vm migration failed with certifacate issue
ovirt 4.4.4.7 not able to migrate VMs between hosts with following vdsm error: operation failed: Failed to connect to remote libvirt URI qemu+tls://kvm4.imp.loc/system: authentication failed: Failed to verify peer's certificate hosts certificates was renewed recently but hosts hasn't been reloaded how to fix this issue
parallax <dd432690@gmail.com> writes:
ovirt 4.4.4.7
not able to migrate VMs between hosts with following vdsm error:
operation failed: Failed to connect to remote libvirt URI qemu+tls://kvm4.imp.loc/system: authentication failed: Failed to verify peer's certificate
You should be able to see a more exact reason for the certificate verification failure in libvirtd logs on the source host (perhaps after adjusting logging settings in /etc/libvirt/libvirtd.conf + restarting libvirtd). Anyway, you should check the certificates in /etc/pki/vdsm/certs on both the source and destination hosts: - cacert.pem should be the Engine CA certificate. - vdsmcert.pem should be a certificate signed by the CA certificate, with the right host name and not expired. If you are using encrypted migrations then you should additionally check the certificates in /etc/pki/vdsm/libvirt-migrate. cacert.pem should be the CA certificate, server-cert.pem a valid certificate signed by the CA certificate and there should be links client-cert.pem and client-key.pem to server-cert.pem and server-key.pem respectively.
hosts certificates was renewed recently but hosts hasn't been reloaded how to fix this issue
Regards, Milan
solved reloaded libvirtd on servers involved in certificate renewal thanks чт, 8 сент. 2022 г. в 17:57, Milan Zamazal <mzamazal@redhat.com>:
parallax <dd432690@gmail.com> writes:
ovirt 4.4.4.7
not able to migrate VMs between hosts with following vdsm error:
operation failed: Failed to connect to remote libvirt URI qemu+tls://kvm4.imp.loc/system: authentication failed: Failed to verify peer's certificate
You should be able to see a more exact reason for the certificate verification failure in libvirtd logs on the source host (perhaps after adjusting logging settings in /etc/libvirt/libvirtd.conf + restarting libvirtd).
Anyway, you should check the certificates in /etc/pki/vdsm/certs on both the source and destination hosts:
- cacert.pem should be the Engine CA certificate.
- vdsmcert.pem should be a certificate signed by the CA certificate, with the right host name and not expired.
If you are using encrypted migrations then you should additionally check the certificates in /etc/pki/vdsm/libvirt-migrate. cacert.pem should be the CA certificate, server-cert.pem a valid certificate signed by the CA certificate and there should be links client-cert.pem and client-key.pem to server-cert.pem and server-key.pem respectively.
hosts certificates was renewed recently but hosts hasn't been reloaded how to fix this issue
Regards, Milan
participants (2)
-
Milan Zamazal -
parallax