Running oVirt 4.4.5 VM cannot migrate between hosts. vdsm.log contains the following error: libvirt.libvirtError: operation failed: Failed to connect to remote libvirt URI qemu+tls://ovhost01.local/system: authentication failed: Failed to verify peer's certificate Certificates on hosts was renewed some time ago. How this issue can be fixed ? Thank you.
Moreover - host now stuck in PreparingForMaintenance status because VM migration does not working. Any solutions ?
"KSNull Zero" <ksnull01@gmail.com> writes:
Running oVirt 4.4.5 VM cannot migrate between hosts.
vdsm.log contains the following error: libvirt.libvirtError: operation failed: Failed to connect to remote libvirt URI qemu+tls://ovhost01.local/system: authentication failed: Failed to verify peer's certificate
Certificates on hosts was renewed some time ago. How this issue can be fixed ?
I think it's https://bugzilla.redhat.com/show_bug.cgi?id=1948376, which was fixed in 4.4.6.5. IIRC you need to create links in /etc/pki/vdsm/libvirt-migrate on the source host from server-*.pem to client-*.pem and make sure migrate_tls_x509_verify = 1 is set (it is by default) in /etc/libvirt/qemu.conf. Restarting libvirtd may be needed afterwards. Regards, Milan
Is it safe to restart libvirtd on hosts with workloads without entering Maintenance mode ?
"KSNull Zero" <ksnull01@gmail.com> writes:
Is it safe to restart libvirtd on hosts with workloads without entering Maintenance mode ?
Generally no, often yes. Restarting libvirtd shouldn't cause harm to the VMs themselves but it can disrupt running jobs managed by libvirt or confuse oVirt if some actions are being performed at the given moment. It's best to do it when there are no migrations (host migrations don't work for you currently anyway) or other jobs (e.g. snapshots) or actions (e.g. VM startup or shutdown) running on the host. Even if they are, it doesn't necessarily mean something breaks but it's best-effort/no-guarantees workflow instead of the normal workflow. I think just adding the certificate links doesn't require libvirtd restart. And reload may be enough after changing libvirt configuration files.
Hello, Does this new setings with "migrate_tls_x509_verify = 1" in "etc/libvirt/qemu.conf" fix the issue ? I have the same error on my ovirt 4.4.10 cluster but this solution doesn't work. Regads, Julien
Hi, To resolve the issue of VM migration failure in oVirt 4.4.5 due to certificate authentication errors, you should re-establish trust between the hosts. This can be done by redistributing the newly renewed certificates to all hosts and ensuring they recognize each other as trusted peers. Additionally, verify the configuration files for any discrepancies in certificate paths or settings, and restart the necessary services to apply the changes. Thanks
participants (4)
-
jul debe -
KSNull Zero -
Maria Jonas -
Milan Zamazal