11:22 a.m.
ovirt 4.4.4.7
not able to migrate VMs between hosts with following vdsm error:
operation failed: Failed to connect to remote libvirt URI
qemu+tls://kvm4.imp.loc/system: authentication failed: Failed to verify
peer's certificate
hosts certificates was renewed recently but hosts hasn't been reloaded
how to fix this issue
4:57 p.m.
parallax <dd432690(a)gmail.com> writes:
ovirt 4.4.4.7
not able to migrate VMs between hosts with following vdsm error:
operation failed: Failed to connect to remote libvirt URI
qemu+tls://kvm4.imp.loc/system: authentication failed: Failed to verify
peer's certificate
You should be able to see a more exact reason for the certificate
verification failure in libvirtd logs on the source host (perhaps after
adjusting logging settings in /etc/libvirt/libvirtd.conf + restarting
libvirtd).
Anyway, you should check the certificates in /etc/pki/vdsm/certs on both
the source and destination hosts:
- cacert.pem should be the Engine CA certificate.
- vdsmcert.pem should be a certificate signed by the CA certificate,
with the right host name and not expired.
If you are using encrypted migrations then you should additionally check
the certificates in /etc/pki/vdsm/libvirt-migrate. cacert.pem should be
the CA certificate, server-cert.pem a valid certificate signed by the CA
certificate and there should be links client-cert.pem and client-key.pem
to server-cert.pem and server-key.pem respectively.
hosts certificates was renewed recently but hosts hasn't been
reloaded
how to fix this issue
Regards,
Milan
9:43 a.m.
solved
reloaded libvirtd on servers involved in certificate renewal
thanks
чт, 8 сент. 2022 г. в 17:57, Milan Zamazal <mzamazal(a)redhat.com>:
parallax <dd432690(a)gmail.com> writes:
> ovirt 4.4.4.7
>
> not able to migrate VMs between hosts with following vdsm error:
>
> operation failed: Failed to connect to remote libvirt URI
> qemu+tls://kvm4.imp.loc/system: authentication failed: Failed to verify
> peer's certificate
You should be able to see a more exact reason for the certificate
verification failure in libvirtd logs on the source host (perhaps after
adjusting logging settings in /etc/libvirt/libvirtd.conf + restarting
libvirtd).
Anyway, you should check the certificates in /etc/pki/vdsm/certs on both
the source and destination hosts:
- cacert.pem should be the Engine CA certificate.
- vdsmcert.pem should be a certificate signed by the CA certificate,
with the right host name and not expired.
If you are using encrypted migrations then you should additionally check
the certificates in /etc/pki/vdsm/libvirt-migrate. cacert.pem should be
the CA certificate, server-cert.pem a valid certificate signed by the CA
certificate and there should be links client-cert.pem and client-key.pem
to server-cert.pem and server-key.pem respectively.
> hosts certificates was renewed recently but hosts hasn't been reloaded
> how to fix this issue
Regards,
Milan
803
days inactive
806
days old
2 comments
2 participants
participants (2)
-
Milan Zamazal -
parallax