expired host certificate
I'm running oVirt 4.4. The "libvirtd" service won't start and it appears to be because of an expired certificate. How do I create and install a new certificate on the host. Your help is much appreciated. -- Diggy ---
On 2. 11. 2022, at 22:13, Diggy Mc <d03@bornfree.org> wrote:
I'm running oVirt 4.4. The "libvirtd" service won't start and it appears to be because of an expired certificate.
How do I create and install a new certificate on the host. Your help is much appreciated.
run Enroll Certificate for the host, if it is in Maintenance state. There's been quite a few fixes around certificate expiration/renewal in 4.5, you really should upgrade.... Thanks, michal
-- Diggy
--- _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/YH72ACVXJJSIMJ...
How do I run Enroll Certificate ??? It doesn't appear to be a command line command. As for upgrading to 4.5, I can't upgrade because the hosted engine is running CentOS Linux, not CentOS Stream.
Furthermore, I cannot put the host into local maintenance. The command: "hosted-engine --set-maintenance --mode=local" yields the error: RuntimeError: Couldn't connect to VDSM within 60 seconds "hosted-engine --vm-status" returns the error: The hosted engine configuration has not been retrieved from shared storage yet, please ensure that ovirt-ha-agent service is running. "systemctl list-units --failed" reports the following fails: libvirtd.service libvirtd-admin.socket libvirtd-ro.socket libvirtd-tls.socket libvirtd.socket And although not listed above as failed, "systemctl status ovirt-ha-agent.service" says it exited with status=157.
Nevermind. I found "Enroll Certificate" I had looked under "Management", but not "Installation". **sigh** Sorry for wasting your time. :/ The host is back up and running.
On 4. 11. 2022, at 23:13, Diggy Mc <d03@bornfree.org> wrote:
Nevermind. I found "Enroll Certificate" I had looked under "Management", but not "Installation". **sigh** Sorry for wasting your time. :/
I'm glad that it worked! We adjusted the validity period in 4.5, once you upgrade the whole system you shouldn't get into this situation that often.
The host is back up and running. _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/YZF46LXOSMGPUR...
Hi, I got the same issue yesterday when I was trying to migrate a VM. The migration failed because of the expired certificate. As I cannot migrate and VMs must be running I could not put the hypervisor in maintenance mode and do an "Enroll Certificate". Instead I found a manual way to renew the certificates and has now created an ansible role/playbook for it that will renew certificates and restart service vdsmd and libvirtd. Let me know if you would like to get a copy of the ansible role.
Sure, I least for us that may prove to be useful! Guillaume Pavese Ingénieur Système et Réseau Interactiv-Group On Thu, Nov 17, 2022 at 3:21 AM <jlhm@usa.net> wrote:
Hi, I got the same issue yesterday when I was trying to migrate a VM. The migration failed because of the expired certificate. As I cannot migrate and VMs must be running I could not put the hypervisor in maintenance mode and do an "Enroll Certificate". Instead I found a manual way to renew the certificates and has now created an ansible role/playbook for it that will renew certificates and restart service vdsmd and libvirtd. Let me know if you would like to get a copy of the ansible role. _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/XBL2OCDIIYEROD...
-- Ce message et toutes les pièces jointes (ci-après le “message”) sont établis à l’intention exclusive de ses destinataires et sont confidentiels. Si vous recevez ce message par erreur, merci de le détruire et d’en avertir immédiatement l’expéditeur. Toute utilisation de ce message non conforme a sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. L’internet ne permettant pas d’assurer l’intégrité de ce message . Interactiv-group (et ses filiales) décline(nt) toute responsabilité au titre de ce message, dans l’hypothèse ou il aurait été modifié. IT, ES, UK. <https://interactiv-group.com/disclaimer.html>
Hi, Yes, please share this ansible role, I had this problem in the past and it was nightmare. Thanks in advance.
On 16 Nov 2022, at 20:21, jlhm@usa.net wrote:
Hi, I got the same issue yesterday when I was trying to migrate a VM. The migration failed because of the expired certificate. As I cannot migrate and VMs must be running I could not put the hypervisor in maintenance mode and do an "Enroll Certificate". Instead I found a manual way to renew the certificates and has now created an ansible role/playbook for it that will renew certificates and restart service vdsmd and libvirtd. Let me know if you would like to get a copy of the ansible role. _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/XBL2OCDIIYEROD...
participants (5)
-
Andrei Verovski -
Diggy Mc -
Guillaume Pavese -
jlhm@usa.net -
Michal Skrivanek