Today my hosts (engine + all nodes) certificates expired and I re-run engine-setup to
renew certificates.
Then I did for each node host:
Edit host -> Advanced parameters -> Fetch SSH public key (PEM) in order to update
certificates on nodes, everything was finished just fine.
Unfortunately, one of the most crucial nodes (node14) still shows this
error:
VDSM node14 command Get Host Capabilities failed: PKIX path validation
failed: java.security.cert.CertPathValidatorException: validity check failed
Restarted vdsms and vdsm-network, still same, node is marked as non-responsive, and all
VM with "?" sign (unknown status).
However, node14 pings without any problem, its storage domain shown in green (OK), and
all VMs are running fine.
Service vdsm-network status is OK, vdsmd is NOT:
Aug 08 22:07:27 node14.***.lv vdsm[1264164]: ERROR ssl handshake: socket error, address:
::ffff:192.168.0.4
This node is running our accounting and stock control system, its storage domain holds VM
disk of that software. If its nonoperational after restart, its a BIG trouble, I will not
be able to migrate VM disk anywhere. Restoring accounting DB from daily backup is a
lengthy process for 2 - 3 hours.
Please advice what to do next.
Thanks in advance.
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org Privacy Statement:
https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7ERPAMDT2KO...
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SLO6UKLSHM4...
11:16 a.m.
New subject: 回复: Certificates Expiration Problem - Urgent Help Needed
/usr/libexec/vdsm/vdsm-gencerts.sh /etc/pki/vdsm/certs/cacert.pem
/etc/pki/vdsm/keys/vdsmkey.pem /etc/pki/vdsm/certs/vdsmcert.pem
Yields nothing. No error messages, and no updated certificates in
/etc/pki/vdsm/certs/
On 9 Aug 2022, at 10:28, Andrei Verovski <andreil1(a)starlett.lv>
wrote:
Hi,
Looks like this is a suitable article.
https://microdevsys.com/wp/get-host-capabilities-failed-general-sslengine...
Please note I have problem with
VDSM node14 command Get Host Capabilities failed: PKIX path validation failed:
java.security.cert.CertPathValidatorException: validity check failed
only on 1 node, everything else works just fine.
Is this correct or outdated/obsolete ?
[root@mdskvm-p01 vdsm]# /usr/libexec/vdsm/vdsm-gencerts.sh /etc/pki/vdsm/certs/cacert.pem
/etc/pki/vdsm/keys/vdsmkey.pem /etc/pki/vdsm/certs/vdsmcert.pem
[root@mdskvm-p01 vdsm]#
[root@mdskvm-p01 vdsm]# ls -altri /usr/libexec/vdsm/vdsm-gencerts.sh
/etc/pki/vdsm/certs/cacert.pem /etc/pki/vdsm/keys/vdsmkey.pem
/etc/pki/vdsm/certs/vdsmcert.pem
67445862 -rwxr-xr-x. 1 root root 2362 Jul 9 05:36 /usr/libexec/vdsm/vdsm-gencerts.sh
45255 -rw——-. 1 vdsm kvm 5816 Sep 28 17:48 /etc/pki/vdsm/keys/vdsmkey.pem
203185926 -rw——-. 1 vdsm kvm 1127 Sep 28 17:48 /etc/pki/vdsm/certs/cacert.pem
203185790 -rw——-. 1 vdsm kvm 1241 Sep 28 17:48 /etc/pki/vdsm/certs/vdsmcert.pem
[root@mdskvm-p01 vdsm]#
> On 9 Aug 2022, at 03:43, adam_xu(a)adagene.com.cn wrote:
>
> Solution:
> https://access.redhat.com/solutions/3532921
>
> -----邮件原件-----
> 发件人: Andrei Verovski <andreil1(a)starlett.lv>
> 发送时间: 2022年8月9日 3:14
> 收件人: users(a)ovirt.org
> 主题: [ovirt-users] Certificates Expiration Problem - Urgent Help Needed
>
> Hi !
>
> Today my hosts (engine + all nodes) certificates expired and I re-run engine-setup to
renew certificates.
>
> Then I did for each node host:
> Edit host -> Advanced parameters -> Fetch SSH public key (PEM) in order to
update certificates on nodes, everything was finished just fine.
>
> Unfortunately, one of the most crucial nodes (node14) still shows this
> error:
>
> VDSM node14 command Get Host Capabilities failed: PKIX path validation
> failed: java.security.cert.CertPathValidatorException: validity check failed
>
> Restarted vdsms and vdsm-network, still same, node is marked as non-responsive, and
all VM with "?" sign (unknown status).
>
> However, node14 pings without any problem, its storage domain shown in green (OK),
and all VMs are running fine.
>
> Service vdsm-network status is OK, vdsmd is NOT:
> Aug 08 22:07:27 node14.***.lv vdsm[1264164]: ERROR ssl handshake: socket error,
address: ::ffff:192.168.0.4
>
> This node is running our accounting and stock control system, its storage domain
holds VM disk of that software. If its nonoperational after restart, its a BIG trouble, I
will not be able to migrate VM disk anywhere. Restoring accounting DB from daily backup is
a lengthy process for 2 - 3 hours.
>
> Please advice what to do next.
>
> Thanks in advance.
> _______________________________________________
> Users mailing list -- users(a)ovirt.org
> To unsubscribe send an email to users-leave(a)ovirt.org Privacy Statement:
https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7ERPAMDT2KO...
> _______________________________________________
> Users mailing list -- users(a)ovirt.org
> To unsubscribe send an email to users-leave(a)ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SLO6UKLSHM4...
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FOC2BYMJVGB...
12:26 p.m.
New subject: Certificates Expiration Problem - Urgent Help Needed
I checked this bash vdsm-gencerts.sh, it does nothing if certificate files present.
Renamed old certificates to .*old, now new certificates present.
After vdsmd and vdsm-network restart:
node log:
Aug 09 12:10:44 node14.xxx vdsm[1399211]: WARN MOM not available. Error: [Errno 111]
Connection refused
Engine log:
2022-08-09 12:17:11,419+03 ERROR
[org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring]
(EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-11) [] Unable to
RefreshCapabilities: VDSNetworkException: VDSGenericException: VDSNetworkException:
Message timeout which can be caused by communication issues
Is this correct procedure or this new node’s certificates had to be imported somewhere
into Engine?
I had to do a bit of hacking to get this node up and migrate accounting VM to another
node.
Thanks.
On 9 Aug 2022, at 11:16, Andrei Verovski <andreil1(a)starlett.lv>
wrote:
/usr/libexec/vdsm/vdsm-gencerts.sh /etc/pki/vdsm/certs/cacert.pem
/etc/pki/vdsm/keys/vdsmkey.pem /etc/pki/vdsm/certs/vdsmcert.pem
Yields nothing. No error messages, and no updated certificates in
/etc/pki/vdsm/certs/
> On 9 Aug 2022, at 10:28, Andrei Verovski <andreil1(a)starlett.lv> wrote:
>
> Hi,
>
> Looks like this is a suitable article.
> https://microdevsys.com/wp/get-host-capabilities-failed-general-sslengine...
>
> Please note I have problem with
> VDSM node14 command Get Host Capabilities failed: PKIX path validation failed:
java.security.cert.CertPathValidatorException: validity check failed
>
> only on 1 node, everything else works just fine.
>
>
> Is this correct or outdated/obsolete ?
>
> [root@mdskvm-p01 vdsm]# /usr/libexec/vdsm/vdsm-gencerts.sh
/etc/pki/vdsm/certs/cacert.pem /etc/pki/vdsm/keys/vdsmkey.pem
/etc/pki/vdsm/certs/vdsmcert.pem
> [root@mdskvm-p01 vdsm]#
> [root@mdskvm-p01 vdsm]# ls -altri /usr/libexec/vdsm/vdsm-gencerts.sh
/etc/pki/vdsm/certs/cacert.pem /etc/pki/vdsm/keys/vdsmkey.pem
/etc/pki/vdsm/certs/vdsmcert.pem
> 67445862 -rwxr-xr-x. 1 root root 2362 Jul 9 05:36
/usr/libexec/vdsm/vdsm-gencerts.sh
> 45255 -rw——-. 1 vdsm kvm 5816 Sep 28 17:48 /etc/pki/vdsm/keys/vdsmkey.pem
> 203185926 -rw——-. 1 vdsm kvm 1127 Sep 28 17:48 /etc/pki/vdsm/certs/cacert.pem
> 203185790 -rw——-. 1 vdsm kvm 1241 Sep 28 17:48 /etc/pki/vdsm/certs/vdsmcert.pem
> [root@mdskvm-p01 vdsm]#
>
>
>
>
>> On 9 Aug 2022, at 03:43, adam_xu(a)adagene.com.cn wrote:
>>
>> Solution:
>> https://access.redhat.com/solutions/3532921
>>
>> -----邮件原件-----
>> 发件人: Andrei Verovski <andreil1(a)starlett.lv>
>> 发送时间: 2022年8月9日 3:14
>> 收件人: users(a)ovirt.org
>> 主题: [ovirt-users] Certificates Expiration Problem - Urgent Help Needed
>>
>> Hi !
>>
>> Today my hosts (engine + all nodes) certificates expired and I re-run
engine-setup to renew certificates.
>>
>> Then I did for each node host:
>> Edit host -> Advanced parameters -> Fetch SSH public key (PEM) in order to
update certificates on nodes, everything was finished just fine.
>>
>> Unfortunately, one of the most crucial nodes (node14) still shows this
>> error:
>>
>> VDSM node14 command Get Host Capabilities failed: PKIX path validation
>> failed: java.security.cert.CertPathValidatorException: validity check failed
>>
>> Restarted vdsms and vdsm-network, still same, node is marked as non-responsive,
and all VM with "?" sign (unknown status).
>>
>> However, node14 pings without any problem, its storage domain shown in green
(OK), and all VMs are running fine.
>>
>> Service vdsm-network status is OK, vdsmd is NOT:
>> Aug 08 22:07:27 node14.***.lv vdsm[1264164]: ERROR ssl handshake: socket error,
address: ::ffff:192.168.0.4
>>
>> This node is running our accounting and stock control system, its storage domain
holds VM disk of that software. If its nonoperational after restart, its a BIG trouble, I
will not be able to migrate VM disk anywhere. Restoring accounting DB from daily backup is
a lengthy process for 2 - 3 hours.
>>
>> Please advice what to do next.
>>
>> Thanks in advance.
>> _______________________________________________
>> Users mailing list -- users(a)ovirt.org
>> To unsubscribe send an email to users-leave(a)ovirt.org Privacy Statement:
https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7ERPAMDT2KO...
>> _______________________________________________
>> Users mailing list -- users(a)ovirt.org
>> To unsubscribe send an email to users-leave(a)ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SLO6UKLSHM4...
>
> _______________________________________________
> Users mailing list -- users(a)ovirt.org
> To unsubscribe send an email to users-leave(a)ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FOC2BYMJVGB...
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/C6WGV63BHPW...
836
days inactive
837
days old
4 comments
2 participants
participants (2)
-
adam_xu@adagene.com.cn -
Andrei Verovski