7:36 p.m.
Hi,
im running an oVirt 4.2.8 cluster with two nodes. A few days ago, my SSL certificates
expired. After that, i changed all the certificates on the engine via
"engine-upgrade" command and issued new vdsm client certificates. Then i copied
the new certificates to my ovirt nodes and restarted vdsmd (systemctl restart vdsmd).
Now i'm still not able to connect to my ovirt nodes. In the engine log i can see the
following error:
###
2022-09-01 18:25:51,822+02 INFO [org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient]
(SSL Stomp Reactor) [] Connecting to /192.168.xx.xx
2022-09-01 18:25:51,827+02 ERROR [org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL
Stomp Reactor) [] Unable to process messages The server selected protocol version TLS10 is
not accepted by client preferences [TLS12]
2022-09-01 18:25:51,829+02 ERROR
[org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring]
(EE-ManagedThreadFactory-engineScheduled-Thread-88) [] Unable to RefreshCapabilities:
VDSNetworkException: VDSGenericException: VDSNetworkException: The server selected
protocol version TLS10 is not accepted by client preferences [TLS12]
###
I searched my vdsm client config but i cannot see any specific TLS version set (every
option with TLS is commented - seems to be the default):
###
$grep -R -i TLS /etc/vdsm/
/etc/vdsm/vdsm.conf:# ssl_protocol = tlsv1
/etc/vdsm/vdsm.conf:# https://docs.python.org/2/library/ssl.html. e.g. OP_NO_TLSv1,
/etc/vdsm/vdsm.conf:# OP_NO_TLSv1_1 By default tlv1, tlsv1.1 and tlsv1.2 are enabled.
###
On the engine i didn't find any setting to set a specific TLS version - there seems to
have been a setting (VdsmSSLProtocol) but that got deprecated years ago.
Does anybody know why my engine is still not able to connect to the client vdsmd?
I also tried to set "ssl_protocol = tlsv1" via vdsm.conf but that didn't
work ...
Thanks
Regards,
Kilian
PS:
Name : vdsm
Architektur : x86_64
Version : 4.19.37
Ausgabe : 1.el7.centos
Name : ovirt-engine
Architektur : noarch
Version : 4.2.8.2
Ausgabe : 1.el7
6:47 p.m.
New subject: VDSNetworkException: protocol version not accepted by client
I would re-enroll the hosts from the web UI to verify that some cert was not missed.
Best Regards,Strahil Nikolov
On Thu, Sep 1, 2022 at 19:42, Kilian Ries<mail(a)kilian-ries.de> wrote:
<!--#yiv6336353077 P {margin-top:0;margin-bottom:0;}-->
Hi,
im running an oVirt 4.2.8 cluster with two nodes. A few days ago, my SSL certificates
expired. After that, i changed all the certificates on the engine via
"engine-upgrade" command and issued new vdsm client certificates. Then i copied
the new certificates to my ovirt nodes and restarted vdsmd (systemctl restart vdsmd).
Now i'm still not able to connect to my ovirt nodes. In the engine log i can see the
following error:
###
2022-09-01 18:25:51,822+02 INFO [org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient]
(SSL Stomp Reactor) [] Connecting to /192.168.xx.xx
2022-09-01 18:25:51,827+02 ERROR [org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL
Stomp Reactor) [] Unable to process messages The server selected protocol version TLS10 is
not accepted by client preferences [TLS12]
2022-09-01 18:25:51,829+02 ERROR
[org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring]
(EE-ManagedThreadFactory-engineScheduled-Thread-88) [] Unable to RefreshCapabilities:
VDSNetworkException: VDSGenericException: VDSNetworkException: The server selected
protocol version TLS10 is not accepted by client preferences [TLS12]
###
I searched my vdsm client config but i cannot see any specific TLS version set (every
option with TLS is commented - seems to be the default):
###
$grep -R -i TLS /etc/vdsm/
/etc/vdsm/vdsm.conf:# ssl_protocol = tlsv1
/etc/vdsm/vdsm.conf:# https://docs.python.org/2/library/ssl.html. e.g. OP_NO_TLSv1,
/etc/vdsm/vdsm.conf:# OP_NO_TLSv1_1 By default tlv1, tlsv1.1 and tlsv1.2 are enabled.
###
On the engine i didn't find any setting to set a specific TLS version - there seems to
have been a setting (VdsmSSLProtocol) but that got deprecated years ago.
Does anybody know why my engine is still not able to connect to the client vdsmd?
I also tried to set "ssl_protocol = tlsv1" via vdsm.conf but that didn't
work ...
Thanks
Regards,
Kilian
PS:
Name : vdsm
Architektur : x86_64
Version : 4.19.37
Ausgabe : 1.el7.centos
Name : ovirt-engine
Architektur : noarch
Version : 4.2.8.2
Ausgabe : 1.el7
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QCSD37GWDX5...
2:27 p.m.
New subject: VDSNetworkException: protocol version not accepted by client
Hi,
re-enroll form the UI was not possible because the installation butten was greyd out ... i
ended up re-installing both hosts newly from iso (during that time all VMs were offline
because of local storage). After iso installation i was able to re-install the hosts via
ovirt-engine and then they were back green online in the engine.
Regards,
Kilian
________________________________
Von: Strahil Nikolov <hunter86_bg(a)yahoo.com>
Gesendet: Samstag, 3. September 2022 17:47:31
An: Kilian Ries; users(a)ovirt.org
Betreff: Re: [ovirt-users] VDSNetworkException: protocol version not accepted by client
I would re-enroll the hosts from the web UI to verify that some cert was not missed.
Best Regards,
Strahil Nikolov
On Thu, Sep 1, 2022 at 19:42, Kilian Ries
<mail(a)kilian-ries.de> wrote:
Hi,
im running an oVirt 4.2.8 cluster with two nodes. A few days ago, my SSL certificates
expired. After that, i changed all the certificates on the engine via
"engine-upgrade" command and issued new vdsm client certificates. Then i copied
the new certificates to my ovirt nodes and restarted vdsmd (systemctl restart vdsmd).
Now i'm still not able to connect to my ovirt nodes. In the engine log i can see the
following error:
###
2022-09-01 18:25:51,822+02 INFO [org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient]
(SSL Stomp Reactor) [] Connecting to /192.168.xx.xx
2022-09-01 18:25:51,827+02 ERROR [org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL
Stomp Reactor) [] Unable to process messages The server selected protocol version TLS10 is
not accepted by client preferences [TLS12]
2022-09-01 18:25:51,829+02 ERROR
[org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring]
(EE-ManagedThreadFactory-engineScheduled-Thread-88) [] Unable to RefreshCapabilities:
VDSNetworkException: VDSGenericException: VDSNetworkException: The server selected
protocol version TLS10 is not accepted by client preferences [TLS12]
###
I searched my vdsm client config but i cannot see any specific TLS version set (every
option with TLS is commented - seems to be the default):
###
$grep -R -i TLS /etc/vdsm/
/etc/vdsm/vdsm.conf:# ssl_protocol = tlsv1
/etc/vdsm/vdsm.conf:# https://docs.python.org/2/library/ssl.html. e.g. OP_NO_TLSv1,
/etc/vdsm/vdsm.conf:# OP_NO_TLSv1_1 By default tlv1, tlsv1.1 and tlsv1.2 are enabled.
###
On the engine i didn't find any setting to set a specific TLS version - there seems to
have been a setting (VdsmSSLProtocol) but that got deprecated years ago.
Does anybody know why my engine is still not able to connect to the client vdsmd?
I also tried to set "ssl_protocol = tlsv1" via vdsm.conf but that didn't
work ...
Thanks
Regards,
Kilian
PS:
Name : vdsm
Architektur : x86_64
Version : 4.19.37
Ausgabe : 1.el7.centos
Name : ovirt-engine
Architektur : noarch
Version : 4.2.8.2
Ausgabe : 1.el7
_______________________________________________
Users mailing list -- users@ovirt.org<mailto:users@ovirt.org>
To unsubscribe send an email to users-leave@ovirt.org<mailto:users-leave@ovirt.org>
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QCSD37GWDX5...
807
days inactive
813
days old
2 comments
2 participants
participants (2)
-
Kilian Ries -
Strahil Nikolov