Engine Certificate renewal caused "Error while executing action InstallVds: Internal Engine Error"
OK, while I was debugging the other problem, the engine complained about the internal engine cert expiring in three months. As I had to completely shutdown the entire data center (all hosts including the engine itself) at once, I figured I'd go ahead and renew the engine cert so I wouldn't have to do it later. First problem: engine-setup won't renew the engine certificate (engine.cer / engine.p12) at three months out despite the scary warnings in the notifications tab in the Admin WebUI. It can be forced to by renaming the files however. Second problem: After having renewed the engine certificate, the engine can no longer update a host certificate nor (re-)install a host. Giving me the following error in the Admin WebUI: "Error while executing action InstallVds: Internal Engine Error" I've attached the logs from the engine. -Patrick Hibbs
Patrick Hibbs <hibbsncc1701@gmail.com> writes:
Second problem: After having renewed the engine certificate, the engine can no longer update a host certificate nor (re-)install a host. Giving me the following error in the Admin WebUI: "Error while executing action InstallVds: Internal Engine Error"
I've attached the logs from the engine.
The attached log refers to another log /var/log/ovirt-engine/host-deploy/ovirt-enroll-certs-ansible-20220603115134-virt02.codenet-1a0acee9-f33e-44e3-a863-cd2ee0a4289e.log where the actual error should be visible. Also, what's your Engine version? Regards, Milan
My engine version at the time was ovirt-engine-4.5.0.8-1.el8.noarch. Unfortunately I had to reinstall the engine over the weekend, so I'm afraid the log is no longer available. That being said, given that the engine only started doing that after I force renewed the internal engine certificate via engine-setup (by renaming /etc/pki/ovirt-engine/keys/engine.p12), I would assume that engine-setup didn't update something correctly. Perhaps the error can be traced to engine-setup's need for a specific time frame to renew the cert? Another user opened a bug for engine-setup not renewing the internal engine cert despite the WebUI's complaints: https://bugzilla.redhat.com/show_bug.cgi?id=2093954 -Patrick Hibbs On Mon, 2022-06-06 at 12:02 +0200, Milan Zamazal wrote:
Patrick Hibbs <hibbsncc1701@gmail.com> writes:
Second problem: After having renewed the engine certificate, the engine can no longer update a host certificate nor (re-)install a host. Giving me the following error in the Admin WebUI: "Error while executing action InstallVds: Internal Engine Error"
I've attached the logs from the engine.
The attached log refers to another log /var/log/ovirt-engine/host-deploy/ovirt-enroll-certs-ansible- 20220603115134-virt02.codenet-1a0acee9-f33e-44e3-a863- cd2ee0a4289e.log where the actual error should be visible.
Also, what's your Engine version?
Regards, Milan
participants (2)
-
Milan Zamazal -
Patrick Hibbs